Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

indusface

CVE-2026-25639: Axios Vulnerability Triggers DoS in Node.js Applications

Feb 24, 2026 By Deepak Kumar Choudhary In Indusface
A newly disclosed vulnerability tracked as CVE-2026-25639 puts Node.js applications using Axios at risk of remote Denial-of-Service attacks. By sending a specially crafted configuration object, attackers can trigger a fatal runtime error inside Axios’s internal request handling logic, causing the Node.js process to crash instantly.
Read Post

How AI is Reshaping Cyber Threats

Feb 19, 2026 By Indusface In Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about how AI is reshaping the cyber threat landscape. They discussed how attackers are now leveraging AI to launch more sophisticated phishing campaigns, automate malware, and scale attacks faster than ever before. As AI lowers the barrier to entry, the speed and complexity of attacks continue to increase, making it harder for organizations to keep up.
View Video

Vulnerability Remediation: From Scan Results to Real Fixes

Feb 19, 2026 By Indusface In Indusface
Vulnerability scanning is useless if you don’t fix what you find. This short breaks down a practical vulnerability remediation process to prioritize risk, patch faster, and reduce real-world exposure. Learn how security teams move from detection to closure, without months of backlog.
View Video
indusface

CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover

Feb 17, 2026 By Deepak Kumar Choudhary In Indusface
A critical vulnerability in the WPvivid Backup & Migration WordPress plugin allows unauthenticated attackers to upload and execute arbitrary PHP files on exposed websites. Tracked as CVE-2026-1357, the vulnerability affects vulnerable versions of the plugin and enables remote code execution through network-accessible functionality intended for backup and migration workflows. With over 900,000 active installations, WPvivid is widely deployed across production WordPress environments.
Read Post
indusface

CVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM

Feb 13, 2026 By Bhargavi Pallati In Indusface
Approximately 1,600 Ivanti Endpoint Manager Mobile (EPMM) instances are currently exposed globally, creating a significant attack surface for enterprise mobile infrastructure. Ivanti has disclosed two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, that allow unauthenticated remote code execution on affected on-premises deployments. CVE-2026-1281 has been confirmed exploited prior to disclosure and is now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Read Post

AI Attacks, CaaS & the New Reality of Banking Security

Feb 13, 2026 By Indusface In Indusface
This week, in the episode – Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, speaks with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), on how large financial institutions are navigating a rapidly evolving cyber threat landscape. The conversation covers the rise of AI-driven attacks, Cybercrime-as-a-Service (CaaS), and the growing complexity that comes with expanding digital footprints across cloud, applications, and APIs.
View Video

Metro4Shell RCE (CVE-2025-11953) Is Putting Apps at Risk

Feb 10, 2026 By Indusface In Indusface
A critical vulnerability known as Metro4Shell (CVE-2025-11953) has been identified in the React Native Metro development server, enabling unauthenticated remote code execution when exposed beyond localhost. Active exploitation is already underway, with attackers targeting exposed development environments to gain system-level access. For more insights on website and API security fundamentals, subscribe to our newsletter.
View Video
indusface

CVE-2025-11953 - Metro4Shell RCE in React Native Metro Server

Feb 6, 2026 By Bhargavi Pallati In Indusface
A critical unauthenticated remote code execution (RCE) vulnerability has been identified in the React Native Metro development server, with nearly 3,500 exposed instances currently reachable on the public internet. Tracked as CVE-2025-11953, also known as Metro4Shell, this flaw affects the Metro server used during React Native application build and testing workflows.
Read Post

Security Priorities and Expectations: A Board Level Overview

Jan 28, 2026 By Indusface In Indusface
Compliance. Reporting. Risk visibility. These are no longer checkbox exercises in the boardroom. Today’s boards expect more than confirmation that regulations are being met. With evolving threats and AI-driven risk, they want regular, structured visibility into vulnerabilities, before gaps turn into incidents.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.