In a recent SC Media webcast, host Adrian Sanabria spoke with HD Moore, CEO and Founder at runZero, and his Vice President of Security Research, Tod Beardsley, about emerging practices and technologies reshaping vulnerability management, including continuous exposure assessment, smarter aggregation, and attacker-informed prioritization. This article captures the key takeaways.
Intel's Software Guard Extensions and Trust Domain Extensions, as well as AMD's Secure Encrypted Virtualization with Secure Nested Paging, which are DDR5 CPUs' trusted execution environments, could expose secrets through the new TEE.Fail side-channel attack, reports The Hacker News.
Malicious actors have escalated intrusions exploiting the critical untrusted data flaw in Windows Server Update Service, tracked as CVE-2025-59287, following the release of a proof-of-concept flaw last week, Cybersecurity Dive reports.
BleepingComputer reports that QNAP has urged users to patch a critical ASP.NET Core vulnerability tracked as CVE-2025-55315, which also affects its NetBak PC Agent software for Windows.
