Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

aikido

Aikido Attack finds multiple 0-days in Hoppscotch

Apr 8, 2026 By Robbe Verwilghen In Aikido
Hoppscotch is an open-source API development ecosystem, similar to Postman, with over 100,000 monthly users. Two weeks ago, we set up a self-hosted instance and ran our AI pentest agents against it. They found two high-severity vulnerabilities and one medium-severity vulnerability, all present in versions up to and including 2026.2.1, and all patched in 2026.3.0: All three were responsibly disclosed and have been resolved. Note: We accidentally grouped the XSS and an Access Control issue into one report.
Read Post
Snyk

Secure What Matters: Scaling Effortless Container Security for the AI Era

Apr 7, 2026 By Pratip Banerji In Snyk
In November, we shared our vision for the Future of Snyk Container, outlining a fundamental shift in how teams secure the modern container lifecycle. We promised a future where security doesn’t just “scan” but scales effortlessly with the speed of the AI-driven, agentic world. Today, we are thrilled to announce that we are moving from vision to reality.
Read Post
nucleus

You Can't Patch Your Supply Chain So Why Treat It Like a Vulnerability Problem?

Apr 7, 2026 By Doug Drew In Nucleus
For years, vulnerability management has followed a familiar pattern: discover assets, scan for CVEs, prioritize by severity, and remediate what you can. That model works, at least within the boundaries of systems you own. The problem is that most organizations no longer operate within those boundaries. Federal agencies especially depend on a complex ecosystem of SaaS platforms, software vendors, contractors, and open-source components.
Read Post
Arctic Wolf

CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS

Apr 6, 2026 By Andres Ramos In Arctic Wolf
On April 4, 2026, Fortinet released a hotfix for a critical vulnerability in FortiClient EMS (CVE-2026-35616) that allows unauthenticated remote threat actors to execute unauthorized code or commands via crafted requests. The flaw stems from improper access control in the API authentication. Fortinet has confirmed observing exploitation of CVE-2026-35616 in the wild. The vulnerability was responsibly disclosed by Defused, which had observed exploitation prior to Fortinet’s official disclosure.
Read Post

How Forward Helps You Respond to CISA Emergency Directive 26-03

Apr 6, 2026 By Forward Networks In Forward Networks
CISA issued Emergency Directive 26-03 in response to active exploitation of vulnerabilities in Cisco SD-WAN management systems, specifically Cisco Catalyst SD-WAN Manager and SD-WAN Controller platforms. The vulnerabilities include an authentication bypass flaw (CVE-2026-20127) that allows unauthenticated remote attackers to gain administrative privileges and manipulate network configuration, and a path traversal vulnerability (CVE-2022-20775) that enables local privilege escalation to root.
Read Post
How Minimal Container Images Are Reshaping the Fight Against CVE Exposure in Modern Cloud Environments

How Minimal Container Images Are Reshaping the Fight Against CVE Exposure in Modern Cloud Environments

Apr 6, 2026 By SecuritySenses In SecuritySenses
As the adoption of containers grows across Cloud infrastructure, Cybersecurity experts and DevSecOps leaders continue to deal with the persistent surge of publicly available software vulnerabilities. The National Vulnerability Database documented an alarming figure of 29,000 CVEs for 2023, and the numbers since then show no signs of slowing down. Research shows that the majority of production container images have known vulnerabilities. This article explores the relationship between container images and CVE vulnerabilities (exposure), the growing burden of compliance, and the target risk reduction of minimal-image strategies.
Read Post
cycognito

Emerging Threat: (CVE-2026-27876) Grafana Remote Code Execution via SQL Expressions

Apr 5, 2026 By Igal Zeifman In CyCognito
CVE-2026-27876 is an arbitrary file write vulnerability in Grafana's sqlExpressions feature that can be chained with a Grafana Enterprise plugin to achieve remote code execution (RCE) on the underlying host. The flaw exists because Grafana's SQL expressions feature permits writing arbitrary files to the server filesystem. An attacker can exploit this to overwrite a Sqlyze driver or write an AWS data source configuration file, ultimately obtaining an SSH connection to the Grafana host.
Read Post
cycognito

Emerging Threat: (CVE-2026-20093) Cisco IMC Authentication Bypass

Apr 5, 2026 By Igal Zeifman In CyCognito
CVE-2026-20093 is an authentication bypass vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC), caused by improper input validation (CWE-20) in how the IMC XML API processes password modification requests. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical). Exploitation is fully pre-authentication and requires no privileges and no user interaction.
Read Post
Snyk

You Patched LiteLLM, But Do You Know Your AI Blast Radius?

Apr 2, 2026 By Rudy Lai In Snyk
For a brief window, a widely used open source package in the AI ecosystem was compromised with credential-stealing malware. LiteLLM, a model gateway used to route requests to more than 100 LLM providers, has been downloaded millions of times per day. In that short window, the malicious versions were likely pulled tens of thousands of times before being caught.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.