%term

FortiWeb CVE-2025-58034: Exploited Zero-Day Command Injection in WAF

Nov 20, 2025 By Foresiet In Foresiet

Dissecting the active-in-the-wild OS command injection vulnerability and its implications for enterprise threat monitoring In November 2025, threat intelligence teams began warning of a newly discovered zero-day vulnerability in a widely-deployed web application firewall appliance. The vulnerability — CVE-2025-58034 — allows authenticated attackers to execute arbitrary OS commands via crafted HTTP requests or CLI commands.

Read Post

Foresiet

Read more about FortiWeb CVE-2025-58034: Exploited Zero-Day Command Injection in WAF

Remediation Agent: Step-By-Step Guidance for Faster Fixes

Nov 20, 2025 By Kevin Swan In Seemplicity

Remediation shouldn’t require research. Seemplicity’s Remediation Agent embeds clear, asset-specific, step-by-step guidance directly into every finding – eliminating ambiguity, reducing rework, and accelerating time-to-resolution. Learn how it standardizes fixes, supports all skill levels, and removes one of the biggest bottlenecks in exposure management.

Read Post

Seemplicity

Read more about Remediation Agent: Step-By-Step Guidance for Faster Fixes

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Nov 19, 2025 By SquareX

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users' devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands on users' devices, capabilities that traditional browsers explicitly prohibit. Concerningly, there is limited official documentation on the MCP API.

Read Post

Read more about Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

OWASP Named Software Supply Chain Failures. Now It's Time to Fix Them.

Nov 19, 2025 By Bruce Gibson In Seal Security

Since OWASP unveiled its 2025 Top 10, one of the most-discussed items has been A03: Software Supply Chain Failures. For many in AppSec, this came as no surprise; enterprise software’s reliance on open source has become one of its greatest strengths and arguably its biggest liability.

Read Post

Seal Security

Read more about OWASP Named Software Supply Chain Failures. Now It's Time to Fix Them.

UK Cyber Security and Resilience Bill: What you need to know

Nov 19, 2025 By Marcus White In Outpost 24

The UK government introduced the Cyber Security and Resilience Bill to Parliament on November 12th, 2025. Science, Innovation and Technology Secretary Liz Kendall stated: “Cybersecurity is national security. This legislation will enable us to confront those who would disrupt our way of life.” If you work in healthcare, energy, water, transport, or supply IT services to these sectors, this legislation will directly affect how you manage cybersecurity.

Read Post

Outpost 24

Read more about UK Cyber Security and Resilience Bill: What you need to know

Windsurf's NEW Model Built This App...

Nov 19, 2025 By Snyk In Snyk

Windsurf's NEW Model Built This App...

View Video

Snyk

Read more about Windsurf's NEW Model Built This App...

How Managed Cybersecurity Services Reduce Risk and Enable Business Growth

Nov 19, 2025 By SecuritySenses In SecuritySenses

Today's organizations of all sizes face increasing pressure to protect sensitive data, maintain compliance, and defend against sophisticated cyberattacks. At the same time, they must continue innovating, scaling, and delivering exceptional customer experiences. This dual mandate-security and growth-can feel at odds for many companies.

Read Post

SecuritySenses

Read more about How Managed Cybersecurity Services Reduce Risk and Enable Business Growth

Astra Security: Automated Pentesting & Vulnerability Remediation #cybersecuritycompany #startup

Nov 18, 2025 By Astra Security In Astra

View Video

Astra

Read more about Astra Security: Automated Pentesting & Vulnerability Remediation #cybersecuritycompany #startup

How Outpost24 delivers operational resilience for DORA

Nov 18, 2025 By Marcus White In Outpost 24

The EU’s Digital Operational Resilience Act (DORA) has just turned a year old. This regulation represented a fundamental shift in how the financial sector manages ICT risk, moving beyond traditional compliance to demand continuous, demonstrable digital operational resilience. A year on, the focus has changed. Organizations can no longer just avoid cyber incidents. They need to prove they can withstand, respond to, and recover from disruptions quickly and effectively.

Read Post

Outpost 24

Read more about How Outpost24 delivers operational resilience for DORA

CVE-2025-55752: Apache Tomcat Path Traversal Vulnerability

Nov 18, 2025 By Deepak Kumar Choudhary In Indusface

Apache Tomcat continues to play a central role in hosting Java-based web applications across enterprises, cloud services, and government systems. Its reliability and lightweight architecture make it a go-to choice for developers, but its ubiquity also means that a single vulnerability can have widespread security implications. CVE-2025-55752, disclosed in late 2025, highlights how a subtle processing regression can evolve into a high-impact vulnerability under the right conditions.

Read Post