%term

From Hats to Heartfelt Advice: Takeaways from a Fireside Chat with CISO @ Crocs

Nov 25, 2025 By Megan Horner In Seemplicity

The fireside chat with Crocs CISO Lena Taylor at our Denver event brought together cybersecurity professionals, allies, and leaders for an evening of honest insight and community. From redefining work-life balance to knowing when to pursue new opportunities, Lena shared grounded, real-world wisdom that resonated far beyond career advice. Here’s a look at the biggest takeaways from the discussion and why the night left such a lasting impression.

Read Post

Seemplicity

Read more about From Hats to Heartfelt Advice: Takeaways from a Fireside Chat with CISO @ Crocs

The Missing Link in OWASP is Found: Business Logic Abuse#owasp #owasptop10 #businesslogic

Nov 25, 2025 By Wallarm In Wallarm

For years, security lists focused on technology (Cloud , Mobile , Serverless ). We desperately needed a list that focused on the core problem: flawed application logic, regardless of the stack. The OWASP Top 10 Business Logic Abuse (BLA) list fills that critical, architectural gap. Why? Because exploitation often happens between technologies, not within them. We must be able to categorize and talk about these intricate logic threats in a technology-agnostic way.

View Video

Wallarm

Read more about The Missing Link in OWASP is Found: Business Logic Abuse#owasp #owasptop10 #businesslogic

SHA1-Hulud, npm supply chain incident

Nov 24, 2025 By Brian Vermeer In Snyk

On November 24th, 2025, we identified a new supply chain attack in the npm ecosystem, referred to as SHA1-Hulud. We believe this is a second wave of the Shai-Hulud attack, which occurred in September 2025. Snyk will continue monitoring this active incident until it is resolved. Updates on this incident will be on our trust center.

Read Post

Snyk

Read more about SHA1-Hulud, npm supply chain incident

Emerging Threat: CVE-2025-41115 - Critical SCIM Privilege Escalation in Grafana Enterprise

Nov 24, 2025 By Amit Sheps In CyCognito

CVE-2025-41115 is a critical privilege escalation and user-impersonation vulnerability in Grafana Enterprise. The issue occurs within the SCIM (System for Cross-domain Identity Management) provisioning feature. When SCIM is enabled, Grafana incorrectly maps the externalId field supplied by a SCIM client to an internal user.uid.

Read Post

CyCognito

Read more about Emerging Threat: CVE-2025-41115 - Critical SCIM Privilege Escalation in Grafana Enterprise

OWASP Top 10 2025 Updates: Supply Chain, Secrets, And Misconfigurations Take Center Stage

Nov 24, 2025 By Dwayne McDaniel In GitGuardian

Discover what’s changed in the OWASP 2025 Top 10 and how GitGuardian helps you mitigate risks like broken access control and software supply chain failures.

Read Post

GitGuardian

Read more about OWASP Top 10 2025 Updates: Supply Chain, Secrets, And Misconfigurations Take Center Stage

More Security, Speed, and Compliance: New Features from Seal Security

Nov 24, 2025 By Alon Navon In Seal Security

We are excited to announce a new wave of updates designed to streamline your development process, enhance security auditability, and dramatically improve platform performance. At Seal Security, our focus remains on giving you the easiest and most effective way to manage and remediate open source vulnerabilities. Your feedback drives our innovation, and we're thrilled to introduce capabilities that make the platform faster, cleaner, and more compliant.

Read Post

Seal Security

Read more about More Security, Speed, and Compliance: New Features from Seal Security

OWASP Top 10 2025 Edition - The 443 Podcast - Episode 350

Nov 24, 2025 By WatchGuard Technologies In WatchGuard

This week on the podcast, we cover OWASP’s update to the top 10 web application security weaknesses and its changes from the 2021 list. We also cover a recently uncovered adversary-in-the-middle campaign that’s pushing malicious software updates to targeted systems. We conclude with our opinions on Microsoft’s latest AI features, which are coming to Windows.

View Video

WatchGuard

Read more about OWASP Top 10 2025 Edition - The 443 Podcast - Episode 350

CVE-2025-9501: Identifying High-Risk WordPress Instances Using W3 Total Cache

Nov 23, 2025 By Zach Bistra In IONIX

CVE-2025-9501 is a critical remote code-execution vulnerability affecting W3 Total Cache versions prior to 2.8.13, a plugin used by more than a million WordPress sites to improve performance and caching. The issue lies in the plugin’s _parse_dynamic_mfunc handler, which can process user-controlled inputs inside dynamic fragments.

Read Post

IONIX

Read more about CVE-2025-9501: Identifying High-Risk WordPress Instances Using W3 Total Cache

Look out for this when using AI Coding Tools...

Nov 23, 2025 By Snyk In Snyk

Look out for this when using AI Coding Tools...

View Video

Snyk

Read more about Look out for this when using AI Coding Tools...

Remediation Agent: Step-By-Step Guidance for Faster Fixes

Nov 20, 2025 By Kevin Swan In Seemplicity

Remediation shouldn’t require research. Seemplicity’s Remediation Agent embeds clear, asset-specific, step-by-step guidance directly into every finding – eliminating ambiguity, reducing rework, and accelerating time-to-resolution. Learn how it standardizes fixes, supports all skill levels, and removes one of the biggest bottlenecks in exposure management.

Read Post