Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On May 13, 2025, Fortinet published a security advisory on a critical severity stack-based overflow vulnerability, CVE-2025-32756, impacting FortiVoice, FortiCamera, FortiMail, FortiNDR, and FortiRecorder. The vulnerability allows remote unauthenticated threat actors to execute arbitrary code or commands via crafted HTTP requests. In the advisory Fortinet stated that the vulnerability has been exploited in the wild on FortiVoice.

Cyberthreats are evolving, and unpatched vulnerabilities remain one of the biggest security risks for organizations. According to IBM’s 2024 Cost of a Data Breach Report, organizations that fail to patch known vulnerabilities face an average loss of $4.45 million per incident. Cybercriminals actively exploit outdated firmware and misconfigurations in network devices, making network vulnerability scanners an essential security tool.

At RSAC 2025, Snyk focused on the future of cybersecurity, particularly the impact of generative AI on software security. We connected with key leaders and partners to advance this discussion and anticipate further progress in 2025.

Game development studios face enormous pressure to deliver immersive, high-performance experiences on a rigid schedule, all while ensuring that every release meets the highest standards for quality and security. For security teams, keeping up with fast-moving codebases, short release cycles, and a flood of vulnerabilities is no easy feat.

The Apache Software Foundation has disclosed a high-severity vulnerability in Apache Tomcat that could let attackers exploit improperly handled Priority headers in HTTP/2 to cause a denial of service (DoS). Tracked as CVE-2025-31650, this flaw stems from improper input validation, specifically when the server handles malformed Priority headers in HTTP/2, resulting in memory leaks and potential OutOfMemoryExceptions.

SysAid has patched a critical XML External Entity (XXE) flaw that lets unauthenticated attackers turn a routine /mdm check-in request into full administrator compromise—and, when chained with a newly disclosed command-injection bug, into remote code execution (RCE). The vulnerability, tracked as CVE-2025-2775, affects all SysAid On-Prem deployments up to 23.3.40 and is now fixed in 24.4.60.

Security teams don’t need more alerts, they need fewer bottlenecks. In most organizations, remediation still runs on manual effort: ticket chasing, asset tagging, SLA tracking, endless email threads. It’s slow, fragmented, and risky for each organization. According to Seemplicity’s 2025 Remediation Operations Report, 91% of organizations face remediation delays, with the top two most common causes being collaboration and communication challenges (31%) and manual processes (19%).

Digital Risk Protection (DRP) lets organizations proactively identify and mitigate external threats that emerge from their digital footprints. This can span public sources as well as deep and dark web channels. DRP is a key element of Outpost24’s external attack surface management (EASM) platform, so we’re pleased to announce two new integrations have been added: Social Media and Data Leakage. These new DRP modules will help cybersecurity teams to.