Collaborate Disseminate
The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applic… Continue reading Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilit… Continue reading Relying on CVSS alone is risky for vulnerability management
Many popular generative AI projects are an increased security threat and open-source projects that utilize insecure generative AI and LLMs also have poor security posture, resulting in an environment with substantial risk for organizations, according t… Continue reading Popular generative AI projects pose serious security threat
Rezilion released Agentless solution, allowing user connection and access to Rezlion’s full feature functionality across multiple cloud platforms. It enables security teams to monitor exploitable attack surfaces in runtime without using an agent … Continue reading Rezilion releases agentless runtime monitoring solution for vulnerability management
Rezilion released its new Smart Fix feature in the Rezilion platform, which offers critical guidance so users can understand the most strategic, not just the most recent, upgrade to fix vulnerable components. Patching is a complicated and noisy process… Continue reading Rezilion Smart Fix improves software supply chain security
Although KEV catalog vulnerabilities are frequent targets of APT Groups, a large and exploitable attack surface remains due to software vendors’ lack of awareness and action, according to Rezilion. The Known Exploited Vulnerabilities (KEV) catalo… Continue reading Millions still exposed despite available fixes
Rezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools. The research revealed numerous high-severity/critical vulnerabilities hidden … Continue reading Researchers find hidden vulnerabilities in hundreds of Docker containers
Rezilion has updated MI-X, its open-source tool developed by Rezilion’s vulnerability research team. Available as a download from the Github repository, MI-X already has more than 100 stars on GitHub since its debut in August 2022. The CLI tool i… Continue reading Rezilion updates its vulnerability risk determination tool MI-X
Rezilion and Ponemon Institute announced the release of “The State of Vulnerability Management in DevSecOps,” which reveals that organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that… Continue reading Backlogs larger than 100K+ vulnerabilities but too time-consuming to address
Here’s a photo gallery that provides a look inside Black Hat USA 2022. For our complete coverage of the conference, live from Las Vegas, check out our microsite. Fastly, Brinqa SecurityScorecard (ISC)² VMRay Entrust Rezilion Cequence Security Cyb… Continue reading Photos: Black Hat USA 2022, part 2