Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 24, 2025, watchTowr published technical details and a proof-of-concept (PoC) exploit for a critical vulnerability in Commvault Command Center, CVE-2025-34028, which had been disclosed earlier in April. Commvault Command Center is a web-based interface used to manage data protection, backup, and recovery operations across enterprise environments.

On April 16, 2025, the cybersecurity community faced a potential crisis as U.S. government funding for the Common Vulnerabilities and Exposures (CVE) program, managed by MITRE and sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), was set to expire.

Kubernetes ingress-nginx has disclosed a cluster of critical vulnerabilities—CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, and CVE-2025-24514—impacting all controller releases prior to v1.11.5 / v1.12.1. The flaws stem from insufficient sanitization of Ingress annotations and admission-webhook inputs, allowing attackers to inject arbitrary NGINX directives into the auto-generated nginx.conf.

Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced: “The current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.” Official letter from MITRE Corp announcing the implications and expiration of the CVE Program.

Erlang/OTP ships with an SSH daemon that many telecom, IoT, Elixir/Phoenix, RabbitMQ and CouchDB deployments leave running for convenience. A flaw in how that daemon parses pre-authentication SSH protocol messages enables an attacker to break out of the key-exchange state machine and open an arbitrary channel before credentials are verified.

CrushFTP—a Java-based, multi-protocol file-transfer server—ships with an Amazon S3–compatible API.

When it comes to exposure management, actionable context is key. Security teams don’t just need data – they need the right insights, in the right place, at the right time to drive remediation activities. That’s why seamless integrations between security and workflow tools are essential. At Seemplicity, building these integrations quickly and effectively isn’t just a goal, it’s a core competency.

I'm thrilled to announce Snyk API & Web, our next-generation dynamic application security testing (DAST) solution. It's more than just a product launch; it's Snyk’s answer to securing the complex, AI-powered applications developers are building today, deepening the integration of DAST into our comprehensive Developer Security Platform.