Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

armo

IngressNightmare: Analysis of Critical Vulnerabilities in Kubernetes Ingress NGINX Controller

Mar 25, 2025 By Amit Schendel In ARMO
On March 24, 2025, Wiz Research disclosed a series of critical vulnerabilities in Ingress NGINX Controller for Kubernetes, collectively dubbed: These unauthenticated Remote Code Execution (RCE) vulnerabilities have been assigned a CVSS base score of 9.8. According to Wiz Research, exploitation allows attackers to gain unauthorized access to all secrets across all namespaces in affected Kubernetes clusters, potentially leading to complete cluster takeover.
Read Post
sysdig

Detecting and Mitigating IngressNightmare - CVE-2025-1974

Mar 25, 2025 By Sysdig Threat Research Team In Sysdig
On Monday, March 24, 2025, a set of critical vulnerabilities affecting the admission controller component of the Ingress NGINX Controller for Kubernetes was announced. In total, five vulnerabilities were announced; the most severe vulnerability, CVE-2025-1974 (CVS 9.8), may result in remote code execution (RCE). Exploitation of this vulnerability can be detected with Sysdig Secure or the Falco rule provided in this article.
Read Post
centripetal

Security Bulletin: GitHub Action Supply Chain Attack - reviewdog/action-setup

Mar 25, 2025 By Lauren Farrell In Centripetal
On March 11, 2025, a supply chain attack targeting the widely used GitHub Action reviewdog/action-setup@v1, leading to the exposure of sensitive CI/CD secrets across multiple repositories. The attack was identified by Wiz Research, which determined that this compromise played a pivotal role in the tj-actions/changed-files incident (Wiz, 2025).
Read Post

GPSec Boston 2025 - CTEM: How to Start When You Haven't Started

Mar 25, 2025 By Nucleus Security In Nucleus
What does it really take to start a Continuous Threat Exposure Management (CTEM) program—especially if your organization hasn’t formally begun? In this GPSec Boston 2025 session, Scott Kuffer, COO and Co-founder of Nucleus Security, joins Chris Peltz, Director of Security Strategy at GuidePoint Security, to demystify CTEM by stripping away the buzzwords and breaking down the practical steps for getting started.
View Video
Arctic Wolf

CVE-2025-1974: Critical Unauthenticated RCE Vulnerability in Ingress NGINX for Kubernetes

Mar 25, 2025 By Andres Ramos In Arctic Wolf
On March 24, 2025, ingress-nginx maintainers released fixes for multiple vulnerabilities that could allow threat actors to take over Kubernetes clusters. Ingress is a Kubernetes feature that defines how workload Pods are exposed to the network, while an Ingress Controller implements those rules by configuring the necessary local or cloud resources. According to Kubernetes, ingress-nginx is deployed in over 40% of Kubernetes clusters.
Read Post
foresiet

Nation-State Threat Actors Leverage Windows Shortcut Vulnerability

Mar 24, 2025 By Foresiet In Foresiet
The newly found Windows shortcut vulnerability is now being actively exploited by state-sponsored Advanced Persistent Threat (APT) actors to execute covert malicious commands. According to new research conducted by Trend Micro's Zero Day Initiative (ZDI), the vulnerability, designated as ZDI-CAN-25373, is now being exploited by Chinese, Iranian, North Korean, and Russian threat actors for worldwide cyber espionage and data theft.
Read Post

POAM Process Automation: Breaking the Manual Grind

Mar 24, 2025 By Nucleus Security In Nucleus
Plans of Action and Milestones (POAM) play a critical role in public sector cybersecurity. In this webinar with government IT solutions provider Carahsoft, we break down the challenges security teams face when implementing POAMs, sharing real-life examples of where things go wrong and why. As part of the presentation, we also cover the intensive math of POAM programs: people, systems, and time.
View Video
jfrog

CVE-2025-29927 - Authorization Bypass Vulnerability in Next.js: All You Need to Know

Mar 24, 2025 By Yoav Saporta In JFrog
On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability – CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases – exploitation of the vulnerability can also lead to cache poisoning and denial of service.
Read Post
CrowdStrike

CrowdStrike Falcon Exposure Management Expands Security to Unmanaged Network Assets with Network Vulnerability Assessment

Mar 24, 2025 By Rona Kedmi In CrowdStrike
As organizations strengthen endpoint and cloud security, attackers are shifting their focus to often-overlooked network infrastructure like routers, switches, and firewalls. Legacy vulnerability management (VM) solutions struggle to keep pace, relying on slow, periodic scans that fail to provide real-time visibility into emerging threats.
Read Post

Falcon Exposure Management Network Vulnerability Assessment: Demo Drill Down

Mar 24, 2025 By CrowdStrike In CrowdStrike
Traditional network vulnerability scanners leave your critical network assets vulnerable, providing outdated visibility and ineffective prioritization. Falcon Exposure Management's Network Vulnerability Assessment (NVA) delivers real-time visibility, AI-powered prioritization with ExPRT.AI, and seamless integration for automated remediation. This demo showcases how NVA streamlines your security strategy, ensuring precise focus on threats that matter most and proactively protecting your network.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.