Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

indusface

CVE-2017-12637: Exploitation of SAP NetWeaver Directory Traversal Vulnerability

Mar 31, 2025 By Deepak Kumar Choudhary In Indusface
On March 19, 2025, the CISA issued a warning about the active exploitation of CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver AS Java. This vulnerability, originally patched in 2017, has resurfaced due to incomplete mitigations, leading to increased risks for organizations using outdated or misconfigured SAP environments.
Read Post
seemplicity

Why Vulnerability Management Is AI's Biggest Untapped Opportunity

Mar 31, 2025 By Kevin Swan In Seemplicity
The security industry has reached a turning point with AI. It’s no longer just hype, as AI has now become a critical part of day-to-day cybersecurity operations. According to The Rise of AI-Powered Vulnerability Management, the latest report from Seemplicity and Dark Reading, 86% of security teams now use some form of AI in their security stack. More than half of respondents say AI is already crucial to their work.
Read Post
wallarm

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Mar 31, 2025 By Wallarm In Wallarm
Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication (BOLA) and broken function-level authentication (BFLA), remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of current security tools, and the implications for businesses relying on API-driven applications. It will also discuss potential approaches for improving API security posture.
Read Post

Securing AI: How Mend.io & OWASP Are Making AI Safer for Enterprises #securitymanagement #shorts

Mar 29, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
squarex

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

Mar 28, 2025 By SquareX
From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates that corporations spend nearly $1 billion dollars on ransom each year, but the greater cost often comes from the reputational damage and operational disruption caused by the attack.
Read Post
CrowdStrike

Kubernetes IngressNightmare Vulnerabilities: What You Need to Know

Mar 28, 2025 By CrowdStrike Engineering In CrowdStrike
We would like to recognize Amit Serper, Travis Lowe, Tony Gore, Adrian Godoy, Mihai Vasilescu, Suraj Sahu, Pablo Ramos, Raj Jammalamadaka, Lacie Griffin, and Josh Grunzweig for their contributions in authoring this publication. CrowdStrike is committed to protecting our customers from the latest disclosed vulnerabilities. We are actively monitoring activity surrounding “IngressNightmare,” the name given to recently identified vulnerabilities in the Kubernetes (K8s) ingress-nginx controller.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.