ionix

Exploited! Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability (CVE-2025-32433)

Apr 23, 2025 By Amit Sheps In IONIX
Erlang/OTP ships with an SSH daemon that many telecom, IoT, Elixir/Phoenix, RabbitMQ and CouchDB deployments leave running for convenience. A flaw in how that daemon parses pre-authentication SSH protocol messages enables an attacker to break out of the key-exchange state machine and open an arbitrary channel before credentials are verified.
Read Post
Trustwave

Trustwave MDR Named SC Media Awards Finalist for Best Managed Security Service

Apr 23, 2025 By Trustwave In Trustwave
SC Media and SC Media Europe have each named Trustwave's Managed Detection and Response (MDR) solution as a finalist for the publication's Best Managed Security Service awards. The 2025 SC Awards were judged across 33 specialty categories by a distinguished panel of cybersecurity professionals, industry leaders, and CyberRisk Alliance CISO community members.
Read Post
1Password

How IT and security teams can manage BYOD

Apr 23, 2025 By Rachel Sudbeck In 1Password
In the modern, hybrid workplace, employees have more control than ever over the devices they use for their jobs. In fact, 56% of employees say that they have worked on a personal “bring-your-own” device (BYOD) in the last year. This is despite the fact that 89% of security pros say that their company doesn’t allow BYOD. Clearly, there’s a disconnect between security policies and worker behaviors.
Read Post
cato networks

Patching is Risky Business: By the Gartner Numbers

Apr 23, 2025 By Sangita Patel In Cato Networks
When I read Eyal’s blog, Why FWaaS is the Only Way Out of Endless Appliance Patching, I imagined a time in the immediate now (oxymoron intended); a time where the word “patching” is as quaint as rotary phones. In my mind, I was Marty McFly, jumping out of the DeLorean, shocked to discover that in the year 2025, we’re still patching appliance boxes. But here’s the kicker: everything has changed. Except the way we think about patching.
Read Post

Automated Baseline Enforcement with Falcon for IT

Apr 23, 2025 By CrowdStrike In CrowdStrike
CrowdStrike Falcon for IT automates baseline enforcement and remediation to eliminate the security gaps adversaries exploit. As devices drift from their original secure state—through unauthorized software, missing updates, or policy deviations—Falcon for IT uses real-time telemetry and Dynamic Targeting to surface misconfigurations and highlight non-compliant endpoints. With tools like Charlotte AI, osquery, and native scripting, teams gain instant visibility into deviations, apply targeted remediation at scale, and enforce standards without disrupting end users.
View Video
cyberark

The Cybersecurity Investment Most Organizations Are Failing to Secure

Apr 23, 2025 By Clarence Hinton In CyberArk
Welcome to the 2025 Identity Security Landscape rollout—and to the “it’s complicated” phase of our relationship with AI. Each year, CyberArk surveys security leaders across the globe to understand their top identity security concerns. This year, AI delivered the trifecta: attack weapon, defense tool and risk multiplier.
Read Post
centripetal

Security Bulletin: ClickFix and the New Era of Social Engineering

Apr 23, 2025 By Lauren Farrell In Centripetal
ClickFix is an emerging social engineering technique that has gained traction among both cybercriminals and APT groups due to its effectiveness and low barrier to execution. First observed around October 19, 2023, disguised as Cloudflare anti-bot protection, ClickFix deceives users into taking action to “fix” a non-existent issue, often through fake reCAPTCHA pages, spoofed software updates, or fraudulent security prompts.
Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.