Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

outpost 24

How to protect your site from subdomain takeover

Jan 2, 2025 By Marcus White In Outpost 24
Subdomain takeover is a serious risk for organizations with a large online presence (which is a lot of businesses in 2025!). A domain name is the starting point of your company’s online identity, encompassing the main and subsidiary websites—serving as the organization’s business card, storefront, and a central hub for commercial activities. For SaaS providers and tech solution vendors, domains also form a critical component of their product offerings.
Read Post
safebreach

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49113

Jan 1, 2025 By Or Yair In SafeBreach
SafeBreach Labs Researchers have developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows Lightweight Directory Access Protocol (LDAP) remote code execution vulnerability. Active Directory Domain Controllers (DCs) are considered to be one of the crown jewels in organizational computer networks. Vulnerabilities found in DCs are usually much more critical than those found in usual workstations.
Read Post
Snyk

New year, new security goals: Improve your AppSec in 2025

Jan 1, 2025 By Mariah Gresham In Snyk
As the clock ticks closer to 2025, we’re all trying to brainstorm goals and resolutions for the new year. But unlike the annual pledge to exercise more and eat fewer sweets around the holidays (whoops), application security is one area where nobody can afford to slip up. Let’s skip the procrastination phase and hit the ground running with some practical New Year’s resolutions that will help you step up your AppSec game.
Read Post
cycognito

Emerging Threat: Palo Alto PAN-OS CVE-2024-3393

Dec 31, 2024 By Emma Zaballos In CyCognito
CVE-2024-3393 is a high severity (CVSS v4.0 score 8.7) Denial of Service (DoS) vulnerability affecting specific versions of Palo Alto Networks PAN-OS DNS Security feature. This vulnerability allows unauthenticated attackers to send malicious packets through the data plane of the firewall. This forces the firewall to reboot. Repeated attempts can force the firewall into maintenance mode, requiring security teams to manually reset the firewall and significantly disrupting operations.
Read Post
squarex

SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach

Dec 30, 2024 By SquareX
SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store.
Read Post

A Simple Guide to Building a Discord Bot! (Part 3)

Dec 30, 2024 By Snyk In Snyk
This is the third video of our series 'How to Build a Discord Bot'. In this video, we will be focussing on data storage and setting up a database to store our Wordle results in. Stay tuned for the next video where we will be deploying the bot, which will be able to run 24/7! Each video will be published one week from the previous.
View Video
centripetal

Security Bulletin: Critical Remote Code Execution Vulnerability in Apache Struts [CVE-2024-53677]

Dec 30, 2024 By Lauren Farrell In Centripetal
A newly discovered critical vulnerability, CVE-2024-53677, in Apache Struts enables remote code execution (RCE) and is actively exploited in the wild using a publicly available Proof-of-Concept (PoC). Apache Struts is an open-source framework for building Java-based web applications. It helps developers create scalable software solutions, that powers everything from e-commerce websites to financial systems and government platforms.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.