The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems.
As of Tuesday, the full-fledged version of the website is up and running.
"The EU is now equipped with an essential tool designed to substantially improve the management of vulnerabilities and the risks associated with it," ENISA Executive Director Juhan Lepassaar said in a statement announcing the EUVD.
"The database ensures transparency to all users of the affected ICT products and services and will stand as an efficient source of information to find mitigation measures," Lepassaar continued.
The European Union Agency for Cybersecurity (ENISA) first announced the project in June 2024 under a mandate from the EU's Network and Information Security 2 Directive, and quietly rolled out a limited-access beta version last month during a period of uncertainty surrounding the United States' Common Vulnerabilities and Exposures (CVE) program.
Register readers — especially those tasked with vulnerability management — will recall that the US government's funding for the CVE program was set to expire in April until the US Cybersecurity and Infrastructure Security Agency, aka CISA, swooped in at the 11th hour and renewed the contract with MITRE to operate the initiative.
In September and October 2024, Ivanti published multiple1 security2 advisories3 regarding security policy bypasses and remote code execution vulnerabilities in their Cloud Services Appliance (CSA) product. It was later revealed by FortiGuard Labs Threat Research's work4 that some threat actors had been actively chaining these vulnerabilities as early as September 9, 2024, before any security advisory or patch was publicly released by Ivanti.
In some compromise scenarios, even though the initial access stemmed from the exploitation of zero-day vulnerabilities, later stages were short of such proficient attacker tradecraft. Threat actors were seen using known malicious tools and noisy payloads for lateral movement, persistence and credential dumping.
Synacktiv's CSIRT was recently in charge of different forensic investigations where the root cause was a vulnerable CSA appliance exposed to the internet. During these engagements, we found a set of open-source tools used by the attacker to achieve its goals. In this article, we take a tour of the OSS toolset from an Ivanti CSA exploiter and discuss related detection capabilities.
In April 2024, I discovered a high-severity vulnerability in Visual Studio Code (VS Code <= 1.89.1) that allows attackers to escalate a Cross-Site Scripting (XSS) bug into full Remote Code Execution (RCE)—even in Restricted Mode.
The desktop version of Visual Studio Code runs on Electron. Renderer processes are sandboxed and communicate with the main process through Electron’s IPC mechanism.
An XSS vulnerability in the newly-introduced minimal error rendering mode for Jupyter notebooks enables arbitrary JavaScript code to be executed within the vscode-app WebView for the notebook renderer. The vulnerability can be triggered by opening a crafted .ipynb file if the user has the setting enabled, or by opening a folder containing a crafted settings.json file in VS Code and opening a malicious ipynb file within the folder. This vulnerability can be triggered even when Restricted Mode is enabled (which is the default for workspaces that have not been explicitly trusted by the user).
In this post, we’ll walk through how the bug works and how it bypasses VS Code’s Restricted Mode.
Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of customers. No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched. We will reimburse customers who were tricked into sending funds to the attacker. We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.
What happened
Criminals targeted our customer support agents overseas. They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users. Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto. They then tried to extort Coinbase for $20 million to cover this up. We said no.
What they got
Name, address, phone, and email
Masked Social Security (last 4 digits only)
Masked bank‑account numbers and some bank account identifiers
Government‑ID images (e.g., driver’s license, passport)
Account data (balance snapshots and transaction history)
Limited corporate data (including documents, training material, and communications available to support agents)
La cybersecurity in Vaticano è un problema serio. La Chiesa cattolica ha duemila anni, il world wide web poco più di trenta, ma entrambi sono innegabilmente stati in grado di cambiare il mondo. Che, a dispetto delle buone intenzioni, resta un posto pericoloso.
Quello virtuale non fa eccezione. Diversi gruppi di attivisti e ricercatori sollecitano da anni il papa affinché si prenda cura degli affari digitali. Perché lo Stato più piccolo del mondo – grande come un paio di quartieri di Roma – è anche agli ultimi posti della classifica del Global cybersecurity index. “Nelle ultime tre posizioni, per la precisione, a fianco dello Yemen e di Timor Est”. A parlare con Wired collegato da Amsterdam è Joe Shenouda, ingegnere informatico dei Paesi Bassi. Shenouda riflette da anni sulla situazione. Soprattutto da quando, nel 2020, all'inizio della pandemia, gli asset digitali della Santa Sede furono attaccati con una perdita di dati senza precedenti. Ai tempi si sospettò della Cina. Da allora, racconta, dice, le minacce sono aumentate.
Così nel 2022 il professionista, che oggi lavora come ciso (chief information security officer) indipendente dopo un passato in alcune società di consulenza, ha messo in piedi, partendo da un post su Linkedin, una rete di volontari che si sono fatti carico di un aspetto poco considerato Oltretevere: la sicurezza informatica. Perché il Vaticano, a dispetto delle dimensioni, è un gigante nella diplomazia. Un colosso delle relazioni internazionali che dispone di una rete capillare di informatori e, soprattutto, di informazioni di prima mano su questioni complesse a livello globale. Per non parlare degli asset economici, inclusi i conti correnti, su cui transitano fiumi di denaro provenienti da donazioni e affitti. Per quanto sia lecito presumere che l’informatizzazione di una realtà estremamente legata alla tradizionale e lenta nei mutamenti non sia così pronunciata come altrove, la strada – per tutti - è inevitabilmente segnata.
Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.
Tracked as CVE-2025-22462, the security flaw can let unauthenticated attackers gain administrative access to unpatched systems in low-complexity attacks, depending on system configuration.
As the company highlighted in a security advisory released today, organizations that followed its guidance are less exposed to attacks.
"Customers who have followed Ivanti's guidance on securing the IIS website and restricted access to a limited number of IP addresses and domain names have a reduced risk to their environment," Ivanti said.
"Customers who have users log into the solution from outside their company network also have a reduced risk to their environment if they ensure that the solution is configured with a DMZ."
Ivanti added that CVE-2025-22462 only impacts on-premises instances running versions 2023.4, 2024.2, 2024.3, and earlier, and said that it found no evidence that the vulnerability is being exploited to target customers.
Product Name Affected Version(s) Resolved Version(s)
Ivanti Neurons for ITSM (on-prem only) 2023.4, 2024.2, and 2024.3 2023.4 May 2025 Security Patch
2024.2 May 2025 Security Patch
2024.3 May 2025 Security Patch
The company also urged customers today to patch a default credentials security flaw (CVE-2025-22460) in its Cloud Services Appliance (CSA) that can let local authenticated attackers escalate privileges on vulnerable systems.
While this vulnerability isn't exploited in the wild either, Ivanti warned that the patch won't be applied correctly after installing today's security updates and asked admins to reinstall from scratch or use these mitigation steps to ensure their network is protected from potential attacks.
