Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations

Jan 14, 2026 By Stephen Thoemmes In Snyk
The recent disclosure of what security researchers are calling "the most severe AI-driven vulnerability uncovered to date" in ServiceNow's platform serves as a stark reminder: securing agentic AI isn't just about new AI-specific controls; it requires getting the fundamentals right first.
Read Post

Intel Chat: Ni8mare CVSS 10.0, malicious AI extensions, Venezuela blackout & BlackCat insiders [281]

Jan 14, 2026 By LimaCharlie In LimaCharlie
A newly disclosed vulnerability in the workflow automation platform n8n, tracked as CVE-2026-21858 and rated CVSS 10.0, allows unauthenticated remote attackers to fully compromise exposed instances. Two malicious Chrome extensions impersonating a legitimate product from AITOPIA were found exfiltrating sensitive user data, including full AI chat histories, according to a report from OX Security. The recent U.S. military operation in Venezuela that led to the capture of President Nicolás Maduro may have included cyber operations, but official confirmation of cyber’s role remains ambiguous.
View Video
seal security

Announcing Our Partnership with Wiz: Seal Hardened Base Images Now Seamlessly Integrated in Wiz

Jan 13, 2026 By Itamar Sher In Seal Security
Security teams can now eliminate container vulnerabilities at the source without developer effort or version upgrades. At Seal Security, we believe vulnerability management should start with secure foundations.That’s why we’re excited to share that Seal’s pre-patched packages to harden base and secure images are now officially integrated in Wiz. This partnership brings together Wiz’s best-in-class cloud visibility with Seal’s remediation-first approach to container security.
Read Post
Arctic Wolf

CVE-2025-25249: Remote Code Execution Vulnerability in FortiOS and FortiSwitchManager

Jan 13, 2026 By Julian Tuin In Arctic Wolf
On January 13, 2026, Fortinet released an advisory describing a high-severity remote code execution vulnerability affecting its FortiOS and FortiSwitchManager products. According to Fortinet, the vulnerability stems from a flaw in the CAPWAP Wireless Aggregate Controller Daemon and could allow an unauthenticated, remote threat actor to execute arbitrary code or commands. The vulnerability was discovered internally by Fortinet’s Product Security Team.
Read Post
protecto

Sensitive Data Is the Common Thread Across Most OWASP Top 10 Issues. Here's Why

Jan 13, 2026 By Anwita In Protecto
The OWASP Top 10 is usually presented as a list of technical failures. Broken access control. Injection. Insecure design. Misconfiguration. Each category points to something that went wrong in the application. What it doesn’t say explicitly is what was actually at risk when it went wrong. In most real incidents, the answer is not “the application.” It’s the data inside it. Sensitive data is the reason attackers care about OWASP failures in the first place. Credentials.
Read Post
Arctic Wolf

CVE-2025-69258: Trend Micro Apex Central Remote Code Execution Vulnerability

Jan 12, 2026 By Julian Tuin In Arctic Wolf
On January 7, 2026, Trend Micro released a critical patch for Apex Central on-premises versions below Build 7190, addressing multiple vulnerabilities. The most severe of the vulnerabilities disclosed is CVE-2025-69258, a critical severity vulnerability, which allows unauthenticated threat actors to load malicious DLLs and execute arbitrary code as SYSTEM without user interaction. The advisory also includes two medium-severity denial-of-service vulnerabilities, CVE-2025-69259 and CVE-2025-69260.
Read Post

A New Era for AI Coding? GPT 5.2 vs. Security Vulnerabilities

Jan 12, 2026 By Snyk In Snyk
Can OpenAI’s GPT 5.2 actually build a production-ready, secure application from a single prompt? In this video, we put the latest model to the test by asking it to build a full-stack Node.js note-taking app. We evaluate its dependency choices, dive into a surprising fix for a long-standing CSRF vulnerability, and run a full security audit using Snyk. Is this the new gold standard for AI coding models?
View Video
sentrium

Critical jsPDF Vulnerability Enables Arbitrary File Read in Node.js (CVE-2025-68428)

Jan 12, 2026 By Theklis Stefani In Sentrium
In January 2026, a critical security vulnerability was disclosed in jsPDF, a popular JavaScript library used to generate PDF documents. The issue, tracked as CVE-2025-68428, affects server-side Node.js deployments of jsPDF prior to version 4.0.0 and has been assigned a CVSS score of 9.2. The vulnerability is a path traversal issue that can be abused to read arbitrary files from the local filesystem.
Read Post
Arctic Wolf

CVE-2026-21858: Critical Unauthenticated File Access Vulnerability in n8n "Ni8mare"

Jan 9, 2026 By Andres Ramos In Arctic Wolf
On January 7, 2026, fixes were released for a maximum severity vulnerability (CVE-2026-21858) impacting n8n, a workflow automation application primarily used with artificial intelligence. Labeled “Ni8mare” by the researchers who discovered it, the vulnerability allows unauthenticated remote threat actors to take over locally deployed instances via publicly accessible webhook and form endpoints.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.