LIVETHREAT INTELLIGENCE
NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9
← Blog·Best Practices7 min read372 views

Enterprise Vulnerability Management: Why Ethical Hacking Alone Is Not Enough

A penetration test finds vulnerabilities. Enterprise Vulnerability Management (EVM) ensures they are remediated, tracked, re-tested, and reported to regulators — continuously. Here is the operational difference, and why regulated enterprises need both.

H
HorizonShield SOC Team
January 18, 2026

The Limitation of a Point-in-Time Pen Test

A penetration test is a snapshot. It tells you what was vulnerable on the day the test ran. Three weeks later, a new CVE drops, a developer deploys a misconfigured service, or a vendor updates their API — and your attack surface has changed. A pen test report sitting in a folder does not protect you from what changed after the test.

Enterprise Vulnerability Management is the continuous discipline that fills this gap: perpetual scanning, risk-based prioritisation, remediation tracking, and closed-loop re-testing.

The EVM Lifecycle

  1. Asset Discovery: You cannot patch what you do not know exists. EVM starts with a complete, continuously updated asset inventory — including cloud workloads, containers, and third-party APIs.
  2. Vulnerability Scanning: Authenticated scans (not just network-level) across all assets, at minimum weekly for internet-facing systems and monthly for internal infrastructure.
  3. Risk-Based Prioritisation: Not all CVEs are equal. CVSS alone is a poor prioritisation tool — a CVSS 9.8 with no exploit in the wild is less urgent than a CVSS 7.2 being actively exploited against your sector. EVM uses threat intelligence to contextualise severity.
  4. Remediation Tracking: Assigned ownership, SLA-based deadlines (critical: 24–48 hours; high: 7 days; medium: 30 days), and escalation for missed SLAs.
  5. Re-Testing: Verification that patches actually closed the vulnerability — not just that a ticket was closed.
  6. Reporting: Regulatory-ready reports for DORA, FFIEC, and SOX ITGC — showing control effectiveness over time, not just a current state snapshot.

EVM in Financial Services: The Regulatory Dimension

DORA Article 9 requires financial entities to implement patch and update management as part of ICT security. FFIEC examiners expect documented vulnerability management programmes with evidence of SLA compliance. SOX ITGC requires controls over change management that intersect with patching processes.

HorizonShield's EVM programme delivers all three: continuous scanning, risk-based prioritisation, and regulatory-ready reporting — operated by our SOC team so your internal team can focus on remediation rather than programme management.

Best PracticesCybersecurityHorizonShield
← More Articles
H
HorizonShield SOC Team
HorizonShield Security Team

Cybersecurity expert at HorizonShield, specializing in threat intelligence, incident response, and enterprise security architecture.

Related Articles