Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

indusface

CVE-2025-66516: Critical XXE Vulnerability Exposes Apache Tika Deployments

Dec 8, 2025 By Pavithra Hanchagaiah In Indusface
A critical vulnerability, CVE-2025-66516 (CVSS 10.0), has been identified in Apache Tika, affecting how the framework processes PDF files containing XFA (XML Forms Architecture) data. The vulnerability resides in tika-core, which means any system using Tika’s default parsing behavior remains vulnerable even if the PDF parser module was previously patched. No special configuration or insecure application code is required; simply ingesting a malicious PDF is enough to trigger the exploit.
Read Post
indusface

React2Shell(CVE-2025-55182): Critical RCE Vulnerability in React Server Components and Next.js

Dec 5, 2025 By Bhargavi Pallati In Indusface
The modern JavaScript ecosystem was shaken this week as Meta, Vercel, Google Cloud, AWS, and leading security researchers revealed two critical issues: CVE-2025-55182 and the downstream Next.js variant CVE-2025-66478. Both are rated CVSS 10 and allow remote code execution (RCE) by exploiting weaknesses in the React Server Components (RSC) “Flight” protocol. The vulnerabilities affect React 19 and all major frameworks embedding the RSC implementation, most notably Next.js 15.x and 16.x.
Read Post

NIST SP 800-53 r5 Compliance Made Simple with AppTrana

Dec 5, 2025 By Indusface In Indusface
With over 32,000 security incidents reported by U.S. federal agencies in the past year, cyber risks are growing in scale and complexity. NIST SP 800-53 r5 provides a comprehensive framework of security and privacy controls to help organizations manage risk, protect critical systems, and maintain regulatory compliance.
View Video

Accelerate Your FedRAMP Journey with AppTrana WAAP

Dec 5, 2025 By Indusface In Indusface
Achieving FedRAMP compliance is complex, but AppTrana WAAP simplifies it. This video explains how AppTrana delivers continuous vulnerability scanning, attack prevention, SIEM-friendly audit logs, real-time incident response, and automated remediation through SwyftComply. Perfect for CISOs, compliance teams, and cloud security leaders preparing for FedRAMP audits.
View Video
indusface

LLMs, Quantum Computing, and the Top Challenges for CISOs in 2026

Dec 5, 2025 By Vinugayathri Chinnasamy In Indusface
Cybersecurity in 2026 is entering its most transformative and volatile phase yet. For CISOs, the landscape is no longer defined only by web, network, and cloud threats. Instead, attackers now target AI/LLM systems, APIs, identity platforms, SaaS ecosystems and supply chains. The surge in attacks across applications, APIs, and GenAI systems indicates that adversaries are scaling faster, using automation, AI-assisted exploitation, and new social engineering vectors.
Read Post
indusface

CVE-2025-54057: Stored XSS Vulnerability in Apache SkyWalking Exposes Monitoring Dashboards to Attackers

Dec 2, 2025 By Bhargavi Pallati In Indusface
Apache SkyWalking is one of the most widely adopted open-source Application Performance Monitoring (APM) and observability platforms, trusted by developers and DevOps teams to visualize telemetry, trace distributed systems, and ensure application uptime. However, a recently disclosed vulnerability has revealed that the very dashboards designed to improve visibility could be turned into attack vectors.
Read Post

Apache Tomcat Vulnerability CVE-2025-55752: Risk & Protection

Nov 28, 2025 By Indusface In Indusface
CVE-2025-55752 exposes a dangerous path traversal flaw in Apache Tomcat caused by a rewrite and decoding regression. This video breaks down how the bug works, why it becomes severe when combined with HTTP PUT, which versions are affected, and what teams must do to patch or mitigate it. We also show how WAAP protection blocks exploitation attempts even before servers are updated.
View Video

Inside Adhaar : Challenges of Securing the World's Largest Digital Identity System #cybersecurity

Nov 28, 2025 By Indusface In Indusface
Discover what it takes to secure Aadhaar, the world’s largest digital identity system. This teaser dives into the massive responsibility behind protecting over a billion citizens’ data powered by strict privacy guardrails, zero-trust principles, encryption, biometric template protection, and privileged access management at national scale. In this clip from Guardians of the Enterprise, Nishith Kumar Datta (Head of Cybersecurity & InfoSec, Titan) shares his insights on the challenges and discipline required to secure such a critical national platform.
View Video
indusface

How to Automate API Security Testing During CI/CD

Nov 28, 2025 By Vinugayathri Chinnasamy In Indusface
During the first half of 2025, APIs faced significantly higher number of attacks than traditional web applications. On average, attacks per API host were 72% higher than those targeting websites, and exploitation of API vulnerabilities surged 13× compared to a 27% increase for website vulnerabilities, according to the State of Application Security Global H1 2025.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.