Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-10573: Stored XSS in Ivanti EPM

Dec 17, 2025 By Indusface In Indusface
A critical stored XSS vulnerability (CVE-2025-10573) in Ivanti Endpoint Manager lets attackers poison the admin dashboard with malicious scripts, leading to session hijacking and device compromise. AppTrana blocks these malicious scan submissions at the edge, preventing stored XSS payloads from ever reaching the EPM dashboard, even before patching.
View Video
indusface

React After React2Shell: New RSC Vulnerabilities Expose DoS and Source Code Risks

Dec 17, 2025 By Bhargavi Pallati In Indusface
The disclosure of React2Shell (CVE-2025-55182) triggered a rapid patching effort across the React and Next.js ecosystem. However, deeper inspection of React Server Components (RSC) in the aftermath revealed additional vulnerabilities in adjacent code paths. These vulnerabilities pose serious operational and security risks.
Read Post

How to mitigate CVE-2025-32433

Dec 17, 2025 By Fidelis Security In Fidelis Security
A critical Erlang SSH vulnerability (CVE-2025-32433), also known as Chainbreaker, allows attackers to exploit pre-auth SSH behavior for remote code execution. In this video, we break down exactly what security teams need to do — from immediate mitigation to long-term prevention. What you’ll learn in this video: How to mitigate CVE-2025-32433 by upgrading Erlang OTP (27.3.3 / 26.2.5.11 / 25.3.2.20)
View Video
THE FUTURE OF CYBERSECURITY: HOW AI AND MACHINE LEARNING ARE TRANSFORMING PENETRATION TESTING

The Future Of Cybersecurity: How AI And Machine Learning Are Transforming Penetration Testing

Dec 17, 2025 By SecuritySenses In SecuritySenses
In today's rapidly evolving digital landscape, the protection of sensitive information and critical infrastructure has become more paramount than ever. Traditional cybersecurity measures are increasingly being augmented with advanced technologies like Artificial Intelligence (AI) and Machine Learning (ML). These innovations are now transforming the realm of penetration testing, offering enhanced capabilities for identifying and mitigating vulnerabilities.
Read Post

How to detect React2Shell attacks using network-based threat hunting

Dec 16, 2025 By Corelight In Corelight
How do you find React2Shell vulnerabilities or detect React2Shell attacks in real environments? In this video, Corelight cloud security researcher David Burkett walks through how to threat hunt React2Shell by focusing on post-exploitation behavior at the network level. Instead of relying on exploit signatures, the approach uses application baselining and network traffic analysis to identify abnormal behavior.
View Video
Snyk

Old AI Security vs Evo: Watch Agentic Security Replace Weeks of Manual Work

Dec 16, 2025 By Manoj Nair In Snyk
From intelligent chatbots to autonomous agents, innovation has never moved faster thanks to GenAI. But with the rate of velocity comes a massive new challenge: a class of complex, non-deterministic security risks that traditional cybersecurity methods are simply not equipped to handle. AI-native applications are already running in production. Across industries, teams are deploying copilots, RAG systems, autonomous agents, and AI-powered workflows faster than traditional security processes can keep up.
Read Post
seal security

How Seal Security Helps You Meet FedRAMP Vulnerability Detection and Response Standard

Dec 16, 2025 By Itamar Sher In Seal Security
Earlier this year, FedRAMP RFC-0012 signaled a coming shift in how cloud service providers (CSPs) working with the U.S. federal government are expected to handle vulnerabilities. It outlined plans to move FedRAMP away from simple CVSS-score thresholds and toward continuous, context-aware, exploitability-driven, and automation-first vulnerability management.
Read Post

Fireside Chat: LevelBlue + Tenable Partnership - Unlimited Vulnerability Scanning at No Cost

Dec 16, 2025 By LevelBlue In LevelBlue
Discover how LevelBlue and Tenable are transforming cybersecurity in this exclusive fireside chat featuring Michael Vaughn, Director of Product Management at LevelBlue, and Greg Goetz, VP of Global Strategic Partners at Tenable.
View Video

Proactive WAF Vulnerability Protection & Firewall for AI + Multiplayer Chess Demo in ChatGPT

Dec 16, 2025 By Cloudflare In Cloudflare
In this episode of This Week in NET, we talk with Daniele Molteni, Director of Product Management for Cloudflare’s WAF, about how Cloudflare responded within hours to a newly disclosed React Server Components vulnerability — deploying global protection before the public advisory was even released.
View Video
levelblue

LevelBlue and Tenable Introduce Unlimited Enterprise-Grade Vulnerability Scanning in USM Platform at No Additional Cost

Dec 16, 2025 By LevelBlue In LevelBlue
LevelBlue is redefining what clients and partners can expect from a managed security provider. Through a new partnership with Tenable, a world-class leader in vulnerability management, LevelBlue is introducing unlimited, enterprise-grade vulnerability scanning for all clients and partners using the LevelBlue USM platform — included at no additional cost.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.