Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Vuln Management

Below you will find reports with the tag of “Vuln Management”

image from Mass Internet Exploitation Report 2025

Mass Internet Exploitation Report 2025

The GreyNoise 2025 Mass Internet Exploitation Report provides security leaders, SOC analysts, vulnerability managers, and threat intelligence teams with actionable insights. Attackers are industrializing reconnaissance and exploitation. Security teams must adapt. This report provides the intelligence needed to prioritize, respond, and defend against the next wave of mass exploitation.

(more available)
Added: February 28, 2025
image from Scanning the Horizon: How broadening our use of cybersecurity data can help users

Scanning the Horizon: How broadening our use of cybersecurity data can help users

This is the first published study in this field to include SPoF (Single Point of Failure) data, which highlights the dependencies a company has on third-party systems and services. This paper represents a snapshot of our ongoing work exploring what is a deep and highly complex dataset.

(more available)
Added: December 11, 2024
image from Scanning the Horizon: How broadening our use of cybersecurity data can help insurers

Scanning the Horizon: How broadening our use of cybersecurity data can help insurers

At Gallagher Re, we have been exploring this data’s vast potential for several years. This research has informed the development of a suite of proprietary tools and services aimed at supporting the (re)insurance community in realising the potential of cyber data to enhance underwriting and portfolio monitoring. Principal among these is TIDE, our portfolio quality and benchmarking tool.

(more available)
Added: October 24, 2024
image from 2023 Microsoft Vulnerabilities Report

2023 Microsoft Vulnerabilities Report

This 10-year anniversary edition of the report dissects the 2022 Microsoft vulnerabilities data and highlights some of the key shifts since the inaugural report. This report will spotlight some of the most significant CVEs of 2022, break down how they are leveraged by attackers, and explain how they can be prevented or mitigated. The way Microsoft classifies the severity rating for a vulnerability is distinct from the likelihood of exploitation.

(more available)
Added: October 15, 2024
image from 2022 Microsoft Vulnerabilities Report

2022 Microsoft Vulnerabilities Report

The report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an undeniable business case for the importance of removing admin rights to reduce risk. In this report, we will examine how these vulnerability trends, along with cloud security adoption, collectively influence how we should think about cybersecurity and risk management in 2022 and beyond.

(more available)
Added: October 15, 2024
image from Microsoft Vulnerabilities Report 2021

Microsoft Vulnerabilities Report 2021

In its 8th year, the Microsoft Vulnerabilities Report has proven to be a valuable asset for many organizations who wish to gain a holistic understanding of the evolving threat landscape. The report provides a 12-month, consolidated view and analysis of Microsoft Patch Tuesdays, as well as exclusive insights from some of the world’s top cybersecurity experts. This analysis not only reveals evolving vulnerability trends, but also identifies the Critical vulnerabilities that could be mitigated if admin rights were removed.

(more available)
Added: October 15, 2024
image from 2024 Microsoft Vulnerabilities Report

2024 Microsoft Vulnerabilities Report

The Microsoft Vulnerabilities Report has garnered over 16,000 downloads and helped thousands of users leverage its detailed data analysis and expert findings to improve their cyber defenses. This year’s edition of the report not only dissects the 2023 Microsoft vulnerabilities data, but also assesses how these vulnerabilities are being leveraged in identity-based attacks. The report also spotlights some of the most significant CVEs of 2023, breaks down how they are leveraged by attackers, and explains how they can be mitigated.

(more available)
Added: October 15, 2024
image from The True Cost of CVE Management in Containers

The True Cost of CVE Management in Containers

Common Vulnerabilities and Exposures (aka CVEs) in containers, at least according to the interviews conducted for this study, are a pain (in the vuln). Chainguard conducted ten interviews with software professionals at a range of companies that build or operate containers. The interview questions dealt with the processes and workflows that these professionals use to identify, triage, and remediate CVEs in containers. Many of the questions either involved a request for a time estimate of each step of the process or probed the “why” behind the process or workflow.

(more available)
Added: September 24, 2024
image from SANS Application & API Security Survey 2024

SANS Application & API Security Survey 2024

In this report, one clear finding from the survey was that it is important to test throughout the application lifecycle using a variety of methods. Although testing early continues to be important, having visibility into and being able to monitor and test deployed applications is still critical. Although security testing capabilities have also improved, the value of individual testing capabilities has changed in response to increased threats and changing application architectures.

(more available)
Added: August 10, 2024
image from State of Enterprise Cyber Risk in the Age of AI

State of Enterprise Cyber Risk in the Age of AI

This report provides insights into the current state of enterprise cyber risk and the role of AI in it. AI is revolutionizing business and has the potential to significantly improve cybersecurity outcomes. Many already have plans to use integrated AI in cyber tools, especially for inferencing, data analysis, and GenAI conversational systems.

(more available)
Added: July 23, 2024
image from Industrial Cybersecurity Outlook 2023-2030

Industrial Cybersecurity Outlook 2023-2030

The primary goal of OT Security Leaders it to ensure that the risk of a cyber incident impacting the Reliability, Availability and Safety of operations is minimised. This requires identification and management of vulnerabilities, and a layer of controls to prevent threat actors from accessing networks. The logical starting point is to identify and classify all assets though this is rarely a simple task.

(more available)
Added: July 12, 2024
image from GreyNoise 2022 Mass Exploitation Report

GreyNoise 2022 Mass Exploitation Report

That is the purpose of this report is to show you the hours saved, the data aggregated, and the research methodologies laid bare. you’ll find several sections covering some of the bigger mass exploitations of 2022, also known as celebrity vulnerabilities.

(more available)
Added: June 5, 2024
image from The 2022 Attack Resistance Report

The 2022 Attack Resistance Report

Several trends in the way we work and consume technology have resulted in an ever-expanding cyberattack surface for organizations of all sizes. Comprehensive digital transformation across enterprises, the rise in cloud adoption, the normalization of working from anywhere, and Internet of Things (IoT) initiatives have resulted in an explosion of new applications, along with an increased rate of iterations and updates.

(more available)
Added: May 31, 2024
image from The State of Vulnerability Disclosure Policy (VDP) Usage in Global Consumer loT in 2022

The State of Vulnerability Disclosure Policy (VDP) Usage in Global Consumer loT in 2022

This is the fifth report in the series which plots the use of vulnerability disclosure in consumer markets with the introduction of enterprise starting in 2021. For consumers, knowing that a manufacturer has the requisite systems in place to receive, and remedy, known security flaws is a welcome form of assurance. Indeed, we have said many times that the lack of an easily identifiable method for reporting security issues could be likened to a canary in the coal mine – it’s a good health indicator as to how serious they are about security.

(more available)
Added: May 29, 2024
image from CISA KEV Catalog: Prevalence and Remediation

CISA KEV Catalog: Prevalence and Remediation

CISA created the KEV catalog in part because of challenges that organizations have historically faced in prioritizing vulnerabilities. In any given year, there are tens of thousands of new vulnerabilities. But according to CISA, a study of historical vulnerability data dating back to 2019 shows that less than 4% of all known vulnerabilities were being used by attackers in the wild.

(more available)
Added: May 3, 2024
image from The 2024 Vulnerability Statistics Report

The 2024 Vulnerability Statistics Report

The 9th edition of the Edgescan Vulnerability Stats Report 2024. This report demonstrates the state of full stack security based on thousands of security assessments and penetration tests on millions of assets that were performed globally from the Edgescan Cybersecurity Platform in 2023. This is an analysis of vulnerabilities detected in the systems of hundreds of organizations across a wide range of industries – from the Fortune 500 to medium and small businesses. The report provides a statistical model of the most common weaknesses faced by organizations to enable data-driven decisions for managing risks and exposures more effectively.

(more available)
Added: April 8, 2024
image from State of the Cybersecurity Attack Surface - October 2023

State of the Cybersecurity Attack Surface - October 2023

In our third State of the Cybersecurity Attack Surface report, we continue to see enterprises struggle with many of the same issues they’ve been grappling with—they are blind to IT assets missing endpoint protection, patch management, and, as we now include in this report, vulnerability management. “Stale” IT assets continue to proliferate across corporate networks. Organizations are unnecessarily paying for unused licenses while facing budget cuts and economic challenges.

(more available)
Added: April 6, 2024
image from The Future of Application Security 2024

The Future of Application Security 2024

The third annual Future of Application Security survey reveals how key stakeholders are responding to this challenge. We surveyed 1504 developers, CISOs, and AppSec managers from a broad range of industries across the US, Europe, and Asia-Pacific regions. The responsibility has shifted away from dedicated security teams and is now shared between AppSec managers and developers.

(more available)
Added: March 5, 2024
image from 2024 Open Source Security and Risk Analysis Report

2024 Open Source Security and Risk Analysis Report

This report uses data from the Synopsys Black Duck Audit Services team’s analysis of anonymized findings from 1,067 commercial codebases across 17 industries during 2023. The Audit Services team has helped security, development, and legal teams around the world strengthen their security and license compliance programs for over 20 years. The team audits thousands of codebases for our customers each year, with the primary aim of identifying software risks during merger and acquisition (M&A) transactions.

(more available)
Added: March 5, 2024
image from 2024 Sate of IT Operations Report

2024 Sate of IT Operations Report

In this year’s report, 500 U.S.-based ITOps professionals express how automation increases their IT agility –reducing costs and enhancing endpoint management capabilities. The report also reveals that less than half (44%) of organizations have high ITOps agility, with the most agile showing mature uses of AI and workflow automation tools.

(more available)
Added: February 22, 2024
image from Cyber Threat Index 2024

Cyber Threat Index 2024

In this report, Coalition Security Labs’ dedicated security research team dives into data derived from Coalition’s extensive threat collection technologies and provides critical information to help security professionals, brokers, and businesses navigate the current cyber risk landscape. Readers will gain insights into how to prioritize vulnerabilities, understand which technologies threat actors are targeting, and compare cyber hygiene across industries.

(more available)
Added: February 22, 2024
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • »
  • »»
© Cyentia Institute 2025
Library updated: June 21, 2025 04:08 UTC (build b1d7be4)