Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks
In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS
Similar Posts
Hearing on the Federal Government and AI
Bys sBruce Schneier writes: On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.” The other speakers mostly talked about how cool AI was—and sometimes about how cool their own company was—but I was asked by the Democrats to specifically…
Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
Bys sA relatively new ransomware group calling themself “Gunra” has shown it has no compunction about attacking hospitals. They have reportedly locked — and have started leaking information from — the American Hospital in Dubai (AHD). In its first listing concerning this attack, Gunra claimed to have exfiltrated the entire Cerner Millenium database (now known as…
DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
Bys sBuzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database “allows full control over database operations, including the ability to access internal data,”…
Europe’s GDPR cops dished out €1.2B in fines last year as data breaches piled up
Bys sCarly Page reports: GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe’s regulators were deluged with more than 400 data breach notifications a day, according to a new survey that suggests the post-plateau era of enforcement has well and truly arrived. The figures come from the latest GDPR Fines and Data Breach……
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
Bys sA privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). “The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai security researcher…
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
Bys sWatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code. “This…