
Catalin Cimpanu talks CISA KEV with Patrick Garrity from Nucleus Security
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Patrick Garrity, VP of Marketing and security researcher at Nucleus Security, on how the company has been tapping into CISA’s KEV database for insights on vulnerability management and vulnerability prioritization.

(FIC) Orange - Risk Based Vulnerability Management through Nucleus
During the FIC (International Cybersecurity Forum) conference, Adam Dudley shared how Nucleus Security and Orange Cyberdefense build a foundational asset and vulnerability inventory so you can operationalize vulnerability management at scale.

Chris Hughes Joins The Risky.Biz Pod to Talk Vulnerability Prioritization
In this episode of the Risky.Biz Podcast, Chris Hughes, Co-Founder and CISO of Aquia, discusses his experience using Nucleus for Vulnerability Prioritization and why CVSS is not enough to successfully manage your vulnerability management program.

Introducing GitHub vulnerability management integrations for security professionals
Learn about using GitHub Advanced Security alerts with vulnerability management tools. Check out the integrations and learn about how to get started.

CISA Adds ‘High-Severity’ ZK Framework Bug to Vulnerability Catalog
Nucleus’s Ryan Cribelar speaks to SC Media about CVE-2022-36537, which has a CVSS score of 7.5 and was added to the CISA KEV catalog after FOX IT reported that there were hundreds of open-facing ConnectWise R1Soft Server Backup Manager servers exploited in the wild.

Patch Your Windows PC Now to Fix 3 Zero-Day Exploits
Nucleus Security speaks about CVE-2023-23529, a WebKit Remote Code Execution flaw, rolled out in February’s Patch Tuesday.

Two Zero-Days Fixed in Patch Tuesday Can Escalate Privileges to the SYSTEM Level
Ryan Cribelar, vulnerability research engineer at Nucleus, talks with SC Media about two February additions to the CISA KEV catalog that could let attackers escalate privileges to the SYSTEM level.

Tools Alone Won't Solve Your Vuln Management Problems
In this episode of the Risky.Biz Podcast, Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.

ChatGPT in Cybersecurity with Stephen Carter, CEO at Nucleus
Nucleus CEO, Stephen Carter, joins Mike Vizard with Techstrong.tv to talk about the impact that ChatGPT and AI technology might have on the cybersecurity industry, specifically within the world of vulnerability management.

Resilient Cyber Podcast: Challenges of Vulnerability Management
Nucleus CEO, Stephen Carter, discusses the challenges and Complexity of the modern vulnerability management landscape with hosts Chris Hughes and Nikki Robinson.

CISO Tradecraft Podcast: Consolidating Vulnerability Management
Nucleus CISO, Jeff Gouge, discusses the value of consolidating vulnerability management. Jeff expands into the use of vulnerability exploitation data for prioritization and the value of taking a more modern approach to vulnerability management using SSVC (Stakeholder-Specific Vulnerability Categorization).

Stop Trying to Patch Everything and Focus on the Real Organizational Risk
In this post, we chatted with our partners at Orange Cyberdefense about how a risk-based approach to vulnerability management can help businesses where they should focus to repair and fix vulnerabilities.

Unsupervised Learning Podcast feat. Scott Kuffer
In this podcast interview, Scott Kuffer, COO and Co-Founder at Nucleus, has a conversation with about approaching vulnerability management at scale with Daniel Miessler of the Unsupervised Learning podcast.

Avoid Being Blindsided by CISA’s Known Exploited Vulnerabilities List
Dave Farquhar, Solutions Architect at Nucleus, shares three ways to predict items that are likely candidates to make it onto the CISA KEV list.

Nucleus Security CISA KEV Enrichment Dashboard provides insights into vulnerability prioritization
Nucleus Security launches the CISA KEV Enrichment Dashboard, a free tool that enables vulnerability researchers to observe known and exploitable vulnerabili40 ties identified by CISA and layer additional enrichment intelligence onto their vulnerability prioritization.

OpenSSL Releases Fixes for Two ‘High’ Severity Vulnerabilities
Nucleus Security’s Ryan Cribelar cast doubts on the severity of the vulnerabilities CVE-2022-3786 and CVE-2022-3602, which were listed as “high” by OpenSSL in late October 2022.

How Financial Services Can Better Secure Their CI/CD Pipelines
Gil Azaria, Director of APAC Operations at Nucleus Security, shares insights into the challenges that financial services face when securing their CI/CD pipelines, including competing priorities.

Nucleus Security Releases Free CISA KEV Enrichment Dashboard and Research, Providing Further Insight Into Vulnerability Prioritization
Nucleus Security launches the CISA KEV Enrichment Dashboard, a free tool that enables vulnerability researchers to quickly observe known and exploitable vulnerabilities identified by CISA and layer additional enrichment intelligence onto their vulnerability prioritization.

Nucleus Wins 2 CyberScoop 50 Awards
Scott Kuffer and NucleusGov win two awards at the CyberScoop 50 awards – an award that spotlights initiatives, new technologies, or novel approaches that promise to improve how governments, industries or the public at large approach cybersecurity.

Risky Business Episode #679 feat. Steve Carter
In this episode of Risky.Biz, our CEO and Co-Founder Steve Carter chats about CISA’s KEV list, including his mostly positive feelings, but also hisreasonable gripes.

Frontline Stories: Discussing the Impact of CISA KEV with Nucleus Security
Our Co-Founder and CEO, Stephen Carter, sat down with Kerry Matre, host of The Mandiant Defender’s Advantage Podcast, to discuss how vuln management has evolved over time and how CISA’s Known Exploited Vulnerabilities list helps U.S. civilian agencies and organizations globally.

Top Cybersecurity Startups to Watch in 2022
Nucleus is included as one of the top 60 cybersecurity startups to watch in 2022 based on innovation in new and emerging technologies, length of operation, early funding rounds, scalability, and more.

CISA Adds Apple Zero-Day, Cisco and Gigabyte Bugs to Exploited Vulnerabilities List
Ryan Cribelar, vulnerability research engineer at Nucleus Security, speaks to The Record by Recorded Future about several new vulnerabilities added to the CISA KEV list, including a zero-day vulnerability affecting all iPhone 8 and later models as well as several iPad models.

Top 3 Tips to Identify Quality Vulnerability Intelligence
Dave Farquhar, Solutions Architect at Nucleus, shares the three attributes of quality vulnerability intelligence, along with the key differentiating factors to consider when looking at vulnerability intelligence tools.

Fortinet authentication bypass flaw exploited in the wild; security experts call patching critical
David Farquhar, solutions architect at Nucleus Security, spoke to SC Media about the Fortinet products impacted by the CISA KEV CVE-2022-40684 exploit.

CISA adds Zoho Manage Engine vulnerability to KEV catalog
In this feature, Ryan Cribelar, vulnerability research engineer at Nucleus, explains how the Zoho ManageEngine vulnerability discovered earlier in September was elevated and uploaded to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog.

A Cautionary Tale: Sharing Your Riskiest Insider Threats Is a Culture Killer
The 2022 Cost of Insider Threat Global Report from Ponemon Institute states a clear problem: “Insider threats have increased in both frequency and cost over the past two years.” In this article for CPO Magazine, Nucleus’s Ryan Cribelar speaks about the culture impact that potentially comes from sharing insider threats.

Google Chrome, D-Link bugs among twelve added to CISA’s list of known exploited vulnerabilities
Ryan Cribelar, vulnerability research engineer at Nucleus Security, spoke to The Record about CVE-2022-3075, a wide-reaching vulnerability added to the CISA KEV list in September 2022.

SecurityGuyTV | Scanning Is Only the First Step in Vulnerability Management
Scott Kuffer, Co-Founder and COO of Nucleus Security, joins Chuck Harold at SecurityGuyTV.com live from Black Hat USA 2022 to talk about how scanning is only step one in the vulnerability management process.

Nucleus Security Named in Two 2022 Gartner® Hype Cycle™ Reports
Nucleus Security, a leader in risk-based vulnerability management and process automation, is pleased to be included as a Sample Vendor in two recent Gartner Hype Cycles: Hype Cycle for Security Operations, 2022 and Hype Cycle for Application Security, 2022.

RSAC Insights: Why Vulnerability Management Absolutely Must Shift to a Risk-Assessment Approach
In this episode of The Last Watchdog podcast, listen to Scott Kuffer and Byron Acohido discuss the importance for organizations to take a risk-based assessment lens to vulnerability management.
Media Assets
Please use the links below to download Nucleus Security’s branded assets, including brand guidelines, official brand logos, and headshots and bios of our Nucleus Co-Founders, Steve Carter (CEO) and Scott Kuffer (COO). For questions, interviews, or more press assets, please contact marketing@nucleussec.com.