CVE
5 articles with this tag
Equifax breach (2017) — how an unpatched Apache Struts flaw leaked 147M people
The cause was a known, already-patched CVE (CVSS 10.0) left unapplied on a public system. An expired monitoring certificate hid the exfiltration for 76 days. In your environment: asset inventory, a patch SLA, machine monitoring, and healthy detection.
What is a CVE — the shared 'jersey number' for vulnerabilities
A CVE is a globally shared ID for a vulnerability (e.g. CVE-2025-12345). CVE = the name, CVSS = severity, KEV = is it exploited. It's the anchor for monitoring. Track it with machines, not by hand.
Running Next.js safely: not falling behind on published CVEs
The top framework risk is neglected published CVEs. Defend with four pillars: judge by the running version, monitor with Dependabot/osv-scanner, update fast, and run least-privilege. ITD's view: indie devs lose not on knowledge but on operational continuity — win with a system that doesn't miss, not with speed.
Log4Shell (CVE-2021-44228) — the night the world feared a bug it couldn't even confirm it had
Log4j's CVSS 10.0 bug. The real fear was the transitive dependency — being affected through a library you didn't know you used. A passive logging path became an attack vector. SBOM, machine-monitoring, fast patching, and following the follow-up CVEs are the lessons.
What is RCE (Remote Code Execution) — why it's the worst class of bug
RCE lets an attacker run arbitrary code on your server — straight to takeover, the worst class. The blast radius is set by the running process's privileges. The core defenses are fast patching, CVE monitoring, and least privilege.