Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Why One-Time Vulnerability Scans Aren't Enough

Why One-Time Vulnerability Scans Aren't Enough

Jan 15, 2026 By SecuritySenses In SecuritySenses
A single vulnerability scan provides a tempting snapshot of security health. Too many companies rely on such periodic checks for compliance and some semblance of risk assessment. This, however, leads to an extremely dangerous illusion of security. Modern digital environments, as well as threat actors, move at speeds that are much too high for a static, point-in-time evaluation. Treating cybersecurity as an exercise in box-ticking leaves gaps that adversaries can use.
Read Post
jfrog

Dissecting and Exploiting CVE-2025-62507: Remote Code Execution in Redis

Jan 14, 2026 By Ori Hollander In JFrog
A recent stack buffer overflow vulnerability in Redis, assigned CVE-2025-62507, was fixed in version 8.3.2. The issue was published with a high severity rating and assigned a CVSS v3 score of 8.8. According to the official advisory, “a user can run the XACKDEL command with multiple IDs and trigger a stack buffer overflow, which may potentially lead to remote code execution”.
Read Post
Snyk

ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations

Jan 14, 2026 By Stephen Thoemmes In Snyk
The recent disclosure of what security researchers are calling "the most severe AI-driven vulnerability uncovered to date" in ServiceNow's platform serves as a stark reminder: securing agentic AI isn't just about new AI-specific controls; it requires getting the fundamentals right first.
Read Post

Intel Chat: Ni8mare CVSS 10.0, malicious AI extensions, Venezuela blackout & BlackCat insiders [281]

Jan 14, 2026 By LimaCharlie In LimaCharlie
A newly disclosed vulnerability in the workflow automation platform n8n, tracked as CVE-2026-21858 and rated CVSS 10.0, allows unauthenticated remote attackers to fully compromise exposed instances. Two malicious Chrome extensions impersonating a legitimate product from AITOPIA were found exfiltrating sensitive user data, including full AI chat histories, according to a report from OX Security. The recent U.S. military operation in Venezuela that led to the capture of President Nicolás Maduro may have included cyber operations, but official confirmation of cyber’s role remains ambiguous.
View Video

Exploit Intel & Detected Products - Tanium Comply - Tanium Tech Talks #153

Jan 14, 2026 By Tanium In Tanium
Cut through vulnerability noise! Learn how Tanium Comply’s new Exploit Intel, Endpoint Criticality, and Detected Products help you prioritize and remediate faster. What you’ll learn: Why CVSS alone isn’t enough How EPSS and exploit maturity change the game Dynamic criticality rules for business impact Detected Products for pinpoint remediation Visualize risk with the Exploitability Dashboard.
View Video
seal security

Announcing Our Partnership with Wiz: Seal Hardened Base Images Now Seamlessly Integrated in Wiz

Jan 13, 2026 By Itamar Sher In Seal Security
Security teams can now eliminate container vulnerabilities at the source without developer effort or version upgrades. At Seal Security, we believe vulnerability management should start with secure foundations.That’s why we’re excited to share that Seal’s pre-patched packages to harden base and secure images are now officially integrated in Wiz. This partnership brings together Wiz’s best-in-class cloud visibility with Seal’s remediation-first approach to container security.
Read Post
Arctic Wolf

CVE-2025-25249: Remote Code Execution Vulnerability in FortiOS and FortiSwitchManager

Jan 13, 2026 By Julian Tuin In Arctic Wolf
On January 13, 2026, Fortinet released an advisory describing a high-severity remote code execution vulnerability affecting its FortiOS and FortiSwitchManager products. According to Fortinet, the vulnerability stems from a flaw in the CAPWAP Wireless Aggregate Controller Daemon and could allow an unauthenticated, remote threat actor to execute arbitrary code or commands. The vulnerability was discovered internally by Fortinet’s Product Security Team.
Read Post
protecto

Sensitive Data Is the Common Thread Across Most OWASP Top 10 Issues. Here's Why

Jan 13, 2026 By Anwita In Protecto
The OWASP Top 10 is usually presented as a list of technical failures. Broken access control. Injection. Insecure design. Misconfiguration. Each category points to something that went wrong in the application. What it doesn’t say explicitly is what was actually at risk when it went wrong. In most real incidents, the answer is not “the application.” It’s the data inside it. Sensitive data is the reason attackers care about OWASP failures in the first place. Credentials.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.