Corelight

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Dec 6, 2025 By David Burkett In Corelight
Critical vulnerabilities in React Server Components (CVE-2025-55182) and Next.js (CVE-2025-66478) enable unauthenticated remote code execution in default configurations. The flaw resides in the "Flight" protocol used for server-side rendering, making it a sought after target for adversaries looking to bypass standard controls. While the public discourse is currently cluttered with unreliable exploits, we need to ground our defense in verifiable network evidence.
Read Post

Ep 6. Storm-2603 & Warlock: Where Ransomware-as-a-Service Gets Real

Dec 5, 2025 By SafeBreach In SafeBreach
A new breed of ransomware is here — and it’s more dangerous than ever. In this episode of the Cyber Resilience Podcast, we unpack the chilling rise of Warlock ransomware, a campaign tied to Chinese threat actor Storm-2603. Discover how this group is combining nation-state tactics with ransomware-as-a-service operations, blurring the line between espionage and profit—and what it means for critical infrastructure defense.
View Video
acronis

Why Acronis validation for Ignition is critical for OT resilience

Dec 5, 2025 By Lee Pender In Acronis
Technology failures are inevitable in operational technology (OT) environments. While prevention is essential, the ability to recover quickly is what ultimately protects operations. When OT systems fail, production stops and the costs of reduced production, missed deliveries and possible regulatory problems immediately begin to accumulate. Manufacturers, utilities and industrial operators need to be able to get systems up and running again as rapidly as possible after an incident.
Read Post

Ep 5. Interlock Ransomware: Don't Accept Code from Strangers

Dec 5, 2025 By SafeBreach In SafeBreach
In this episode of the SafeBreach Cyber Resilience Podcast, host Tova Dvorin and Adrian Culley dive deep into Interlock—one of today’s most aggressive ransomware operations. What you’ll learn: From hospitals to schools, no one’s immune—hear how Interlock is rewriting the ransomware playbook and what your team can do to stay resilient.
View Video

Head of Public Policy Mike Centrella talks CISA Shutdown Updates - Nov. 13, 2025

Dec 5, 2025 By SecurityScorecard In SecurityScorecard
News alert: With the government shutdown coming to an end, the continuing resolution includes the extension of CISA 2015 (Cybersecurity Information Sharing Act). However, sustained information sharing isn't optional, it's crucial for national resilience and security. A reinstitution of CISA 2015 for the coming weeks is just the beginning. "Timely, trusted threat intelligence sharing is foundational to both national security and private sector resilience.".
View Video
nucleus

Automating SLAs in Risk-Based Vulnerability Management: Turning Deadlines into Results

Dec 5, 2025 By Aaron Attarzadeh In Nucleus
Many organizations set remediation SLAs, but static severity-based timelines and manual tracking prevent them from meeting those deadlines in a way that meaningfully reduces risk. This article outlines how automated, risk-based SLAs connect timelines to real exploitability, exposure, and asset value, turning deadlines into reliable, measurable outcomes. Key takeaways from this article.
Read Post

Ep 2. FBI Advisory, Iranian Threats & Resilience

Dec 5, 2025 By SafeBreach In SafeBreach
The FBI, NSA, and CISA just issued a warning about Iranian state-backed actors, including the notorious Cyber Avengers, targeting US networks—especially OT, IoT, water, and aviation systems. These groups aren’t hacktivists—they’re highly skilled, sanctioned members of the IRGC. Key takeaways: Stay proactive: run simulations, remediate vulnerabilities, and lock the stable door before the horse bolts.
View Video

Ep 4. ToolShell in the Wild: SharePoint Zero-Day CVE-2025-53770 Explained

Dec 5, 2025 By SafeBreach In SafeBreach
In this special episode, host Tova Dvorin sits down with SafeBreach experts Adrian Culley and Tomer Bar to unpack CVE-2025-53770 — a zero-day deserialization flaw in Microsoft SharePoint Server that enables unauthenticated remote code execution and long-term persistence. This isn’t theoretical. It’s actively exploited and tied to the evolving ToolShell attack chain. Here’s what you’ll hear in this episode.
View Video
miniorange

Automating Access Governance in Jira Service Management: A Complete Guide

Dec 5, 2025 By Pallavi Narang In miniOrange
As organizations grow, so does the complexity of managing who has access to which apps and systems. For Atlassian teams, Jira and Jira Service Management (JSM) often serve as the central hub for operational workflows, yet access governance is still handled through scattered emails, manual approvals, or outdated processes. Access governance, simply put, is the system of ensuring that the right individuals receive the correct level of access at the right time.
Read Post
acronis

Another Acronis award in 2025: Info-Tech SoftwareReviews Emotional Footprint Award for EDR

Dec 5, 2025 By Lee Pender In Acronis
Acronis once again received recognition from Info-Tech SoftwareReviews, this time in the form of an Emotional Footprint Award for extended detection and response (EDR). The latest accolade highlights Acronis’ growing leadership in cybersecurity and its dedication to delivering solutions that managed service providers (MSPs) love.
Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.