Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

squarex

Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33

Aug 28, 2025 By SquareX
It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over 15 billion accounts have been passkey-enabled, with 69% of users globally enabling passkeys in at least one account. The passkey promise is simple - eliminate passwords, eliminate vulnerabilities.
Read Post

Nx npm Malware Explained: AI Agent Hijacking

Aug 28, 2025 By Snyk In Snyk
Nx npm malware (Aug 2025): attackers published malicious Nx packages that weaponized AI coding agents (Claude Code, Gemini CLI, Amazon Q) via a postinstall script to inventory sensitive files and exfiltrate sensitive data to public GitHub repos named “s1ngularity-repository-*.” We break down what happened, affected versions, and how to check + respond (rotate credentials, hunt IoCs, and more). Resources.
View Video
Snyk

Weaponizing AI Coding Agents for Malware in the Nx Malicious Package Security Incident

Aug 27, 2025 By Liran Tal In Snyk
On August 26–27, 2025 (UTC), eight malicious Nx and Nx Powerpack releases were pushed to npm across two version lines and were live for ~5 hours 20 minutes before removal. The attack also impacts the Nx Console VS Code extension.
Read Post
ionix

CVE-2025-7775: Memory Overflow Vulnerability in Citrix NetScaler ADC and Gateway

Aug 27, 2025 By Tal Zamir In IONIX
On August 26th, 2025, Citrix patched CVE‑2025‑7775, a memory overflow vulnerability in NetScaler ADC and Gateway appliances that allows unauthenticated remote code execution (RCE) and/or denial-of-service. This threat is confirmed to be actively exploited in the wild. Citrix strongly emphasized that no mitigations exist aside from applying the patch immediately.
Read Post

Intel Chat: Apache ActiveMQ, Elastic EDR vulnerability, kernel-level EDR killers & PipeMagic [241]

Aug 26, 2025 By LimaCharlie In LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
View Video
1Password

Clickjacking: What it means for 1Password users

Aug 26, 2025 By Jacob DePriest In 1Password
This blog details how 1Password has addressed clickjacking in the latest version of our browser extension (version 8.11.7). We have no indication that this class of vulnerability directly puts 1Password’s systems at risk. Clickjacking is a technique where a malicious or compromised webpage visually disguises or overlays elements of a page or browser extension, like the autofill menu, so that a user unintentionally clicks on them.
Read Post

Black Hat 2025 - From Chaos to Control - How Bank Of Hope Achieved Zero Critical Vulnerabilities

Aug 26, 2025 By Nucleus Security In Nucleus
At Black Hat 2025, Nucleus Security and Bank of Hope shared how a small but determined security team transformed its vulnerability management program into a risk-driven, automated operation.
View Video
Arctic Wolf

CVE-2025-7775: Critical Citrix NetScaler Zero-Day RCE Exploited to Drop Webshells

Aug 26, 2025 By Andres Ramos In Arctic Wolf
On August 26, 2025, Citrix released fixes for a critical vulnerability in Citrix NetScaler ADC and Gateway (CVE-2025-7775) that has been exploited on unpatched appliances. The issue stems from a memory overflow flaw that could allow Remote Code Execution (RCE) and/or Denial of Service (DoS) by remote threat actors.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.