Latest issue of my curated #cybersecurity and #infosec list of resources for week #11/2025 is out!

It includes the following and much more:

➝ Alleged Co-Founder of #Garantex Arrested in India;

➝ X Suffered a #DDoS Attack;

➝ Microsoft #PatchTuesday Fixes 7 Zero-days;

➝ UK Hospital Discovered 5,000 to 10,000 Unknown Devices Connected to its Network;

➝ #NVIDIA Chips Smugglers Granted Bail in Singapore;

➝ #Tenable tested #DeepSeek's Ability to Generate #Malware;

➝ #OpenAI labelling DeepSeek as "state-controlled";

➝ New #Jailbreak Method called Context Compliance Attack (CCA) Works Against Most #AI Models

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/template-infosec-mashup-xx-2025-7eb9e43f2aebd47f?utm_source=beehiiv&utm_medium=mastodon

Latest issue of my curated #cybersecurity and #infosec list of resources for week #31/2023 is out! It includes the following and much more:

➝ Researchers Uncover New High-Severity #Vulnerability in #PaperCut Software
➝ #Israel cybersecurity agency says no breach after senior official self-infects home PC with #malware
➝ CISA’s strategic plan adheres to overall Biden administration direction on cybersecurity
➝ Top 12 vulnerabilities list highlights troubling reality: many organizations still aren’t #patching
➝ Hacking tool #FlipperZero tracked by intelligence agencies, which fear white nationalists may deploy it against power grid
➝ Hundreds of #Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack
➝ ️ Researchers jailbreak a #Tesla to get free in-car feature upgrades
➝ Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023
➝ Russian hackers target govt orgs in #Microsoft Teams #phishing attacks
➝ #Rapid7 found a bypass for the recently patched actively exploited #Ivanti EPMM bug
➝ #Tenable CEO accuses Microsoft of negligence in addressing security flaw
➝ Hackers exploited #Salesforce zero-day in #Facebook phishing attack
➝ US internet hosting company appears to facilitate global #cybercrime, researchers say
➝ #China's #APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe
➝ Schools Are Now the Leading Target for Cyber Gangs as Ransom Payments Encourage Attacks
➝ Possible Chinese Malware in US Systems - a ‘Ticking Time Bomb’
➝ Cybercriminals Renting #WikiLoader to Target Italian Organizations with Banking Trojan
➝ Microsoft downplays damaging report on Chinese hacking its own engineers vetted
➝ #Jordan adopts cybercrime law seen as threat to #freespeech
➝ Hacker Claims to Have Stolen Sensitive Medical Records from #Egypt's Ministry of Health
➝ #BankCard USA surrenders and pays #ransom

This week's recommended reading is: "Art of Software Security Assessment, The: Identifying and Preventing Software Vulnerabilities" by Mark Dowd, John McDonald, and Justin Schuh

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-312023

OK so Tenable no longer has a HIPAA compliance scan template. Is there an alternative that auditors/pentesters are using? Maybe a custom template?

Does anyone know of any vulnerability management tool that actually allows you to generate your own CVSS? To the best of my knowledge neither Rapid7 nor Tenable do this. CVSS, while problematic, does contain scoring for Temporal and Environmental, but I haven't seen a product that lets you actually input your own meta data to adjust the score for your business.