Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cycognito

Emerging Threat: Apache Tomcat Vulnerability CVE-2025-55752

Nov 3, 2025 By Amit Sheps In CyCognito
CVE-2025-55752 is a path traversal vulnerability in Apache Tomcat. It comes from a regression introduced during a past bug fix. Because of this flaw, Tomcat normalizes URLs before decoding them, which lets attackers craft requests that bypass access controls and reach restricted directories like /WEB-INF/ and /META-INF/. In deployments where HTTP PUT is enabled, an attacker could upload files through this path and potentially gain remote code execution (RCE).
Read Post
detectify

The researcher's desk: CVE-2025-20362

Oct 31, 2025 By Detectify In Detectify
Welcome to The researcher’s desk – a content series where the Detectify security research team will conduct a technical autopsy on vulnerabilities that are particularly interesting, complex, or persistent. The goal here is not to report the latest research (for which you can refer to the Detectify release log); it is to take a closer look at certain vulnerabilities, regardless of their disclosure date, that still offer critical lessons.
Read Post

CVE-2025-59287: Critical WSUS Vulnerability Exploited in the Wild

Oct 31, 2025 By Indusface In Indusface
Microsoft disclosed CVE-2025-59287 , a critical, unauthenticated RCE in Windows Server Update Services (WSUS) that lets attackers execute SYSTEM-level code via unsafe deserialization. In this video we break down how the exploit works, which servers are at risk, and real-world attack activity observed after the PoC went public.
View Video
indusface

CVE-2025-59287: Critical WSUS Vulnerability Exploited in the Wild

Oct 30, 2025 By Aayush Vishnoi In Indusface
In October 2025, Microsoft disclosed a critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS), which enables unauthenticated attackers to gain full control over affected servers. WSUS is a central patch management tool in Windows environments, responsible for approving, distributing, and monitoring updates across corporate networks.
Read Post
seemplicity

Introducing Seemplicity's AI Agents for Exposure Management: A New Era of Action

Oct 30, 2025 By Megan Horner In Seemplicity
Security teams don’t struggle to find exposures – they struggle to fix them. The new Seemplicity AI Agents change that. Integrated into the Exposure Action Platform, they combine intelligence and automation to help teams move faster, stay aligned, and reduce risk. From clear findings and ownership mapping to guided fixes and executive insights, Seemplicity’s AI Agents make exposure management truly action-driven.
Read Post
Arctic Wolf

UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities

Oct 30, 2025 By Arctic Wolf Labs In Arctic Wolf
Threat Actor Name: UNC6384 Targeted Industries: Government, Diplomatic Services Geographic Focus: Hungary, Belgium, Serbia, Italy, Netherlands (broader European diplomatic community)
Read Post
nucleus

Understanding CVSS 4.0 and the Future of Vulnerability Scoring

Oct 30, 2025 By Corey Tomlinson In Nucleus
The Common Vulnerability Scoring System (CVSS) has been the industry’s go-to framework for assessing vulnerability severity for nearly two decades. It provides a standardized way to measure and communicate the technical impact of a vulnerability. As threat landscapes evolve and organizations mature in their vulnerability management practices, questions about its relevance and limitations persist. That even led to our co-founder, Scott Kuffer, writing a defense of the algorithm earlier this year.
Read Post

CVSS 4.0 and its Evolving Role in Vulnerability Management

Oct 30, 2025 By Nucleus Security In Nucleus
Adam Dudley, Nucleus VP of Strategy and Alliances, provides some background on the Common Vulnerability Scoring System (CVSS) version 4.0 in this Nucleus conversation. He discusses the improvements made in the new version, the evolving role of CVSS in vulnerability management, the limitations practitioners face, and the future of scoring systems in the context of emerging technologies like AI. The conversation emphasizes the importance of context and quality inputs in effectively utilizing CVSS for risk assessment.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.