StateTech Magazine

A Guide to Software Bills of Materials for State and Local Governments

Government agencies use SBOMs to expose hidden risks, govern artificial intelligence tools and speed response to software vulnerabilities.
CSO Online

WatchGuard fixes ‘critical’ zero-day allowing firewall takeover

Because it was under attack before a patch was made available by WatchGuard on December 18, this makes CVE-2025-14733 a bona ...

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...
Security Boulevard

Microsoft Expands its Bug Bounty Program to Include Third-Party Code

In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover ...
Infosecurity Magazine

Log4Shell Downloaded 40 Million Times in 2025

Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug ...
Developer Tech

Log4j downloads shows supply chain wake-up call ignored

Ongoing vulnerable Log4j downloads suggest the supply chain crisis wasn’t the wake-up call it should have been. Back in December 2021, the “internet on fire” headlines weren’t hyperbole. Security ...
InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert. Developers using the React 19 library for building application interfaces are ...
aha.org

NIST says critical vulnerability found in 7-Zip archiving software

A critical vulnerability has been identified in 7-Zip, a free software program used for archiving data, according to the National Institute of Standards and Technology. The flaw allows cyber actors to ...
cryptopolitan

Tokens based on the x402 standard may hide a critical vulnerability

x402 tokens were presented as a decentralized solution, but they may hold a centralized vulnerability due to their reliance on facilitators. Facilitators can see, track, or censor some of the ...
CSOonline

Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment

Only days after Fortinet was criticized by researchers for ‘silently’ patching a zero-day vulnerability without informing its customers, it has emerged that it did the same for a second zero-day that ...
thecyberexpress

IBM AIX Hit by Three Critical Vulnerabilities, One a Perfect 10. Patch Now!

Vulnerabilities in the IBM AIX operating system for Power servers could allow remote attackers to execute arbitrary commands, obtain Network Installation Manager (NIM) private keys, or traverse ...