ENISA: Software vulnerability prevention initiatives
The European Network and Information Security Agency, ENISA, has compiled a list of existing initiatives focused on finding and preventing software vulnerabilities.
Similar Posts
Confidence in ransomware recovery is high but actual success rates remain low
Bys sIan Barker reports: A new study from OpenText of nearly 1,800 global IT and security leaders shows a false sense of confidence in ransomware readiness. The report shows that 95 percent of respondents say they’re confident in their ransomware recovery — yet only 15 percent of those attacked have fully recovered their data. In a rapidly changing threat landscape……
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
Bys sA novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct power distributed denial-of-service (DDoS) attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who presented their findings at the DEF CON…
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability
Bys sLibraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors. The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity. “Libraesva ESG is affected by a command injection flaw that can be triggered by…
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
Bys sReact2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based
DOJ investigates ex-ransomware negotiator over extortion kickbacks
Bys sLawrence Abrams reports: An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. The suspect is a former employee of DigitalMint, a Chicago-based incident response and digital asset services company that specializes in ransomware negotiation and facilitating cryptocurrency payments to receive a…
Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries
Bys sThe Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor “is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word,” S2 Grupo’s LAB52 threat intelligence team said….