Ryan Naraine
Editor at Large at SecurityWeek
Publisher at Security Conversations
🎧 Podcast: https://t.co/ZGEyqy1JhI ✍🏼 Writing: @securityweek 🗣️ Conference: @labscon_io
Articles
-
1 week ago |
securityweek.com | Ryan Naraine
Chris Krebs has resigned as SentineOne’s Chief Intelligence and Public Policy Officer less than a week after the revocation of his security clearance and a presidential order to review CISA’s conduct under his leadership. Krebs, who doubled as President of PinnacleOne, SentinelOne’s strategic advisory group, said the resignation is effective immediately. “I want to be clear: this is my decision, and mine alone,” Krebs said in a goodbye note to SentinelOne staff.
-
1 week ago |
securityweek.com | Ryan Naraine
Apple on Wednesday shipped out‑of‑band operating system updates to fix a pair of security bugs the company says were already exploited in “extremely sophisticated” attacks against a small number of iOS targets. The vulnerabilities, tagged as CVE-2025-31200 and CVE-2025-31201, are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms.
-
1 week ago |
securityweek.com | Ryan Naraine
The US government’s cybersecurity agency CISA says there will be no lapse in critical CVE services provided by the MITRE Corporation. Just hours after the MITRE Corporation warned that the expiration of federal funding for the CVE Program would cause major disruptions, CISA announced it has “executed the option period on the contract” to keep the vulnerability catalog operational. “The CVE Program is invaluable to the cyber community and a priority of CISA.
-
1 week ago |
community.opentextcybersecurity.com | Brian Krebs |Ryan Naraine
April 15, 2025 By Brian Krebs A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program — which is traditionally funded each year by the Department of Homeland Security — expires on April 16.
-
1 week ago |
securityweek.com | Ryan Naraine
Pillar Security, a startup building security controls for enterprise AI deployments, has deposited $9 million in seed funding from Shield Capital. The company, which has roots in Israel, said investors Golden Ventures and Ground Up Ventures also took equity positions. Founded last October by Dor Sarig and Ziv Karliner, Pillar Security has ambitious plans to build technology to address security gaps in AI software.
Try JournoFinder For Free
Search and contact over 1M+ journalist profiles, browse 100M+ articles, and unlock powerful PR tools.
Start Your 7-Day Free Trial →Coverage map
X (formerly Twitter)
- Followers
- 27K
- Tweets
- 31K
- DMs Open
- No
That kind of adversary knows your product internals better than you.
Moreover, this was not a trivial vulnerability to build an exploit for, as the researchers here show. Even when they had the advantage of knowing the issue was actually practically exploitable. (Which the exploit dev group did not. And Ivanti apparently didn't discern at first.)
RT @arekfurt: It's tempting to see this as just another case of Ivanti junk being abused, but the situation is a lot more noteworthy. The P…
a quick 'three buddy problem' podcast re-up!
NEW POD ALERT! We cover the NSA director firing, Ivanti's latest 0day screw-up, risks from China's robotics dominance, Microsoft AI finding bootloader vulns. @jags.bsky.social @craiu.bsky.social PLUS, rave reviews for Bunnie Huang's Black Hat Asia keynote! 👇