Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Golden Image Configuration with Falcon Exposure Management

Apr 19, 2025 By CrowdStrike In CrowdStrike
When configuration drift creeps in, it can lead to inconsistent environments, audit delays, and security gaps. With Golden Image in Falcon Exposure Management, teams can quickly establish a secure baseline and replicate it across the organization. This demo walks through how to set up a policy, assign a rule group, and use a template image to automatically pre-configure benchmark settings. You’ll see how easy it is to detect misconfigurations, fine-tune rules to match your standards, and stay ahead of compliance requirements.
View Video
knowbe4

Powering Down Vulnerability: Securing the Energy Sector's Supply Chain

Apr 18, 2025 By Javvad Malik In KnowBe4
The energy sector stands as a critical pillar of our society. From the electricity powering our homes to the fuel driving our industries, reliable energy is essential. However, the very interconnectedness that makes the energy sector so vital also exposes it to significant vulnerabilities, particularly within its supply chain. The Interconnected Web of Energy The energy sector is a complex web of systems, stretching far beyond power plants and wind farms.
Read Post
Arctic Wolf

Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035

Apr 17, 2025 By Andres Ramos In Arctic Wolf
On April 15, 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances. In an updated security advisory for the vulnerability, SonicWall indicated on April 15, 2025 that the vulnerability was being exploited in the wild. The vulnerability was added to CISA’s known exploited vulnerabilities (KEV) catalog the following day.
Read Post
centripetal

Security Bulletin: Critical Apache Roller Vulnerability Enables Unauthorized Session Persistence

Apr 17, 2025 By Lauren Farrell In Centripetal
CVE-2025-24859 is a critical security vulnerability in Apache Roller, a Java-based web application used for blogging and content management, that allows unauthorized session reuse due to insufficient session expiration after a user’s password is changed. Notably, the application fails to invalidate active user sessions upon password modification, irrespective of whether the change is initiated by the user or an administrative entity.
Read Post
squarex

SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions

Apr 16, 2025 By SquareX
SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled "Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out", the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by exploiting architectural vulnerabilities in the browser.
Read Post
Snyk

Snyk's Statement on the MITRE CVEs Program Funding Update

Apr 16, 2025 By Danny Allan In Snyk
Over the past several days, the cybersecurity community has watched closely as uncertainty swirled around the future of the MITRE-run CVE (Common Vulnerabilities and Exposures) program following a letter to its board of directors that its federal funding could abruptly end. As of this blog posting, news outlets like Reuters are reporting that a last-minute extension has been granted, providing temporary relief.
Read Post
ionix

The CVE Program Is on Life Support - and So Is Our Outdated Approach to Vulnerability Management

Apr 16, 2025 By Marc Gaffan In IONIX
The cybersecurity community is facing a seismic shift. MITRE’s announcement that its contract to operate the Common Vulnerabilities and Exposures (CVE) program will expire on April 16, 2025, without a clear renewal plan, has sent shockwaves through the industry. This development threatens to dismantle a cornerstone of global cybersecurity coordination.
Read Post
outpost 24

Responsible vulnerability disclosure: Why it matters

Apr 16, 2025 By Marcus White In Outpost 24
The concept of responsible disclosure is a simple one. If you find a vulnerability, you let the affected organization or software vendor know before making the information public. This gives them time to patch the vulnerability before it can be exploited. It also helps maintain trust and fosters a collaborative environment between security researchers and companies. As a cybersecurity vendor, do we want our researchers to be credited when they discover vulnerabilities? Of course.
Read Post
mend

Vector and Embedding Weaknesses in AI Systems

Apr 16, 2025 By Bar-El Tayouri In Mend
AI security threats are evolving at roughly the same speed that AI itself is: extremely fast. One of the most recent—and least understood—vulnerabilities involves vector and embedding weaknesses. These issues have gained attention with their addition to the OWASP Top 10 for LLMs, and the risks are becoming more urgent as Retrieval-Augmented Generation (RAG) continues to dominate enterprise AI adoption.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.