%term

From Code to Agents: Proactively Securing AI-Native Apps with Cursor and Snyk

Dec 22, 2025 By Manoj Nair In Snyk

The rapid adoption of AI agents for development is creating a critical security gap. We are moving from predictable logic, deterministic code paths, and human-driven workflows to non-deterministic agents that reason, plan, and act autonomously using large language models across the broader software development lifecycle. As enterprises adopt these autonomous AI agents, the core challenge isn’t just the new risks and attack vectors; it’s a loss of runtime control.

Read Post

Snyk

Read more about From Code to Agents: Proactively Securing AI-Native Apps with Cursor and Snyk

Ultimate Guide to Vulnerability Assessment: What, Why & How (2026 Edition)

Dec 21, 2025 By Acronis In Acronis

If you’re an IT MSP, vulnerability assessment has grown from a river to a flood over the last couple of years. In 2020, there were 18,000 recorded common vulnerabilities and exposures (CVEs). By 2024, that number had more than doubled, eclipsing 40,000. And 2025 is showing no signs of reversing the trend. The rise of vulnerabilities means that manual vulnerability assessment is no longer possible.

Read Post

Acronis

Read more about Ultimate Guide to Vulnerability Assessment: What, Why & How (2026 Edition)

CVE-2025-14733: WatchGuard Firebox iked Out of Bounds Write Vulnerability Exploited in the Wild

Dec 19, 2025 By Andres Ramos In Arctic Wolf

On December 18, 2025, WatchGuard released fixes for CVE-2025-14733, a critical out-of-bounds write vulnerability in the Internet Key Exchange daemon (iked) process used to establish VPN tunnels in Fireware OS, which powers Firebox firewall appliances. Exploitation of this vulnerability allows a remote, unauthenticated threat actor to execute arbitrary code. WatchGuard has confirmed in-the-wild exploitation in their advisory.

Read Post

Arctic Wolf

Read more about CVE-2025-14733: WatchGuard Firebox iked Out of Bounds Write Vulnerability Exploited in the Wild

Zero-Day Vulnerabilities in November 2025

Dec 19, 2025 By Indusface In Indusface

In November 2025, AppTrana detected 227 zero-days and blocked every single one. Explore the full report to see how complete coverage looks.

View Video

Indusface

Read more about Zero-Day Vulnerabilities in November 2025

Critical React2Shell RCE Hits React and Next.js (CVE-2025-55182 / CVE-2025-66478)

Dec 19, 2025 By Sanskriti Jain In Astra

React2Shell is a severe remote, unauthenticated RCE vulnerability recently uncovered in React Server Components (RSC) and the Next.js App Router — tracked as CVE-2025-55182, with CVE-2025-66478 later merged as a duplicate — that allows attackers to execute arbitrary code on servers by exploiting insecure Flight protocol deserialization (CWE-502), earning the flaw a maximum CVSS score of 10.0.

Read Post

Astra

Read more about Critical React2Shell RCE Hits React and Next.js (CVE-2025-55182 / CVE-2025-66478)

Brave Search MCP in Action!

Dec 19, 2025 By Snyk In Snyk

Brave Search MCP in Action!

View Video

Snyk

Read more about Brave Search MCP in Action!

Detecting CVE-2025-20393 exploitation: catching UAT-9686 on Cisco appliances

Dec 19, 2025 By David Burkett In Corelight

CVE-2025-20393 is a CVSS 10.0 Remote Code Execution (RCE) flaw in Cisco Secure Email Gateways currently being actively exploited by China-nexus groups. A recent advisory from Cisco Talos details how an actor dubbed “UAT-9686” is leveraging this vulnerability to target Cisco Secure Email Gateways (ESA) and Secure Email and Web Managers (SMA). The attack allows threat actors to execute arbitrary commands with root privileges and deploy persistence mechanisms.

Read Post

Corelight

Read more about Detecting CVE-2025-20393 exploitation: catching UAT-9686 on Cisco appliances

CVE-2025-20393: Threat Campaign Targeting Cisco Secure Email Gateway, Cisco Secure Email and Web Manager

Dec 19, 2025 By Julian Tuin In Arctic Wolf

On December 17, 2025, Cisco published an advisory detailing a new threat campaign identified on December 10, affecting the Cisco AsyncOS software used on Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The campaign is exploiting an unpatched zero-day vulnerability, which only affects deployments with the Spam Quarantine feature enabled. It allows threat actors to execute arbitrary commands with root privileges on affected devices. This feature is not enabled by default.

Read Post

Arctic Wolf

Read more about CVE-2025-20393: Threat Campaign Targeting Cisco Secure Email Gateway, Cisco Secure Email and Web Manager

An Industry Analyst's Take on Nucleus 3.0

Dec 19, 2025 By Nucleus Security In Nucleus

In this episode of Nucleus Conversations, industry analyst and researcher Jon Oltsik unpacks the current state of exposure management, why so many organizations still struggle to manage cyber risk at scale, and the impact the recent Nucleus 3.0 releases will have for customers.

View Video

Nucleus

Read more about An Industry Analyst's Take on Nucleus 3.0

Bug bounties and broken CVEs with Bryan Brake

Dec 19, 2025 By LimaCharlie In LimaCharlie

Join us for this week's Defender Fridays as we explore bug bounty programs, vulnerability management, and the complexities of the CVE system with Brian Break, a veteran security professional with twenty years of experience across endpoint security, consulting, and product security. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

View Video