Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ionix

Exploited! Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747)

Mar 26, 2025 By Amit Sheps In IONIX
Recently, two critical security flaws were discovered in Kentico Xperience 13, a popular digital experience platform (CMS). Tracked as CVE-2025-2746 and CVE-2025-2747, these vulnerabilities allow unauthenticated attackers to bypass the Staging Sync Server’s authentication, potentially gaining administrative control over the CMS.
Read Post
knocknoc

Knocknoc Raises Seed Funding to Scale Its Just-In-Time Network Access Control Technology

Mar 19, 2025 By Knocknoc
Sydney-based cybersecurity software company Knocknoc has raised a seed round from US-based venture capital firm Decibel Partners with support from CoAct and SomethingReal. The funding will support go-to-market, new staff, customer onboarding and product development. The company has appointed Adam Pointon as Chief Executive Officer. "The opportunity here is limitless," Pointon said. "You'd be hard pressed to find an organisation that couldn't benefit in some way from using Knocknoc.".
Read Post

Spotlight on Technology: Mastering Attack Surface Management with Censys

Mar 19, 2025 By Razorthorn In Razorthorn
In our latest episode, join me, James Rees, for a chat with Nick Palmer from Censys about the critical importance of attack surface management. With 25 years of experience in the industry, Nick explains how today's threat landscape has evolved dramatically, with attackers now discovering vulnerabilities within hours rather than weeks. We explore the challenges of maintaining visibility across expanding digital footprints, particularly with cloud adoption creating new blind spots for security teams.
View Video
ionix

Exploited! Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)

Mar 12, 2025 By Amit Sheps In IONIX
Apache Tomcat recently disclosed a critical security vulnerability, CVE-2025-24813, affecting several versions of its widely used servlet container. This vulnerability arises from improper handling of path equivalence checks involving filenames with internal dots (file…txt). Exploitation could result in unauthorized information disclosure, file manipulation, and even remote code execution (RCE).
Read Post
sedara

How Sedara ASM Transforms Cybersecurity for Your Business

Mar 12, 2025 By Mohammed Hoque In Sedara
Cybersecurity has advanced beyond the reliance on firewalls and antivirus software. As cyber threats become more sophisticated and unpredictable, traditional security tools alone are no longer enough. Modern attacks exploit unknown, unmanaged, and overlooked assets, making Attack Surface Management (ASM) essential for a proactive and comprehensive defense.
Read Post
Arctic Wolf

What is Attack Surface Management?

Mar 11, 2025 By Arctic Wolf In Arctic Wolf
With the rise of hybrid work and software-as-a-service (SaaS) applications for core business functions, as well as the near ubiquity of the cloud, organizations’ attack surfaces are no longer easily defined. In many cases, they are rapidly expanding. This presents both new opportunities for threat actors and new challenges for security teams, giving rise to a new tactic for security posture improvement — attack surface management.
Read Post
bitsight

Prioritizing Critical Third-Party Assets to Protect Your Extended Attack Surface

Mar 4, 2025 By Amanda Ravanesi In BitSight
The enterprise attack surface now extends well beyond the network firewall. As a result, Third Party Risk Management Teams are increasingly becoming an extension of Security Operations Centers, responding in times of crisis to questions of who, what, and more urgently, how and when. The line between ‘their exposure’ and ‘our risk’ is almost non-existent. But bridging the gap between data and platforms can be challenging.
Read Post
ionix

Can Autonomous LLM Agents Exploit One Day Vulnerabilities?

Mar 3, 2025 By Fara Hain In IONIX
When generative AI first emerged, the cybersecurity community primarily focused on two promising benefits. However, a concerning “third angle” has now been demonstrated: AI as an attacker – powerful AI systems in the hands of malicious actors, autonomously exploiting vulnerabilities with minimal human guidance.
Read Post
cycognito

Dynamic IPs Are Breaking Security - Here's How to Fix It

Mar 3, 2025 By Shahar Agmon In CyCognito
Organizations rely on stable systems to run their operations. Unfortunately, the IP addresses representing these systems can change frequently. This is especially challenging for cybersecurity, where identifying and tracking assets by IP address is crucial. Dynamic IP management is the practice of identifying, tracking, and contextualizing systems that use dynamic IPs to ensure accurate visibility, reduce noise, and maintain a continuous security posture.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.