Common Vulnerabilities and Exposures (CVE) stories

FIRST conference in Scottsdale draws 500-plus as security leaders and AI firms debate vulnerability disclosure, CWE's role and CVE's future.

Splashtop bets on AI-assisted patching and security alerts in a single console as it targets lean IT teams and MSPs with a new endpoint platform.

Forrester warns Anthropic's Project Glasswing could overwhelm vulnerability management, as AI uncovers flaws faster than patching teams can respond.

Intruder expands cloud security platform with registry-level container image scanning for AWS, Google Cloud and Azure users.

2N calls for tougher cyber rules on access control, urging stronger vulnerability reporting, tighter component sourcing and longer support lifecycles.

Qualys says attackers are exploiting flaws before disclosure as remediation backlogs swell, with edge devices facing the highest risk.

Percona teams up with Chainguard to offer supported, hardened container images for MySQL, PostgreSQL and MongoDB databases.

Concern over vendor lock-in is driving a global surge in open source adoption, with European organisations leading the shift to digital autonomy.

Rapid7 warns exploited high and critical software flaws more than doubled in 2025, as attackers compress disclosure-to-attack windows.

FIRST to host three cybersecurity conferences in 2026 as it predicts annual CVE disclosures will surpass 50,000 for the first time.

GitHub joins tech giants in a USD $12.5 million Alpha-Omega push, boosting AI-powered defences for critical open source software.

Microsoft's March Patch Tuesday fixes 77 flaws, including a severe SQL Server bug that could grant attackers sysadmin rights remotely.

Wireless flaws have surged 230-fold since 2010, as Bastille warns AI data centres and critical infrastructure face escalating unseen risks.

Acronis warns AI is turbocharging phishing, email attacks and ransomware in 2025, with MSPs and collaboration tools under rising fire.

Simbian launches an AI Pentest Agent that runs continuous, adaptive penetration tests, promising faster, context-aware vulnerability detection.

Data-only extortion soars 11-fold as attackers 'log in instead of break in', abusing remote access tools for faster, stealthier raids.

Cyber group FIRST warns CVE disclosures could smash records in 2026, topping 50,000 and potentially surging towards six figures.

ENCS and DIVD have agreed a new cyber pact to uncover and disclose vulnerabilities in Europe's high-impact energy and critical systems.

Black Kite launches Product Analysis tool to expose hidden risks in third-party software, from SaaS subdomains to SBOM dependencies.

Codific sees 2026 cybersecurity shaped by shadow AI, passwordless logins, tighter regulation and a sharper focus on software supply chains.