Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ep 4. ToolShell in the Wild: SharePoint Zero-Day CVE-2025-53770 Explained

Dec 5, 2025 By SafeBreach In SafeBreach
In this special episode, host Tova Dvorin sits down with SafeBreach experts Adrian Culley and Tomer Bar to unpack CVE-2025-53770 — a zero-day deserialization flaw in Microsoft SharePoint Server that enables unauthenticated remote code execution and long-term persistence. This isn’t theoretical. It’s actively exploited and tied to the evolving ToolShell attack chain. Here’s what you’ll hear in this episode.
View Video

Ep 2. FBI Advisory, Iranian Threats & Resilience

Dec 5, 2025 By SafeBreach In SafeBreach
The FBI, NSA, and CISA just issued a warning about Iranian state-backed actors, including the notorious Cyber Avengers, targeting US networks—especially OT, IoT, water, and aviation systems. These groups aren’t hacktivists—they’re highly skilled, sanctioned members of the IRGC. Key takeaways: Stay proactive: run simulations, remediate vulnerabilities, and lock the stable door before the horse bolts.
View Video

Ep 5. Interlock Ransomware: Don't Accept Code from Strangers

Dec 5, 2025 By SafeBreach In SafeBreach
In this episode of the SafeBreach Cyber Resilience Podcast, host Tova Dvorin and Adrian Culley dive deep into Interlock—one of today’s most aggressive ransomware operations. What you’ll learn: From hospitals to schools, no one’s immune—hear how Interlock is rewriting the ransomware playbook and what your team can do to stay resilient.
View Video

Ep 6. Storm-2603 & Warlock: Where Ransomware-as-a-Service Gets Real

Dec 5, 2025 By SafeBreach In SafeBreach
A new breed of ransomware is here — and it’s more dangerous than ever. In this episode of the Cyber Resilience Podcast, we unpack the chilling rise of Warlock ransomware, a campaign tied to Chinese threat actor Storm-2603. Discover how this group is combining nation-state tactics with ransomware-as-a-service operations, blurring the line between espionage and profit—and what it means for critical infrastructure defense.
View Video
nucleus

Automating SLAs in Risk-Based Vulnerability Management: Turning Deadlines into Results

Dec 5, 2025 By Aaron Attarzadeh In Nucleus
Many organizations set remediation SLAs, but static severity-based timelines and manual tracking prevent them from meeting those deadlines in a way that meaningfully reduces risk. This article outlines how automated, risk-based SLAs connect timelines to real exploitability, exposure, and asset value, turning deadlines into reliable, measurable outcomes. Key takeaways from this article.
Read Post
acronis

Why Acronis validation for Ignition is critical for OT resilience

Dec 5, 2025 By Lee Pender In Acronis
Technology failures are inevitable in operational technology (OT) environments. While prevention is essential, the ability to recover quickly is what ultimately protects operations. When OT systems fail, production stops and the costs of reduced production, missed deliveries and possible regulatory problems immediately begin to accumulate. Manufacturers, utilities and industrial operators need to be able to get systems up and running again as rapidly as possible after an incident.
Read Post
acronis

Dharma (CrySiS) Ransomware: Technical Analysis, Context and Mitigation

Dec 5, 2025 By Acronis In Acronis
Dharma, also known as CrySiS, is a long running ransomware family first observed in 2016. It operates as ransomware as a service, where developers lease the malware to affiliates who deploy it. A variant discovered in March 2021 appends the ".biden" extension to encrypted files. This article provides a technical analysis of Dharma, outlines its infection vector, describes its encryption workflow, and offers guidance for mitigation.
Read Post
WatchGuard

WatchGuard ThreatSync+ NDR Named Product of the Year by CRN 2025

Dec 5, 2025 By The Editor In WatchGuard
We’re thrilled to announce that WatchGuard ThreatSync+ NDR has been named Winner Overall – Security: Network in CRN’s 2025 Products of the Year. This honor highlights not only the strength of the solution itself, but also how it aligns with, and accelerates, the major innovations shaping network security this year.
Read Post
astra

API Security vs Application Security: What's the Difference & Best Practices 2026

Dec 5, 2025 By Suyash Jain In Astra
Over the past few years, APIs have quietly become the front door to your most critical data and workflows, flipping security ownership on its head. Accountability and ownership of both API and Application security have shifted from your central infra and network teams to product, platform, and engineering squads that ship new APIs every week, and well, sometimes every day. This is where CISOs and CTOs feel the tug strengthening from both sides.
Read Post
detectify

Security Update: Critical RCE in React Server Components & Next.js (CVE-2025-55182)

Dec 5, 2025 By Detectify In Detectify
A Critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-55182, has been discovered in Next.js applications utilizing React Server Components (RSC) and Server Actions. This vulnerability stems from insecure deserialization within the underlying “Flight” protocol used by React. Unauthenticated remote attackers can exploit this flaw to execute arbitrary code on the server, potentially leading to a complete compromise of the application and underlying system.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.