Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

CVE-2025-40602: SonicWall Releases Fix for SMA1000 Privilege Escalation Zero-Day Under Active Attack

Dec 17, 2025 By Andres Ramos In Arctic Wolf
On December 17, 2025, SonicWall released fixes for an actively exploited medium-severity zero-day vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC), tracked as CVE-2025-40602. The vulnerability allows local threat actors to escalate privileges due to insufficient authorization in the SMA1000 AMC and does not affect SSL VPN functionality on SonicWall firewalls.
Read Post

CVE-2025-10573: Stored XSS in Ivanti EPM

Dec 17, 2025 By Indusface In Indusface
A critical stored XSS vulnerability (CVE-2025-10573) in Ivanti Endpoint Manager lets attackers poison the admin dashboard with malicious scripts, leading to session hijacking and device compromise. AppTrana blocks these malicious scan submissions at the edge, preventing stored XSS payloads from ever reaching the EPM dashboard, even before patching.
View Video
indusface

React After React2Shell: New RSC Vulnerabilities Expose DoS and Source Code Risks

Dec 17, 2025 By Bhargavi Pallati In Indusface
The disclosure of React2Shell (CVE-2025-55182) triggered a rapid patching effort across the React and Next.js ecosystem. However, deeper inspection of React Server Components (RSC) in the aftermath revealed additional vulnerabilities in adjacent code paths. These vulnerabilities pose serious operational and security risks.
Read Post

How to mitigate CVE-2025-32433

Dec 17, 2025 By Fidelis Security In Fidelis Security
A critical Erlang SSH vulnerability (CVE-2025-32433), also known as Chainbreaker, allows attackers to exploit pre-auth SSH behavior for remote code execution. In this video, we break down exactly what security teams need to do — from immediate mitigation to long-term prevention. What you’ll learn in this video: How to mitigate CVE-2025-32433 by upgrading Erlang OTP (27.3.3 / 26.2.5.11 / 25.3.2.20)
View Video
THE FUTURE OF CYBERSECURITY: HOW AI AND MACHINE LEARNING ARE TRANSFORMING PENETRATION TESTING

The Future Of Cybersecurity: How AI And Machine Learning Are Transforming Penetration Testing

Dec 17, 2025 By SecuritySenses In SecuritySenses
In today's rapidly evolving digital landscape, the protection of sensitive information and critical infrastructure has become more paramount than ever. Traditional cybersecurity measures are increasingly being augmented with advanced technologies like Artificial Intelligence (AI) and Machine Learning (ML). These innovations are now transforming the realm of penetration testing, offering enhanced capabilities for identifying and mitigating vulnerabilities.
Read Post
levelblue

LevelBlue and Tenable Introduce Unlimited Enterprise-Grade Vulnerability Scanning in USM Platform at No Additional Cost

Dec 16, 2025 By LevelBlue In LevelBlue
LevelBlue is redefining what clients and partners can expect from a managed security provider. Through a new partnership with Tenable, a world-class leader in vulnerability management, LevelBlue is introducing unlimited, enterprise-grade vulnerability scanning for all clients and partners using the LevelBlue USM platform — included at no additional cost.
Read Post
coralogix

Mastering OWASP Detection: Enterprise Rules for AWS, Akamai, F5, and Cloudflare

Dec 16, 2025 By Bhim Singh and Vaibhav Tiwari In Coralogix
Application Security, WAF, and OWASP form an interconnected defense strategy for web applications. OWASP (Open Web Application Security Project) provides the framework for identifying critical vulnerabilities through resources like the OWASP Top 10, while WAFs act as the protective layer that detects and blocks attacks targeting these vulnerabilities in real-time.
Read Post

How to detect React2Shell attacks using network-based threat hunting

Dec 16, 2025 By Corelight In Corelight
How do you find React2Shell vulnerabilities or detect React2Shell attacks in real environments? In this video, Corelight cloud security researcher David Burkett walks through how to threat hunt React2Shell by focusing on post-exploitation behavior at the network level. Instead of relying on exploit signatures, the approach uses application baselining and network traffic analysis to identify abnormal behavior.
View Video
Snyk

Old AI Security vs Evo: Watch Agentic Security Replace Weeks of Manual Work

Dec 16, 2025 By Manoj Nair In Snyk
From intelligent chatbots to autonomous agents, innovation has never moved faster thanks to GenAI. But with the rate of velocity comes a massive new challenge: a class of complex, non-deterministic security risks that traditional cybersecurity methods are simply not equipped to handle. AI-native applications are already running in production. Across industries, teams are deploying copilots, RAG systems, autonomous agents, and AI-powered workflows faster than traditional security processes can keep up.
Read Post
seal security

How Seal Security Helps You Meet FedRAMP Vulnerability Detection and Response Standard

Dec 16, 2025 By Itamar Sher In Seal Security
Earlier this year, FedRAMP RFC-0012 signaled a coming shift in how cloud service providers (CSPs) working with the U.S. federal government are expected to handle vulnerabilities. It outlined plans to move FedRAMP away from simple CVSS-score thresholds and toward continuous, context-aware, exploitability-driven, and automation-first vulnerability management.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.