Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On September 17, 2025, SonicWall released a knowledge base article detailing the exposure of firewall configuration backup files stored in certain MySonicWall accounts. SonicWall states that after identifying the incident they began an investigation containing the incident, terminating the ‘unauthorized access point’, and working with law enforcement and select cybersecurity agencies globally.

On September 17, 2025, WatchGuard released fixes for a critical out-of-bounds write vulnerability (CVE-2025-9242) in the iked process of WatchGuard Fireware OS, which powers their Firebox firewall appliances. This flaw allows a remote unauthenticated threat actor to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN with IKEv2 when configured with a dynamic gateway peer.

JFrog Security Research recently discovered and disclosed multiple CVEs in the highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs, which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by in-cluster attackers to run arbitrary code on any pod in the cluster, even in the default configuration of Chaos-Mesh.

This is an ongoing incident and updates will be provided as more information is confirmed.

Security issues in software development often stem not from developers’ lack of concern but from a fundamental disconnect between development and security teams. Each wants to do their job well, but their goals and expectations frequently conflict. This misalignment costs organizations in heightened security risks and tangible operational setbacks. Security issues identified too late in the cycle delay releases and increase project costs.

It’s one thing for us to say Nucleus is changing how enterprises address vulnerability and exposure management. It’s another when three different analyst firms all say it, and at the same time. In recent weeks, Forrester, IDC, and GigaOm each published their latest market evaluations, recognizing Nucleus in all three. That’s rare validation in a market where many vendors don’t even make the cut for inclusion.

On September 9, 2025, Microsoft released details of CVE-2025-55234, a critical vulnerability in the Windows Server Message Block (SMB) protocol. With a CVSS v3 score of 8.8, it’s classified as High severity and poses a serious elevation-of-privilege (EoP) risk. An attacker exploiting this flaw could launch a relay attack, allowing them to gain the privileges of a legitimate user without elevated permissions or insider access.