Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Jan 23, 2025 By Julian Tuin In Arctic Wolf
On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.
Read Post
Snyk

Reviving DevSecOps: How Snyk's new framework builds trust and collaboration

Jan 23, 2025 By Ben Desjardins In Snyk
It’s been over a decade since DevSecOps was introduced as a transformative approach to software development, but adoption remains uneven. Despite its promise of seamless integration between development, security, and operations, only 38% of organizations report fully automating the addition of new projects, branches, or repositories into their security testing queues.
Read Post
Featured Post
ThreatQuotient

Taking a Threat Adapted Approach to Vulnerability Management

Jan 22, 2025 By Chris Jacob, VP and Will Baxter, Security Engineer In ThreatQuotient
As cyber threats continue to grow in complexity and frequency, vulnerability management requires more than just patching systems; it demands a dynamic, threat-adapted approach. As part of Cyber Rhino Threat Week (9-13th of December 2024) which aimed to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem, we held a session that explored how integrating Threat Intelligence into Vulnerability Management can transform the way organisations prioritise and respond to risks.
Read Post
nucleus

Stop Demonizing CVSS: Fix the Real Problem

Jan 22, 2025 By Scott Kuffer In Nucleus
If you read the newest risk-based vulnerability management literature, it appears we have a new favorite punching bag: the Common Vulnerability Scoring System (CVSS). You seemingly can’t throw a rock into the “vuln-o-sphere” without hitting someone dunking on CVSS or the National Vulnerability Database (NVD). The argument goes something like this: “Exploitation rates are up, ransomware is surging, and vulnerabilities are multiplying like rabbits.
Read Post
Snyk

Understanding the EU's Cyber Resilience Act (CRA)

Jan 22, 2025 By Ben Desjardins In Snyk
The Cyber Resilience Act (CRA) introduces a much-needed framework for standardizing the cybersecurity practices of companies operating in the European Union (EU). The regulation sets clear expectations for hardware and software manufacturers, developers, and distributors, outlining how they should manage and address vulnerabilities at every stage of the product lifecycle.
Read Post
Pentest People

How Vulnerability Assessments Help Identify and Address Security Weaknesses

Jan 21, 2025 By Kate Watson In Pentest People
A vulnerability assessment systematically evaluates the security of an organisation’s IT infrastructure, aiming to uncover potential flaws. This process not only identifies weaknesses but also provides a roadmap for addressing these vulnerabilities before they are exploited by malicious actors. Through a series of structured steps, including identification, classification, analysis, and remediation, organisations can significantly enhance their cyber security posture.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.