Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

tanium

CVE202547813: Wing FTP Server vulnerability flagged by CISA

Mar 19, 2026 By Tanium In Tanium
CVE-2025-47813 is an information disclosure vulnerability in Wing FTP Server that reveals the application's full installation path when attackers send an oversized UID cookie value. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog in March 2026, indicating active exploitation in the wild.
Read Post
Arctic Wolf

CVE-2025-32975: Arctic Wolf Observes Exploitation of Quest KACE Systems Management Appliance

Mar 19, 2026 By Andres Ramos In Arctic Wolf
Starting the week of March 9, 2026, Arctic Wolf observed malicious activity in customer environments potentially linked to the exploitation of CVE-2025-32975 on unpatched Quest KACE Systems Management Appliance (SMA) instances that were publicly exposed to the internet. This vulnerability was patched in May 2025. Quest KACE SMA is an on-premises appliance for centralized endpoint management, providing inventory, software deployment, patching, and endpoint monitoring capabilities.
Read Post
Snyk

AI Is Building Your Attack Surface. Are You Testing It?

Mar 19, 2026 By Manoj Nair In Snyk
The market is flooded with claims. One vendor tops a leaderboard. Another raises nine figures on a pitch deck. Meanwhile, your developers shipped three AI-generated services before lunch. Here's the conversation the industry isn't having, and the one we've been building toward for years. There's a version of this conversation happening inside every Security team right now. Someone demos an AI coding assistant. The speed is undeniable and the team is in awe. Still cautious, sometimes skeptical.
Read Post
nucleus

Why More AI Doesn't Guarantee Better Vulnerability Management Outcomes

Mar 19, 2026 By Will Gorman In Nucleus
AI is everywhere in vulnerability management right now. Technology vendors in all areas are adding new features and making bold claims about revolutionary capabilities. But here's the reality, especially for vulnerability and exposure management: more AI doesn't automatically mean less risk. The gap between AI's promise and its practical impact in enterprise vulnerability management is wider than most organizations realize.
Read Post
cycognito

Emerging Threat: GNU Inetutils telnetd LINEMODE SLC Buffer Overflow (CVE-2026-32746)

Mar 19, 2026 By Igal Zeifman In CyCognito
CVE-2026-32746 is a critical out-of-bounds write in GNU Inetutils telnetd caused by insufficient bounds checking in the LINEMODE SLC (Set Local Characters) suboption handler. Public advisories attribute the issue to the add_slc logic not verifying whether the destination buffer is already full before writing additional data. The published CVSS v3.1 score is 9.8, with network attack vector, no required privileges, and no user interaction.
Read Post
seemplicity

The Unsung AI Hero: Data Normalization

Mar 18, 2026 By Megan Horner In Seemplicity
AI agents are only as effective as the data they consume. In this post, we explore the unsung hero of the security stack: data normalization. This process serves as the deterministic guardrail that makes AI grounding possible. Without a structured data foundation, grounding is only as good as the often chaotic data being retrieved, leading to confident but incorrect AI responses.
Read Post
Snyk

Securing the Agent Skills Registry: How Snyk and Tessl Are Setting the Standard

Mar 17, 2026 By Stephen Thoemmes In Snyk
Agent skills are becoming the building blocks of AI-native software development, giving coding agents structured, versioned context, like how to use your APIs, how to build in your codebase, and how to enforce your team's policies. Developers install them from registries the same way they install npm packages or Python libraries. But unlike npm or PyPI, the agent skills ecosystem is new.
Read Post
Snyk

I Read Cursor's Security Agent Prompts, So You Don't Have To

Mar 17, 2026 By Randall Degges In Snyk
Cursor's security team built four autonomous agents that review 3,000+ PRs per week, catch 200+ vulnerabilities, and open fix PRs automatically. The engineering is impressive, and the prompts are shockingly simple. But there's a meaningful gap between "LLM agents reviewing PRs" and "enterprise security program," and that gap is exactly where things get interesting.
Read Post
outpost 24

Why Evolving Cyber Threats Rely on Old Vulnerabilities

Mar 16, 2026 By Daniel Imber In Outpost 24
Credential abuse, exploitation of vulnerabilities, or phishing were the initial access vectors in 61% of breaches in 2025, according to Verizon’s 2025 Data Breach Investigation Report. While new threats present fresh challenges to security teams, reports like this highlight that cybercriminals still favor well-established attack methods and exploit familiar weaknesses.
Read Post

Lovable vs. Bolt - Vibe Code Challenge

Mar 16, 2026 By Snyk In Snyk
Which AI tool is better for building a real app without writing code, Bolt or Lovable? In this video, I put both AI app builders head-to-head using the exact same prompt to create a DIY home repair forum. From database setup to authentication, UI design, publishing, and security checks, we compare how each platform performs in real time. The goal isn’t just to generate something that looks like an app, it’s to see whether these tools can actually create something usable, functional, and potentially production-ready. We evaluate.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.