VulnCheck now provides an automated approach to providing broader visibility into differences between VulnCheck KEV and CISA KEV through a Jupyter Notebook publicly available on GitHub.
VulnCheck discovers evidence that ProjectSend has been exploited in the wild and assigns CVE-2024-11680
In September, VulnCheck identified evidence of 78 CVEs that were publicly disclosed for the first time as exploited in the wild.
A newly disclosed vulnerability, CVE-2024-9441, affects the Linear Emerge E3 series. The vulnerability has not yet been patched by the vendor, and exploits are already circulating, raising concerns of imminent exploitation.
Last week, Five Eyes agencies issued a Joint Cybersecurity Advisory titled, “People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations” which we explore in this blog post.
During June, July, and August, we captured exploitation evidence for 158 vulnerabilities, with initial evidence emerging within this period for the first time. The evidence was collected from over 35 different sources.
To help security practitioners prioritize vulnerabilities using exploit evidence, we've outlined why weaponized vulnerabilities should be prioritized by mapping Metasploit modules and VulnCheck Known Exploited Vulnerabilities.
In May, VulnCheck identified evidence of 103 CVEs that were publicly disclosed for the first time as exploited in the wild, marking a 90.7% increase over April.
VulnCheck scanned the internet for implanted Cisco IOS XE systems and found thousands of results.
VulnCheck provides additional insight into CISA's 2022 Top Routinely Exploited Vulnerabilities by looking at the availability of exploits and examining which threat actors, botnets, and ransomware crews used the vulnerabilities.
VulnCheck analyzes four CVEs that impact SolarView, a solar power monitoring system. We discover the number of internet-facing systems and the likelihood of exploitation in the wild.
A review of the vulnerabilities that should have been added to the CISA KEV Catalog in 2022, but weren't.
A review of the vulnerabilities added to the CISA KEV Catalog in 2022. VulnCheck examines which vulnerabilities were added in 2022, who exploited them, and how long it took to add them to the Catalog.
An examination of vulnerabilities affecting Xiongmai IoT devices, including exploit development and an analysis of exploitation in the wild.
The CISA Known Exploited Vulnerabilities (KEV) Catalog tracks vulnerabilities that have been exploited in the wild, and it currently has more than 800 entries.