Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

astra

Critical React2Shell RCE Hits React and Next.js (CVE-2025-55182 / CVE-2025-66478)

Dec 19, 2025 By Sanskriti Jain In Astra
React2Shell is a severe remote, unauthenticated RCE vulnerability recently uncovered in React Server Components (RSC) and the Next.js App Router — tracked as CVE-2025-55182, with CVE-2025-66478 later merged as a duplicate — that allows attackers to execute arbitrary code on servers by exploiting insecure Flight protocol deserialization (CWE-502), earning the flaw a maximum CVSS score of 10.0.
Read Post
wallarm

CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate

Dec 19, 2025 By Wallarm In Wallarm
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across multiple organizations, Lefteris brings a practitioner’s mindset to leadership and incident response.
Read Post
manageengine

Top tips: Secure your devices before you disconnect for the holidays

Dec 18, 2025 By Nandini Malhotra In ManageEngine
Top tips is a weekly column where we highlight what’s trending in the tech world and share ways to stay ahead. This week, as the holiday season rolls in and many of us finally take that much-needed break, let’s talk about something equally important: Stepping away from work safely. The holidays are all about resting–logging off and soaking in all the merry feelings. But to truly switch into that much-needed DND mode, it helps to secure your devices before you head out for the holidays.
Read Post

Is This Endgame? How Takedowns Are Reshaping eCrime

Dec 18, 2025 By CrowdStrike In CrowdStrike
In November 2025, a major public-private sector collaboration took down three significant malware networks. Operation Endgame involved law enforcement agencies from six EU countries, Australia, Canada, the U.K., and the U.S., along with Europol and 30 private sector partners, including CrowdStrike. The dismantled infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials.
View Video

Episode 4 - Staying Curious: Lessons from 25 Years in Cybersecurity

Dec 18, 2025 By Corelight In Corelight
In Episode 4 of Corelight Defenders, I sit down with Angela Loomis, Corelight's Director of Technical Account Management, to explore her remarkable 25-year journey in cybersecurity. Angela shares her unconventional entry into the field, starting from a background in television production to becoming a leader in security strategy. We delve into the importance of curiosity in cybersecurity, discussing how diverse experiences enrich the profession, and whether formal education might dampen that curiosity.
View Video
fidelis security

7 Must-Have Features in Your CNAPP Solution

Dec 18, 2025 By Fidelis Security In Fidelis Security
As organizations increasingly shift workloads, data, and applications to the cloud, the security landscape becomes more complicated. You’re no longer just managing a single environment, you’re managing dozens of services, containers, and APIs that are all interrelated and deployed across multiple clouds.
Read Post
levelblue

SASE in 2026: Why Convergence, Simplicity, and Zero Trust Require a More Technical Foundation

Dec 18, 2025 By Bindu Sundaresan In LevelBlue
In 2026, one theme will become impossible for security and infrastructure leaders to ignore. The architecture that once secured the enterprise no longer aligns with how the enterprise actually works. Users are everywhere. Applications are everywhere. Data is everywhere. Threats are everywhere. What is not everywhere is consistency.
Read Post
Tines

Turn Structured Data into Intelligent Action with Cribl and Tines

Dec 18, 2025 By Tines In Tines
IT and security teams are stuck between two bad options: over-automate on noisy, incomplete data and risk eroding trust, or avoid automation and drown in manual triage. With surging data volumes and increasingly complex stacks, both choices drive alert fatigue, longer MTTD/MTTR, and analyst burnout. Tines and Cribl offer an alternative vision.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.