Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What CVE-2025-32433 Is and Why It Matters ?

Nov 30, 2025 By Fidelis Security In Fidelis Security
A new critical vulnerability—CVE-2025-32433, also known as the Erlang SSH Chainbreaker—allows attackers to execute commands without authentication. This video breaks down what the flaw is, how the exploit works, why it’s dangerous, and which systems are at risk. In Part 1, you’ll learn: Severity: CVSS 10.0 — Exploited in the wild Risk: Full host compromise, data theft, operational disruption.
View Video
Exposure Management Platforms Explained

Exposure Management Platforms Explained

Nov 29, 2025 By SecuritySenses In SecuritySenses
If you work in cybersecurity, you likely know the feeling of the "CVE Treadmill." It is the exhausting cycle where security teams scan systems, log thousands of vulnerabilities, prioritize them by a static severity score, and send tickets to IT to patch them. Then, the next day, they do it all over again. The problem is that the treadmill is moving faster than you are.
Read Post
appsentinels

Bug Bounty Programs (2025) | Definition, Platforms & Costs

Nov 28, 2025 By AppSentinels In AppSentinels
“Tech giants pay hackers millions to hack them – on purpose.” What once sounded like a risky experiment has now become standard practice in cybersecurity. Bug bounty programs have moved from the fringes into the mainstream because traditional defenses alone can’t keep up with today’s scale and sophistication of attacks.
Read Post

Apache Tomcat Vulnerability CVE-2025-55752: Risk & Protection

Nov 28, 2025 By Indusface In Indusface
CVE-2025-55752 exposes a dangerous path traversal flaw in Apache Tomcat caused by a rewrite and decoding regression. This video breaks down how the bug works, why it becomes severe when combined with HTTP PUT, which versions are affected, and what teams must do to patch or mitigate it. We also show how WAAP protection blocks exploitation attempts even before servers are updated.
View Video
ionix

CVE-2025-61757: Critical Pre-Auth RCE in Oracle Identity Manager

Nov 26, 2025 By Zach Bistra In IONIX
A newly disclosed vulnerability, CVE-2025-61757, exposes Oracle Identity Manager (OIM) to unauthenticated remote code execution (RCE). The flaw affects OIM versions 12.2.1.4.0 and 14.1.2.1.0 and carries a CVSS 9.8 Critical rating. CISA has added it to the Known Exploited Vulnerabilities (KEV) catalog — meaning active exploitation is confirmed.
Read Post
seal security

Shai-Hulud: The Second Coming Hits npm Users

Nov 26, 2025 By Itamar Sher In Seal Security
Once again, the npm supply chain has been compromised, putting developers relying on these vital open source components at risk. On November 24th, a sophisticated attack that borrows techniques from the Shai-Hulud malware used in the npm hijacking this past September was discovered. This is not an isolated incident. It’s a continuation of an existing campaign that is now abusing CI/CD pipelines, and GitHub automation to spread faster and steal more secrets than before.
Read Post
astra

Introducing Astra Cloud Vulnerability Scanner: Multi-Cloud Security Built for Scale

Nov 26, 2025 By Shikhil Sharma In Astra
1.8X, that’s how much cloud vulnerabilities have skyrocketed over the past year, fueled not just by attackers but by the routine tweaks teams make every day. Modern vulnerability scanners were built to find everything that looks risky. They just never learned to tell what actually is. Dashboards lit with thousands of “critical” alerts, endless CSVs, and reports that read like alarm bells on repeat. Yet less than 10 percent of those alerts ever lead to a real exploit.
Read Post
Snyk

Snyk Log Sniffer: AI-Powered Audit Log Insights for Security Leaders

Nov 26, 2025 By Liran Tal In Snyk
Snyk empowers organizations to build fast and stay secure. As security and engineering teams scale their use of Snyk across the enterprise, understanding what's happening across your group and organizations becomes critical–from API integrations and user access patterns to policy changes and security events. However, raw audit logs alone can be overwhelming and difficult to interpret. Security leaders need instant visibility into critical events, risk patterns, and user activity.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.