Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

foresiet

Lazarus Group (APT38 / APT-C-26) Exploits WinRAR Vulnerability CVE-2025-8088 for Archive Poisoning Attacks

Dec 18, 2025 By Foresiet In Foresiet
During routine threat research and monitoring of Chinese-language underground distribution channels, our team identified a malicious RAR archive. Specifically, this archive abuses a critical WinRAR directory traversal vulnerability to achieve arbitrary file write and persistence on Windows systems. To accomplish this, the archive leverages a combination of NTFS Alternate Data Streams (ADS) and directory traversal logic.
Read Post
nucleus

Looking Ahead to 2026: Why Cyber Economics Will Redefine the CISO's Mandate

Dec 18, 2025 By Jeff Gouge In Nucleus
Cybersecurity in 2026 will be driven by economics. Not hype. Not novelty. Economics. Attackers follow financial incentives and scale their operations faster than most enterprises can defend. CISOs must shift from reporting technical metrics to explaining business impact, guide safe AI adoption as Shadow AI grows, and design programs that emphasize resilience over perfection.
Read Post
bitsight

CVE-2025-55182: First Days of React2Shell Exploitations

Dec 18, 2025 By João Godinho In BitSight
On December 3rd Lachlan Davidson disclosed an unauthenticated remote code execution vulnerability in React Server Components (RSC) that exploits how React.js (and Next.js) decodes payloads sent to React Server Function endpoints. On December 4th we started observing fingerprinting attempts for these vulnerabilities and on December 5th we started observing exploitation attempts. React.js is used by 66% of the global digital supply, in the top 0.06% of all technologies.
Read Post
How PPC Campaign Vulnerabilities Can Lead to Ransomware Attacks

How PPC Campaign Vulnerabilities Can Lead to Ransomware Attacks

Dec 18, 2025 By SecuritySenses In SecuritySenses
In the US, search ad spend was expected to reach $124.59 billion in 2024. Those big pay-per-click (PPC) advertising budgets are attracting the attention of cybercriminals. Click fraud is a well-known hazard in marketing circles. However, a more insidious threat lurks in the background.
Read Post
Digital Signage Security: The IoT Vulnerability Hiding in Plain Sight

Digital Signage Security: The IoT Vulnerability Hiding in Plain Sight

Dec 18, 2025 By SecuritySenses In SecuritySenses
Walk through any airport terminal, hospital corridor, or corporate lobby, and you will encounter digital signage displays. They announce flight departures, guide patients to their appointments, and broadcast company news to employees. These screens have become so common that we barely notice them anymore. And that invisibility is precisely the problem. While cybersecurity teams focus their attention on firewalls, endpoint protection, and cloud security, digital signage systems often slip under the radar as low-priority assets. Hackers, however, have taken notice.
Read Post
seemplicity

Modern Exposure Management Is About Outcomes, Not Alerts

Dec 17, 2025 By Megan Horner In Seemplicity
Modern exposure management has evolved beyond vulnerability scanning and alert volume into a discipline focused on measurable risk reduction. As the exposure management market matures, security leaders are adopting cyber exposure management platforms that unify signals across vulnerability, cloud, application, and attack surface tools to prioritize what truly matters.
Read Post
Arctic Wolf

CVE-2025-40602: SonicWall Releases Fix for SMA1000 Privilege Escalation Zero-Day Under Active Attack

Dec 17, 2025 By Andres Ramos In Arctic Wolf
On December 17, 2025, SonicWall released fixes for an actively exploited medium-severity zero-day vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC), tracked as CVE-2025-40602. The vulnerability allows local threat actors to escalate privileges due to insufficient authorization in the SMA1000 AMC and does not affect SSL VPN functionality on SonicWall firewalls.
Read Post

CVE-2025-10573: Stored XSS in Ivanti EPM

Dec 17, 2025 By Indusface In Indusface
A critical stored XSS vulnerability (CVE-2025-10573) in Ivanti Endpoint Manager lets attackers poison the admin dashboard with malicious scripts, leading to session hijacking and device compromise. AppTrana blocks these malicious scan submissions at the edge, preventing stored XSS payloads from ever reaching the EPM dashboard, even before patching.
View Video
indusface

React After React2Shell: New RSC Vulnerabilities Expose DoS and Source Code Risks

Dec 17, 2025 By Bhargavi Pallati In Indusface
The disclosure of React2Shell (CVE-2025-55182) triggered a rapid patching effort across the React and Next.js ecosystem. However, deeper inspection of React Server Components (RSC) in the aftermath revealed additional vulnerabilities in adjacent code paths. These vulnerabilities pose serious operational and security risks.
Read Post

How to mitigate CVE-2025-32433

Dec 17, 2025 By Fidelis Security In Fidelis Security
A critical Erlang SSH vulnerability (CVE-2025-32433), also known as Chainbreaker, allows attackers to exploit pre-auth SSH behavior for remote code execution. In this video, we break down exactly what security teams need to do — from immediate mitigation to long-term prevention. What you’ll learn in this video: How to mitigate CVE-2025-32433 by upgrading Erlang OTP (27.3.3 / 26.2.5.11 / 25.3.2.20)
View Video

Copyright © 2026 OpsMatters™. All rights reserved.