Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Weaponizing AI Coding Agents for Malware in the Nx Malicious Package Security Incident

Aug 27, 2025 By Liran Tal In Snyk
On August 26–27, 2025 (UTC), eight malicious Nx and Nx Powerpack releases were pushed to npm across two version lines and were live for ~5 hours 20 minutes before removal. The attack also impacts the Nx Console VS Code extension.
Read Post
ionix

CVE-2025-7775: Memory Overflow Vulnerability in Citrix NetScaler ADC and Gateway

Aug 27, 2025 By Tal Zamir In IONIX
On August 26th, 2025, Citrix patched CVE‑2025‑7775, a memory overflow vulnerability in NetScaler ADC and Gateway appliances that allows unauthenticated remote code execution (RCE) and/or denial-of-service. This threat is confirmed to be actively exploited in the wild. Citrix strongly emphasized that no mitigations exist aside from applying the patch immediately.
Read Post

Black Hat 2025 - From Chaos to Control - How Bank Of Hope Achieved Zero Critical Vulnerabilities

Aug 26, 2025 By Nucleus Security In Nucleus
At Black Hat 2025, Nucleus Security and Bank of Hope shared how a small but determined security team transformed its vulnerability management program into a risk-driven, automated operation.
View Video
Arctic Wolf

CVE-2025-7775: Critical Citrix NetScaler Zero-Day RCE Exploited to Drop Webshells

Aug 26, 2025 By Andres Ramos In Arctic Wolf
On August 26, 2025, Citrix released fixes for a critical vulnerability in Citrix NetScaler ADC and Gateway (CVE-2025-7775) that has been exploited on unpatched appliances. The issue stems from a memory overflow flaw that could allow Remote Code Execution (RCE) and/or Denial of Service (DoS) by remote threat actors.
Read Post

Intel Chat: Apache ActiveMQ, Elastic EDR vulnerability, kernel-level EDR killers & PipeMagic [241]

Aug 26, 2025 By LimaCharlie In LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
View Video
1Password

Clickjacking: What it means for 1Password users

Aug 26, 2025 By Jacob DePriest In 1Password
This blog details how 1Password has addressed clickjacking in the latest version of our browser extension (version 8.11.7). We have no indication that this class of vulnerability directly puts 1Password’s systems at risk. Clickjacking is a technique where a malicious or compromised webpage visually disguises or overlays elements of a page or browser extension, like the autofill menu, so that a user unintentionally clicks on them.
Read Post
Trustwave

The Next Level of Managed Vulnerability Scanning: Authenticated and Unauthenticated Scans

Aug 25, 2025 By Mary Eduel Neyra In Trustwave
Trustwave, A LevelBlue Company, is a huge proponent of employing offensive security tactics to ensure a client is properly protected. For Trustwave, the reason is obvious. Offensive security is an effective approach to evaluate and enhance an overall security posture. We’ve written about this before (just check here, here, and here), but today we will explore the difference between an Authenticated Scan and an Unauthenticated Scan. Let’s set the stage by defining the two types of scans.
Read Post

The Surprising Truth About GPT-5 in Cursor's Agent Mode

Aug 25, 2025 By Snyk In Snyk
In this video, I test out GPT-5 by asking it to build a simple and secure Node.js notes app that lets users create, read, update, and delete notes. I run two experiments — one without a security MCP server and one with it — to see how well the new model handles both functionality and security.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.