Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
Stay informed on the latest in security disclosure practices. Keep your data safe with insights and updates on the newest disclosure trends in cybersecurity.
Search across headline titles and summaries.
Background for this topic.
Disclosure in information security means sharing details about vulnerabilities, breaches, or security incidents. This can be done privately with affected parties, coordinated to allow fixes before public release, or fully public, sometimes before patches exist. The method chosen affects how quickly risks are mitigated and how much attackers might exploit the information.
Proper disclosure helps organizations prioritize patching and reduces the window attackers have to exploit flaws. Poorly timed or incomplete disclosure can expose systems to increased risk, while transparent, coordinated disclosure supports effective vulnerability management and trust between researchers and defenders. Understanding disclosure practices is essential for assessing the urgency and reliability of security news.
Weekly headline count for the current query.
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”
Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days
March Patch Tuesday sees Microsoft release updates for 79 flaws
Flashpoint warns of a dramatic drop in the average time between vulnerability disclosure and exploitation
This year should break all the records in terms of vulnerability disclosed, reaching or even surpassing 50,000 new CVEs disclosed
VulnCheck analysts found that vulnerabilities exploited before being publicly disclosed rose from 23.6% in 2024 to 28.96% in 2025
A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server-side implementations
Flaws in Windows Graphics Device Interface (GDI) have been identified that allow remote code execution and information disclosure
The Coldriver hacking group reportedly shifted its operation quickly after the May 2025 public disclosure of its LostKeys malware
Boyd Gaming Corporation has disclosed that an unauthorized actor removed data from its systems, including information about employees and other individuals
Microsoft has fixed over 80 vulnerabilities including two publicly disclosed zero-days in its latest Patch Tuesday release
The UK National Cyber Security Centre thinks public disclosure programs could help mitigate AI safety threats
Recorded Future highlighted the vast capabilities of state actors to rapidly weaponize newly disclosed vulnerabilities for geopolitical purposes
Spikes in attacker activity precede the disclosure of vulnerabilities 80% of the time, according to a new GreyNoise report
Google’s Project Zero team will provide limited details of new vulnerabilities early following discovery, in a bid to speed up end users’ patching
32.1% of vulnerabilities listed in VulnCheck’s Known Exploited Vulnerabilities catalog were weaponized before being detected or within the following day
BlackFog found that publicly disclosed ransomware attacks on retail grew significantly in Q2 compared to Q1, with UK firms heavily targeted
Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers