New Search
If you are not happy with the results below please do another search
119 search results for: threat
TÜV Study on Cyber Security: German Companies Still Under Pressure
Companies operate under a “false sense of security,” warn the BSI and TÜV. This may sound surprising given the persistent threats. However, it is backed up by a recent study on cyber security in companies. Many companies underestimate the situation, overestimate their own capabilities, and fail to take sufficient protective measures. These and other findings […]
Greenbone Audits for Compliance with the CIS Windows 11 Enterprise Benchmark”
Microsoft Windows remains the most widely used desktop operating system in enterprise environments – and also one of the most targeted by threat actors. Insecure configurations are a leading source of security breaches [1][2][3], often exploited to gain initial access [TA0001], escalate privileges [TA0004], steal credentials [TA0006], establish persistent access [TA0003], and move laterally within […]
Dwell time: Attackers Are Striking Faster and Disguising Themselves Better
Security experts are observing a worrying trend: the time to exploit (TTE), i.e. the time between a security vulnerability becoming known and being exploited by malicious actors, has been falling dramatically in recent times. At the same time, attackers are becoming increasingly skilled at concealing their presence in a successfully hacked network. Experts refer to […]
Attackers Advance on Two New Ivanti EPMM Flaws
Just last month, CVE-2025-22457 (CVSS 9.8) affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways was recognized as a vector for ransomware. Now, two new CVEs have been added to the growing list of high-risk Ivanti vulnerabilities; CVE-2025-4427 and CVE-2025-4428 affecting Ivanti EPMM (Endpoint and Patch Management Mobile) are under active exploitation. Greenbone includes active […]
Greenbone Reduces the Blast Radius of a Cyber Breach
Cyber attacks, like other types of security incidents, range dramatically in scope and impact. When defenders are prepared, an incident may be contained, damage limited, and recovery swift. When caught unprepared, a single incident may result in days or weeks of downtime, lost revenue, tarnished reputation, regulatory penalties or class action settlements [1][2]. In May […]
Availability of CVE Vulnerability Data in Greenbone Products
Greenbone AG has been consistently committed to an independent and resilient supply chain for the provision of vulnerability data for many years. Against the background of current discussions on the financing and sustainability of the CVE programme of the US organisation MITRE, we would like to inform you about our measures to ensure the continuous […]
CVE-2025-31324: An Actively Exploited Flaw Affecting SAP NetWeaver Visual Composer
CVE-2025-31324 (CVSS 9.8), published on April 24th 2025, allows unauthenticated attackers to upload executable files [CWE-434] via the NetWeaver Visual Composer component which can result in Remote Code Execution (RCE). The CVE presents a high degree of risk; many publicly available proof-of-concept (PoC) exploits [1][2][3][4][5] are available, and active attack campaigns have been alerted by […]
CVE-2025-34028: Commvault Command Center Actively Exploited for RCE
CVE-2025-34028 (CVSS 10) is a maximum severity flaw in Commvault Command Center, a popular admin console for managing IT security services such as data protection and backups across enterprise environments. As of April 28th, CVE-2025-34028 has been flagged as actively exploited. CVE-2025-34028 also presents heightened risk due to the existence of publicly available proof-of-concept (PoC) […]
