Geek-Guy.com

Category: vulnerability disclosure

china, CISA, cisco, citrix, Coalition, CVE, Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), edge devices, espionage, exploit, Exploits, firewall, firewalls, Fortinet, Gartner, Global Security News, Google Threat Intelligence Group, ivanti, known exploited vulnerabilities (KEV), Mandiant, National Vulnerability Database, NIST, Palo Alto Networks, Rapid7, Research, routers, Technology, Threats, virtual private network (VPN), VulnCheck, vulnerabilities, vulnerability disclosure, zero days

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any…

Read more →

Austria, Denmark, estonia, France, Germany, Global Security News, Hungary, Ireland, Italy, Japan, kosovo, Luxembourg, Moldova, Netherlands, North America, Pall Mall Process, poland, Policy, privacy, Slovakia, Slovenia, Spyware, Sweden, switzerland, Technology, United Kingdom (U.K.), vulnerability disclosure

Voluntary ‘Pall Mall Process’ seeks to curb spyware abuses

Twenty-one nations signed on to a voluntary accord last week in Paris to govern the use of commercial hacking tools commonly known as spyware, after more than a year of work on the agreement. The Pall Mall Process, or Code of Practices for States, has four pillars for the responsible use of the surveillance tech,…

Read more →

CVE, Cybersecurity, Exploits, Global Security News, Next.js, open source, open source software, Research, vulnerability, vulnerability disclosure

Researchers raise alarm about critical Next.js vulnerability

Researchers warn that attackers could exploit a recently discovered critical vulnerability in the open-source JavaScript framework Next.js to bypass authorization in middleware and gain access to targeted systems. Vercel, the San Francisco-based company that created and maintains Next.js, released a patch for CVE-2025-29927 in Next.js 15.2.3 on March 18 and published a security advisory on…

Read more →

Asia Pacific, federal contractors, Gerry Connolly, Global Security News, Government, HackerOne, Nancy Mace, Policy, vdp, vulnerability disclosure

House passes bill requiring federal contractors to have vulnerability disclosure policies

A bill that would close a loophole in federal cybersecurity standards by requiring government contractors to abide by vulnerability disclosure policies moved one step closer to law Monday after sailing through the House. The passage of the Federal Contractor Cybersecurity Vulnerability Reduction Act in the House came a month after Reps. Nancy Mace, R-S.C., and…

Read more →

Asia Pacific, federal contracting, Global Security News, Government, Nancy Mace, Policy, Shontel Brown, vdp, vulnerability disclosure

Bill requiring federal contractors to have vulnerability disclosure policies gets House redo

Bipartisan legislation to close a loophole in federal cybersecurity standards by requiring vulnerability disclosure policies for government contractors is getting another shot at passage  in this Congress. The Federal Contractor Cybersecurity Vulnerability Reduction Act, a bicameral, bipartisan bill that stalled out last year in the Senate, was reintroduced Friday in the House by Reps. Nancy…

Read more →