.svg)
Key Points
Welcome to issue #4 of The Vulnerabulletin - your monthly dose of cyber industry insights, research from our in-house security team, and product news from Intruder.
This month, we’re hunting "Ghost CVEs" - those elusive vulnerabilities that are real and documented, yet invisible to standard databases. Our Head of Security, Dan Andrew, explains why waiting for the NVD means you're already behind the curve. We then dive into the importance of Container Registry Security, and how to ensure your images are as secure as your code. Plus, don't miss our CTO Patrick's conversation with Zach Rattner, CTO & Co-Founder at Yembo, who discuss why treating security as a checkbox is a missed opportunity for growth. We’ll wrap up with the latest industry headlines and memes currently making waves in our Slack channels.
Ghost CVEs - the phantom menace 👻
If you're only monitoring the National Vulnerability Database (NVD), you're relying on a lagging indicator. "Ghost CVEs" are vulnerabilities that are publicly disclosed - and often already being exploited - hours or even days before they ever hit the official records.
Our Head of Security Dan Andrew explains how we track these vulnerabilities that appear in GitHub commits and security advisories before they reach NVD, to ensure we move fast for our customers.
What's your Container Registry Security Strategy? 🔒
Container registries are a critical attack surface - but many teams treat them like simple storage. By pulling directly from public repos, you're risking availability issues, supply chain blind spots, and vulnerabilities reaching production.
Intruder’s Senior DevOps Engineer Manuel Morejón breaks down a practical 3-tiered strategy to secure your container registries without adding complexity.
Plus: get a first look at our upcoming automated container image vulnerability scanning release.
How CTOs turn security into a daily habit 🗒️
Most companies treat security like a final exam - scanning at the last minute and hoping for a passing grade. Yembo CTO & Co-Founder Zach Rattner invited our very own CTO Patrick Craston to discuss why security should be more like brushing your teeth: a simple, daily habit that prevents painful operations later.
Watch them share advice on how to make security accessible for your entire team, and explore the impact AI is having on the landscape.
The Vulnerabulletin Board 📌
What our security team has been reading (and meme-ing) this month...
👥 Therapy patients' notes leaked for ransom (BBC) - the distressing tale of how a patient database hack exposed thousands of intimate therapy details on the dark web.
🦀 Lessons to be learned from OpenClaw (1Password) - a deep dive into both the predictable and shocking problems raised by OpenClaw, and best practices to protect your machines.
⚠️ Ivanti: Another Day, Another Pre-Auth RCE (Intruder) - Two new critical vulns have been identified in Ivanti Endpoint Manager Mobile; we share a breakdown of the threat, and what you should do to remediate.
🏆 Our meme of the month:
What's new in Intruder 💡
🚦 Cyber hygiene scores better reflect real risk - Cyber Hygiene Scores now incorporates likelihood of exploitation alongside severity to create a more realistic view of risk, and help you focus on the vulnerabilities that matter.
🔔 Custom Slack and Teams notifications - New customizable controls match the flexibility already available for email. You can now decide which alerts you want to receive via Slack and Teams to ensure focused and relevant comms.
Get our latest news, research, and expert advice, straight to your inbox
