Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

salt security

React2Shell: The Frontend Vulnerability That Unlocks Your Internal APIs

Dec 10, 2025 By Eric Schwake In Salt Security
The cybersecurity world is currently buzzing about React2Shell (CVE-2025-55182), a critical remote code execution (RCE) vulnerability affecting React and Next.js. The scale of the threat is massive: researchers have already identified over 77,000 vulnerable IP addresses exposed to the internet, and confirmed that state-sponsored actors and opportunistic crypto miners have already breached at least 30 organizations. But if you look closely, this isn't really a story about React.
Read Post
Zenity

The OWASP Top 10 for Agentic Applications: A Milestone for the Future of AI Security

Dec 10, 2025 By Kayla Underkoffler In Zenity
The OWASP GenAI Security Project has officially released its Top 10 for Agentic Applications, the first industry-standard framework focused on the operational risks created by autonomous and semi-autonomous AI systems. AI has evolved in a way that directly changes how enterprises need to think about security. We started with machine learning systems designed to classify and predict.
Read Post

AI, Creators & Agentic Commerce - A Conversation with Cloudflare CSO Stephanie Cohen

Dec 10, 2025 By Cloudflare In Cloudflare
In this episode of This Week in NET, host João Tomé sits down with Stephanie Cohen, Cloudflare’s Chief Strategy Officer, for a candid conversation about AI, content creators, financial services, partnerships, and the future of the Internet. Stephanie shares how Cloudflare is helping keep the Internet open and resilient — from giving creators transparency and control over AI scraping, to enabling new models of agentic commerce through partnerships with Visa and Mastercard, to empowering organizations of all sizes through Cloudflare’s global network.
View Video
cato networks

Mitigating Credential Phishing in the Age of AI and Cloud Convergence

Dec 10, 2025 By Dr. Guy Waizel In Cato Networks
Phishing remains one of the most effective methods for stealing credentials and breaching enterprise environments. Despite advanced email and browser protections, attackers now leverage AI, and automation to outpace traditional defenses. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involve the human element, often triggered within seconds of a phishing lure, just 21 seconds to click and 28 seconds to submit credentials.
Read Post

Charlotte AI - 2025 MITRE ATT&CK Enterprise Evaluations

Dec 10, 2025 By CrowdStrike In CrowdStrike
The 2025 MITRE ATT&CK Enterprise Evaluations featured sophisticated cross-domain attacks from Scattered Spider, and CrowdStrike's Charlotte AI proved essential in delivering 100% detection and protection with zero false positives. Charlotte AI accelerated every stage of security operations with Agentic Detection Triage for instant verdicts, Agentic Response that investigates alerts like expert analysts, and command-line analysis in plain language.
View Video
kovrr

Transforming AI Risk Awareness Into Measurable AI Governance

Dec 9, 2025 By Kovrr In Kovrr
Only a few years ago, after more than a decade of debate over how cybersecurity incidents affect the financial stability of public companies, the U.S. Securities and Exchange Commission (SEC) finally made cyber risk disclosure a formal requirement. The intent was to bring transparency and accountability to a category of risk that had long been treated as technical rather than financial. Now, albeit voluntarily, AI has entered that same conversation, but the speed of its arrival has been remarkable.
Read Post
teramind

How AWS WorkSpaces & Teramind Enhance Workforce Intelligence

Dec 9, 2025 By Teramind In Teramind
Teramind, an ISV Accelerate AWS Partner, delivers a crucial layer of visibility, security, and productivity management that highly complements the Amazon WorkSpaces Family services. This partnership ensures customers move beyond the architectural security and agility provided by AWS to gain granular control over user behavior, insider risk, and operational efficiency within their virtual desktop infrastructure (VDI).
Read Post
1Password

The role of credentials in the AI espionage campaign reported by Anthropic

Dec 9, 2025 By Anand Srinivas In 1Password
Anthropic recently announced that the company has disrupted the first reported AI-orchestrated cyber espionage campaign. This attack used Claude Code to automate many steps, with AI handling up to 90% of the tasks, including web searches and the autonomous writing of exploit code. The attackers bypassed Claude’s guardrails by breaking each step into small tasks and role-playing as a red team member.
Read Post

The CISO's Al Dilemma: How Security Leaders Are Making or Breaking Their Company's Future

Dec 9, 2025 By Salt Security In Salt Security
AI agents are transforming how leading companies operate, delivering 24/7 customer service, processing thousands of transactions, and driving unprecedented operational efficiency. 53% of organizations are already deploying AI agents for customer-facing tasks, with market leaders running hundreds or thousands of agents to gain a competitive advantage. These agents handle sensitive data, trigger transactions, and make autonomous decisions at machine speed. But the APIs that power them are becoming a vast, overlooked attack surface.
View Video

The Business Logic Paradox: Hackers Are Your Best Architects #businesslogic #cybersecurity #api

Dec 9, 2025 By Wallarm In Wallarm
Here is the truth: To exploit Business Logic Abuse, hackers must understand your application flow holistically. Your individual developers focus on clean code within their one block. The attacker studies the entire blueprint and finds the gaps and missing connections between those blocks. They are committed-spending months on reconnaissance to know your product better than your own team. You must adopt the attacker's mindset in your design stages!
View Video

Copyright © 2026 OpsMatters™. All rights reserved.