Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

Arctic Wolf

CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Jan 23, 2025 By Julian Tuin In Arctic Wolf
On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.
Read Post
securitysenses

AI-Powered Attacks Surge: 1,025% Jump in Vulnerabilities, 99% are API related

Jan 23, 2025 By SecuritySenses In SecuritySenses
Wallarm's 2025 API ThreatStats Report offers a sweeping look at how AI deployments drive a surge in security risks. In 2024, Wallarm researchers discovered 439 AI-related CVEs-up an astonishing 1,025% from the prior year. Nearly all these flaws, 99%, point back to insecure or mismanaged APIs.
Read Post
Featured Post
ThreatQuotient

Taking a Threat Adapted Approach to Vulnerability Management

Jan 22, 2025 By Chris Jacob, VP and Will Baxter, Security Engineer In ThreatQuotient
As cyber threats continue to grow in complexity and frequency, vulnerability management requires more than just patching systems; it demands a dynamic, threat-adapted approach. As part of Cyber Rhino Threat Week (9-13th of December 2024) which aimed to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem, we held a session that explored how integrating Threat Intelligence into Vulnerability Management can transform the way organisations prioritise and respond to risks.
Read Post
nucleus

Stop Demonizing CVSS: Fix the Real Problem

Jan 22, 2025 By Scott Kuffer In Nucleus
If you read the newest risk-based vulnerability management literature, it appears we have a new favorite punching bag: the Common Vulnerability Scoring System (CVSS). You seemingly can’t throw a rock into the “vuln-o-sphere” without hitting someone dunking on CVSS or the National Vulnerability Database (NVD). The argument goes something like this: “Exploitation rates are up, ransomware is surging, and vulnerabilities are multiplying like rabbits.
Read Post
Pentest People

How Vulnerability Assessments Help Identify and Address Security Weaknesses

Jan 21, 2025 By Kate Watson In Pentest People
A vulnerability assessment systematically evaluates the security of an organisation’s IT infrastructure, aiming to uncover potential flaws. This process not only identifies weaknesses but also provides a roadmap for addressing these vulnerabilities before they are exploited by malicious actors. Through a series of structured steps, including identification, classification, analysis, and remediation, organisations can significantly enhance their cyber security posture.
Read Post
foresiet

Microsoft Corporation Latest Security Update on Actively Exploited Zero-Day Flaws for Safer Digital Operations

Jan 17, 2025 By Foresiet In Foresiet
Organizations need to be watchful and vigilant with their cyber space because cyber threats keep on evolving. And, in fact, urgency is provided by the security update of January 2025 from Microsoft, which patches at least 161 vulnerabilities, including three zero-day flaws actively exploited in the wild.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.