Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

nucleus

Nucleus Momentum Validated Across Three Industry Analyst Reports

Sep 11, 2025 By Tamir Hardof In Nucleus
It’s one thing for us to say Nucleus is changing how enterprises address vulnerability and exposure management. It’s another when three different analyst firms all say it, and at the same time. In recent weeks, Forrester, IDC, and GigaOm each published their latest market evaluations, recognizing Nucleus in all three. That’s rare validation in a market where many vendors don’t even make the cut for inclusion.
Read Post
CalCom

New SMB Vulnerability opens door to privilege escalation

Sep 11, 2025 By Roy Ludmir In CalCom
On September 9, 2025, Microsoft released details of CVE-2025-55234, a critical vulnerability in the Windows Server Message Block (SMB) protocol. With a CVSS v3 score of 8.8, it’s classified as High severity and poses a serious elevation-of-privilege (EoP) risk. An attacker exploiting this flaw could launch a relay attack, allowing them to gain the privileges of a legitimate user without elevated permissions or insider access.
Read Post
Arctic Wolf

CVE202554236: Critical Adobe Commerce and Magento Open Source Flaw Allows Customer Account Takeover and RCE

Sep 10, 2025 By Andres Ramos In Arctic Wolf
On September 9, 2025, Adobe released an out-of-band security update to address a critical vulnerability in Adobe Commerce and Magento Open Source. The vulnerability, tracked as CVE-2025-54236 and referred to in open-source reporting as “SessionReaper,” allows a remote unauthenticated threat actor to take over customer accounts through the Commerce REST API.
Read Post
detectify

Product comparison: Detectify vs. Intruder

Sep 10, 2025 By Detectify In Detectify
Intruder is a cloud-based vulnerability scanner that provides an automated overview of an organization’s attack surface. Its primary function is to proactively identify weaknesses across internet-facing infrastructure and applications before they are exploited. The platform’s scanning engine runs a set of checks for both infrastructure-level misconfigurations and application-layer vulnerabilities, like those in the OWASP Top 10. It leverages open-source engines like ZAP to execute its checks.
Read Post

When Secure Isn't Safe Uncovering OWASP Top 10 Business Logic Abuse

Sep 10, 2025 By Wallarm In Wallarm
The OWASP Top 10 for Business Logic Abuse reveals the most critical ways attackers exploit the design of your applications, not just their code. Business logic abuse isn’t about SQL injection or XSS, it's about bypassing the rules, manipulating workflows, and triggering unintended behaviors in ways your functional tests never anticipated. Why this Matters? Attackers are shifting from exploiting code flaws to abusing the intended functionality of your applications.These logic-level threats are particularly dangerous because they.
View Video
Featured Post
Machines, the Silent Threat Lurking Inside the Enterprise

Machines, the Silent Threat Lurking Inside the Enterprise

Sep 9, 2025 By Brian Ramsey, VP Americas - Sales In Xalient
The digital enterprise is no longer primarily made up of individuals' identities. According to Gartner, over 60% of all identities in a typical organization are non-human. These Non-Human Identities (NHIs) are digital identities assigned to software, services, applications, containers, or devices that require access to systems and data. Unlike human identities, NHIs operate autonomously, at scale, and often with high privilege. This makes them essential for modern automation and uniquely vulnerable to misuse.
Read Post
bitsight

Patch vs. Workaround: How CVEs Actually Get Fixed

Sep 9, 2025 By Diogo Ferreira In BitSight
In order to collect various security-related metrics, Bitsight scans the entire internet, collecting a unique set of data that enables us to carry out a variety of studies that would be extremely difficult for any other company to conduct. One of the metrics that we collect is related to the presence of certain vulnerabilities. For this, we need to take into consideration all possible mitigation strategies that are available and that allow us to reduce the risk.
Read Post
elastic

Guide to the OWASP Top 10 for LLMs: Vulnerability mitigation with Elastic

Sep 9, 2025 By Rich Cabrera In Elastic
Industries, governments, and enterprises of all kinds have adopted large language models (LLMs) and generative AI (GenAI) into their operations and workflows, unlocking new possibilities for everything from customer interaction to complex data analysis. But with this innovation comes new challenges for security, observability, and data science teams.
Read Post
Arctic Wolf

CVE-2025-42944: Maximum-Severity OS Command Execution Vulnerability in SAP NetWeaver

Sep 9, 2025 By Andres Ramos In Arctic Wolf
On September 9, 2025, SAP released its September 2025 Security Patch Day update with patches for 21 vulnerabilities. The most severe of these, CVE-2025-42944, is a maximum-severity deserialization vulnerability of untrusted Java objects in SAP NetWeaver that resides in the RMI-RP4 module. A remote unauthenticated threat actor can exploit this vulnerability by submitting a malicious payload to an open port to achieve arbitrary OS command execution.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.