Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI on the Radar: Securing AI Driven Development

Mar 2, 2026 By Snyk In Snyk
Join Vandana and Rob in this insightful webinar exploring the rapidly evolving landscape of AI security. As we shift from simple query-response models to complex autonomous agents that can plan, execute code, and access sensitive APIs, the traditional security "locks" are no longer sufficient. This session dives deep into the OWASP AI Exchange, a community-driven initiative providing practical guidance and technical controls for securing AI systems.
View Video
Arctic Wolf

CVE-2026-27825: Critical Unauthenticated RCE and SSRF in mcp-atlassian

Feb 28, 2026 By Julian Tuin In Arctic Wolf
On February 24, 2026, sooperset, the mcp-atlassian project maintainer, released fixes for a critical vulnerability in mcp-atlassian, tracked as CVE-2026-27825. The flaw arises from missing directory confinement and inadequate path traversal validation in the Confluence attachment download tools which could allow a remote (network-adjacent), unauthenticated threat actor to write files to arbitrary paths, enabling local privilege escalation and remote code execution.
Read Post

React2Shell (CVSS 10.0): Patch React & Next.js NOW | Unauth RCE Explained

Feb 27, 2026 By Sysdig In Sysdig
A maximum-severity vulnerability is hitting React Server Components - and if you're running Next.js, you may be vulnerable by default. React disclosed CVE-2025-55182, nicknamed React2Shell, an unauthenticated remote code execution (CVSS 10.0) affecting React Server Components via the Flight protocol. Next.js tracks downstream exposure as CVE-2025-66478: That means internet-wide scanning is likely. Who’s affected?
View Video
foresiet

CVE-2026-20127: In-Depth Analysis of the Cisco Catalyst SD-WAN Authentication Bypass Vulnerability

Feb 27, 2026 By foresiet In Foresiet
Software-defined networking (SD-WAN) has transformed enterprise infrastructure, enabling dynamic connectivity between sites with centralized management and control. But when the control plane itself becomes vulnerable, network integrity is no longer a given.
Read Post
cycognito

Emerging Threat: Cisco Catalyst SD-WAN Authentication Bypass (CVE-2026-20127)

Feb 26, 2026 By Amit Sheps In CyCognito
CVE-2026-20127 is a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (vSmart) and Cisco Catalyst SD-WAN Manager (vManage). The flaw stems from improper validation within the control plane and management plane authentication mechanisms, allowing a remote, unauthenticated attacker to submit crafted requests that bypass standard authentication controls. Successful exploitation results in access to the system as a high-privileged internal user account.
Read Post
Arctic Wolf

CVE-2026-20127: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Feb 26, 2026 By Julian Tuin In Arctic Wolf
On February 25, 2026, Cisco released fixes for a maximum severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage), tracked as CVE-2026-20127. The flaw arises from a broken peering authentication mechanism in the control-plane authentication workflow. This vulnerability potentially allows a remote, unauthenticated threat actor to bypass authentication and obtain administrative privileges on an affected system.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.