CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

CVSS vulnerability triage missed a chained Palo Alto attack that hit 13,000 devices. Five failure classes and the fixes ...
CSOonline

Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken?

The soon-to-be-released scoring system update has promise, but challenges remain for it to deliver exactly what CISOs need to get ahead of the latest vulnerabilities. Anyone in cybersecurity who has ...
Dark Reading

Patch Madness: Vendor Bug Advisories Are Broken, So Broken

BLACK HAT USA – Las Vegas – Keeping up with security-vulnerability patching is challenging at best, but prioritizing which bugs to focus on has become more difficult than ever before, thanks to ...
Infosecurity-magazine.com

Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited

IT admins have been urged to patch any on-premises ScreenConnect servers immediately, after reports that a recently published maximum severity vulnerability is being exploited in the wild.
Hosted on MSN

Microsoft kills 9.9-rated ASP.NET Core bug – 'our highest ever' score

Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component ...