The Trump Administration is ending funding for MITRE's crucial CVE database program, a move that promises to hobble cybersecurity efforts around the world. However, CVE Board members introduce a new nonprofit organizations free of government funding and oversight.
The post CISA at the Last Minute Extends Funding for Crucial MITRE CVE Program appeared first on Security Boulevard.
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.
BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security updates across 32 Oracle product families. Out of the 378 security updates published this quarter, 10.6% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 54.5%, followed by high severity patches at 32.3%.
This quarter’s update includes 40 critical patches across 15 CVEs.
Severity Issues Patched CVEs Critical 40 15 High 122 52 Medium 206 98 Low 10 6 Total 378 171 AnalysisThis quarter, the Oracle SQL Developer product family contained the highest number of patches at 103, accounting for 27.3% of the total patches, followed by Oracle Hyperion at 43 patches, which accounted for 11.4% of the total patches.
A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.
Oracle Product Family Number of Patches Remote Exploit without Auth Oracle SQL Developer 103 82 Oracle Hyperion 43 2 Oracle Secure Backup 42 35 Oracle Communications 34 22 Oracle E-Business Suite 31 26 Oracle Commerce 16 11 Oracle Enterprise Manager 15 11 Oracle JD Edwards 11 11 Oracle Hospitality Applications 8 5 Oracle Database Server 7 3 Oracle TimesTen In-Memory Database 7 6 Oracle REST Data Services 6 5 Oracle Analytics 6 5 Oracle Essbase 4 2 Oracle Communications Applications 4 4 Oracle Insurance Applications 4 1 Oracle MySQL 4 2 Oracle Policy Automation 4 4 Oracle Construction and Engineering 3 2 Oracle Financial Services Applications 3 2 Oracle Food and Beverage Applications 3 2 Oracle Java SE 3 3 Oracle PeopleSoft 3 2 Oracle Supply Chain 3 0 Oracle NoSQL Database 2 2 Oracle Retail Applications 2 0 Oracle Siebel CRM 2 2 Oracle Application Express 1 1 Oracle Autonomous Health Framework 1 0 Oracle GoldenGate 1 1 Oracle Graph Server and Client 1 0 Oracle Fusion Middleware 1 1 SolutionCustomers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the April 2025 advisory for full details.
Identifying affected systemsA list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.
Get more informationJoin Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
The post Oracle April 2025 Critical Patch Update Addresses 171 CVEs appeared first on Security Boulevard.
Struggling with proprietary identity solutions? This comprehensive guide explores how open source CIAM platforms offer enterprises transparency, flexibility, & cost control while maintaining robust security. Compare leading solutions and discover which best balances security and customer experience.
The post Open Source CIAM: A Practical Guide for the Modern Enterprise appeared first on Security Boulevard.
Palo Alto, California, 16th April 2025, CyberNewsWire
The post SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions appeared first on Security Boulevard.
DataDome conducted a security assessment of the UK's online driving test booking system and identified several vulnerabilities in the system’s protection mechanisms.
The post Alert: Security Gaps Allow Bots to Exploit UK Driving Test Booking System appeared first on Security Boulevard.
Shadow IT is reshaping enterprise risk. Learn which departments lead shadow SaaS adoption, why it’s growing, and how to gain control before security gaps widen.
The post Shadow IT in 2025: 5 Teams Most Likely to Use Shadow IT Apps appeared first on Security Boulevard.
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged.
BackgroundOn April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along with other related programs, such as Common Weakness Enumeration (CWE), would be expiring on April 16. The letter below was sent to CVE Board Members and published on social media and other fora announcing the expiration of these programs:
The legitimacy of this letter and its contents was confirmed by cybersecurity journalist Brian Krebs in a post on Mastodon. Tenable has also independently confirmed the letter’s legitimacy.
CVE program importanceWhile flawed in some ways, the CVE program, which recently celebrated its 25th anniversary, has been an important pillar in cybersecurity for over two decades. It provides a common taxonomy for cybersecurity solutions and organizations to track vulnerabilities and exposures. Since its launch in 1999, the CVE program has published over 250,000 CVEs as of the end of 2024.
Risk to CVE programWith the report that the funding for the CVE program is potentially set to expire on April 16, the biggest concern stems from the fact that CVE Numbering Authorities, or CNAs, will no longer be able to reserve and assign CVEs for newly discovered vulnerabilities. While CNAs typically try to reserve a block of CVEs, the lack of transparency surrounding the future of the CVE program creates uncertainty surrounding newly discovered vulnerabilities. The historical CVE database will remain intact on GitHub following the expiration of the CVE program. However, MITRE’s CVE program also provides a centralized repository of CVEs from which many organizations fetch data and this may disappear. The lack of this centralized repository will create difficulties going forward for tracking new and noteworthy vulnerabilities under a common identifier.
Tenable’s response to the potential expiration of the MITRE CVE programTenable is closely monitoring the situation surrounding the possible expiration of the CVE program funding.
Last year, when we learned about NIST’s National Vulnerability Database (NVD) experiencing delays surrounding analysis efforts, we highlighted that Tenable Vulnerability Management products utilize a diverse range of sources for CVSS scoring and our customers experienced little to no impact.
As a provider of vulnerability scanning technology, we are not dependent on the CVE program directly for our vulnerability coverage. We develop our vulnerability coverage against vendor advisories directly, and will continue to do so, so long as vendors make those advisories available whether they contain CVE identifiers or not. Tenable also provides its customers with a richly sourced and curated Vulnerability Intelligence feed that provides contextualized information for any given vulnerability, regardless of a CVE assignment or not.
Tenable is a CNA, and we allocate CVEs for our vulnerability disclosures through our Tenable Research Advisories page. We also have reserved a large number of CVE designators for disclosures to ensure the cybersecurity community has clear identity for future discovered vulnerabilities.
As new developments surrounding the CVE program emerge, we will update this blog post accordingly.
Get more informationThe post MITRE CVE Program Funding Set To Expire appeared first on Security Boulevard.
ADAMnetworks is excited to announce Wyo Support to the family of Licensed Technology Partners.
“After working with the various systems and technologies, there are few that compare with the protection that ADAMnetworks provides. It reduces the attack surface from the broad side of a barn down to the size of a keyhole. No other technology provides the simple end user interface for such a powerful connection management tool.”
ADAMnetworks is excited to announce our partnership with Wyo Support, a leading Managed Security Service Provider (MSSP), as our newest Licensed Technology Partner (LTP). With a shared commitment to proactive cybersecurity, Wyo Support will be delivering ADAMnetworks’ award-winning Zero Trust connectivity (ZTc) solution to clients across diverse sectors.
This partnership empowers Wyo Support to provide clients with the highest level of security available, safeguarding sensitive data and infrastructures against sophisticated threats like phishing, ransomware, and data exfiltration—even in cases of accidental clicks on phishing links.
Who is Wyo Support?
At Wyo Support, their mission is to empower businesses through exceptional IT expertise, cutting-edge cybersecurity solutions, and a strong commitment to education. As a leading Managed Service Provider (MSP), they specialize in delivering comprehensive managed services that not only safeguard your digital assets but also enhance your team’s understanding of technology and security best practices.
They believe that education is the cornerstone of a secure and efficient digital environment. Their passionate team is dedicated to providing personalized, innovative strategies while sharing valuable knowledge that empowers your staff. By demystifying complex technological concepts, they will help you make informed decisions and foster a culture of continuous learning within your organization.
With Wyo Support, you’re not just partnering with a service provider—you’re collaborating with educators and experts who are invested in your success. Let them guide you through the ever-evolving technological landscape, ensuring that your business is not only protected but also proficient in navigating the digital world.
Primary Industries
Wyo Support is dedicated to empowering a diverse range of industries with our specialized IT and cybersecurity solutions. Their primary focus includes small to medium-sized businesses (SMBs), government and public sector agencies, educational institutions, healthcare providers, financial services firms, and enterprise-level corporations.
Wyo Support shared how they serve each of these industries:
For Small to Medium-Sized Businesses (SMBs), we understand the need for flexible and scalable IT services that enable growth and competitive advantage. We offer customized strategies to streamline operations, reduce costs, and enhance productivity. Protecting your business from cyber threats is a top priority, and we provide robust security measures to safeguard your digital assets and customer data.
In serving Government and Public Sector Agencies, we navigate the complex landscape of regulations to ensure full compliance with necessary standards and protocols. We bolster these agencies with secure, reliable IT infrastructures that support critical operations and public services, enhancing their ability to serve the community effectively.
Our work with Educational Institutions involves partnering with schools to implement innovative IT solutions that enrich the educational experience for students and faculty alike. We prioritize safeguarding student information and institutional data, providing cybersecurity services that ensure a protected and conducive learning environment.
For Healthcare Providers, where patient data security is paramount, we help organizations secure sensitive information and comply with healthcare regulations like HIPAA. We optimize IT systems to improve patient care delivery and operational efficiency, enabling healthcare professionals to focus on what they do best.
In the Financial Services sector, we recognize the critical importance of data security, regulatory compliance, and system reliability. We assist banks, investment firms, insurance companies, and other financial institutions in implementing robust cybersecurity measures to protect sensitive financial data and transactions. Our expertise ensures adherence to industry regulations like PCI DSS and GDPR, or assisting with WISP preparation, our advanced IT solutions enhance operational efficiency and client trust.
With Enterprise-Level Corporations, we offer comprehensive IT management that adapts to the complexities of large-scale operations. Our team introduces cutting-edge technologies to drive innovation and maintain a competitive edge in the market, providing scalable IT strategies that meet the demands of big business.
Wyo Support’s Commitment to Education Across Industries
What truly sets Wyo Support apart is their unwavering commitment to education across all the industries they serve. They don’t just provide services; they empower your team with the knowledge and skills needed to leverage technology effectively. By demystifying complex technological concepts, they will help you make informed decisions and foster a culture of continuous learning within your organization.
They offer customized training sessions and workshops to educate your staff on the latest IT trends, cybersecurity best practices, and efficient use of technology tools. Their experts regularly share insights, tips, and updates to keep you informed about emerging technologies and potential risks. By working closely with your team, Wyo Support ensures your team understands the solutions implemented, fostering an environment where continuous improvement thrives.
Integrating education into their services helps you build a knowledgeable workforce that can confidently navigate the ever-evolving digital landscape. With Wyo Support as your partner, you’re not only investing in top-tier IT and cybersecurity solutions but also in the growth and development of your organization’s most valuable asset—its people.
Locations Wyo Support is proud to serve:
At Wyo Support, we believe that geography should never be a barrier to accessing top-tier IT and cybersecurity solutions. Our nationwide presence underscores our dedication to empowering businesses everywhere with the tools, knowledge, and support they need to thrive in today’s digital world. By bridging distances and connecting communities, we inspire confidence and drive success for our clients, no matter where they are located.
Wyo Support is proud to call Cheyenne home, strategically positioned to offer IT and cybersecurity solutions within a 200-mile radius of our base. This primary service area allows us to provide personalized, on-site support to businesses in our local region, fostering strong relationships and a deep understanding of the community’s unique needs.
But our reach doesn’t stop there. Leveraging advanced remote technologies and a dedicated team of experts, we have expanded our services nationwide. From the vibrant business hubs of Florida to the innovative tech landscapes of California, and from the plains of North Dakota down to the dynamic markets of Texas, Wyo Support has made a significant impact across the country. Our ability to effectively serve clients coast-to-coast is a testament to the quality, reliability, and adaptability of our services.
Whether you’re a local enterprise seeking hands-on assistance or a national corporation in need of expert guidance, Wyo Support is equipped to meet your needs. We blend the accessibility and commitment of a local provider with the expertise and resources of a nationwide firm.
Key Accomplishments
Wyo Support is entering their fifth year of business and has rapidly expanded, now managing thousands of endpoints nationwide. Their team boasts over 75 years of collective, hands-on IT experience across a diverse range of sectors—including education, critical infrastructure, medical, legal, and hospitality.
This wealth of expertise empowers them to understand deeply what it takes to comply with industry-specific regulations. They have a proven track record of assisting clients in navigating the ever-changing landscape of laws and compliance requirements. Their commitment goes beyond merely meeting standards; they strive to exceed them, ensuring that your organization is not only compliant but also secure and efficient.
How to get in touch with Wyo Support:
Call, write, or fill in the webform at WyoSupport.com
307-SUPPORT (787-7678) or 307-421-5705
Email: TheTeam@wyosupport.com
Facebook: Wyo Support LLC | Cheyenne WY
Linkedin: Wyo Support | LinkedIn
Instagram: instagram.com/wyosupport
YouTube: youtube.com/@wyosupport8077
1 post - 1 participant
The post Introducing Wyo Support – ADAMnetworks LTP appeared first on Security Boulevard.
Why is Cloud Data Security vital for Modern Businesses? Cloud data security has grown to be an inherent part of businesses across various industries today, ranging from financial services and healthcare to travel and DevOps. But, amidst this shift to digital transformation, have you ever considered how secure your data is in the cloud? Let’s […]
The post How to Feel Reassured with Cloud Data Security appeared first on Entro.
The post How to Feel Reassured with Cloud Data Security appeared first on Security Boulevard.
Are Your Non-Human Identities Secure? Where interactions between software, applications, and API components are crucial for seamless processes, Non-Human Identifies (NHIs) and their security cannot be overlooked. NHIs are machine identities that perform sessions, transactions, and process automation. But, are they well-protected against potential security threats? Understanding the Criticality of NHI Security Expanding digital, coupled […]
The post How Safe Are Your Non-Human Identities? appeared first on Entro.
The post How Safe Are Your Non-Human Identities? appeared first on Security Boulevard.
Author/Presenter: Fabricio Bortoluzzi
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.
The post BSidesLV24 – Breaking Ground – Insights On Using A Cloud Telescope To Observe Internet-Wide Botnet Propagation Activity appeared first on Security Boulevard.
The post The Hidden Risks in AI Training Data—And How to Eliminate Them appeared first on Votiro.
The post The Hidden Risks in AI Training Data—And How to Eliminate Them appeared first on Security Boulevard.
The recent ransomware breach tied to ICICI Bank—claimed by the LockBit group—has raised fresh concerns about the fragility of digital ecosystems and third-party risk. While official confirmations remain limited, leaked files and dark web chatter suggest that attackers accessed systems through a vendor relationship and exfiltrated over 3 TB of sensitive data, including customer records
The post ICICI Bank Ransomware Breach: A Stark Reminder of Supply Chain Risk and the Need for Real-Time Cyber Vigilance appeared first on Seceon Inc.
The post ICICI Bank Ransomware Breach: A Stark Reminder of Supply Chain Risk and the Need for Real-Time Cyber Vigilance appeared first on Security Boulevard.
The cryptocurrency sector has always been a magnet for cybercriminals, but the TraderTraitor campaign marks a different kind of threat—one backed by state-sponsored actors with long-term goals and surgical precision. Allegedly linked to North Korea’s Lazarus Group, this campaign wasn’t just about breaking into wallets. It was about exploiting trust, manipulating human behavior, and moving
The post The TraderTraitor Crypto Heist: Nation-State Tactics Meet Financial Cybercrime appeared first on Seceon Inc.
The post The TraderTraitor Crypto Heist: Nation-State Tactics Meet Financial Cybercrime appeared first on Security Boulevard.
What began as a trickle of spammy messages has evolved into a sophisticated and dangerous phishing campaign. The Smishing Triad, an active cybercriminal group, is behind a surge of SMS-based phishing attacks (smishing) targeting organizations across sectors—from healthcare to logistics to finance. Their focus? Gaining access to internal portals and enterprise email accounts by exploiting
The post The Smishing Triad Surge: Text-Based Threats Are Getting Smarter, Not Simpler appeared first on Seceon Inc.
The post The Smishing Triad Surge: Text-Based Threats Are Getting Smarter, Not Simpler appeared first on Security Boulevard.
The recent Salt Typhoon breach targeting telecom infrastructure isn’t just another headline—it’s a warning shot to every service provider that uptime and connectivity aren’t enough. This sophisticated campaign, attributed to Chinese state-sponsored actors, illustrates how telecom networks are now being leveraged not just for disruption but for surveillance, espionage, and long-term data access. What makes
The post The Salt Typhoon Telecom Breach: When Network Access Becomes National Exposure appeared first on Seceon Inc.
The post The Salt Typhoon Telecom Breach: When Network Access Becomes National Exposure appeared first on Security Boulevard.
The cybersecurity industry has been conspicuously quiet after President Trump targeted ex-CISA director Chris Krebs and SentinelOne for retribution. However, some voices have risen above the silence to urge support and the need for public pushback.
The post Public Support Emerges for Chris Krebs, SentinelOne After Trump Memo appeared first on Security Boulevard.
We asked an AI agent to analyze the latest shift in U.S. cybersecurity policy, comparing past strategies under Biden to the new 2025 Trump Executive Order. The result? A surprisingly structured analysis that maps out the core philosophical and operational differences, from federal-led resilience to localized risk ownership. But this raises a more provocative question: […]
The post Trump vs. Biden Cyber Strategy — According to AI appeared first on VERITI.
The post Trump vs. Biden Cyber Strategy — According to AI appeared first on Security Boulevard.
Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques The API attack surface is growing—and adversaries know it. Moving to the cloud, DevOps, and application modernization all lead to the proliferation of APIs. Resulting shadow APIs, deprecated endpoints, undocumented integrations, and increasing use of AI provide ideal entry points for attackers. Securing APIs starts […]
The post Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques appeared first on Cequence Security.
The post Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques appeared first on Security Boulevard.
If you’ve followed Part 1 and Part 2 of this series, you already know one of the biggest takeaways from our inbox-level research: Credential phishing is consistently one of the most-missed types of attacks.
The post SEGs and Credential Phishing (Part 3) appeared first on Security Boulevard.
