Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Elevating and Evolving the Role of the Channel

Nov 20, 2025 By Nucleus Security In Nucleus
Nucleus Manager of Channel Enablement and Training, Tony Ramirez, talks about his recent recognition in CRN's 100 people to know for the channel. During this conversation, he also discusses the evolving role of channel leaders in cybersecurity, the importance of continuous threat exposure management (CTEM) as a process rather than a tool, and the need for contextual understanding in vulnerability management. Tony emphasizes the significance of engaging non-security stakeholders and the opportunities for the channel to educate clients on security posture and vulnerability management.
View Video
foresiet

FortiWeb CVE-2025-58034: Exploited Zero-Day Command Injection in WAF

Nov 20, 2025 By Foresiet In Foresiet
Dissecting the active-in-the-wild OS command injection vulnerability and its implications for enterprise threat monitoring In November 2025, threat intelligence teams began warning of a newly discovered zero-day vulnerability in a widely-deployed web application firewall appliance. The vulnerability — CVE-2025-58034 — allows authenticated attackers to execute arbitrary OS commands via crafted HTTP requests or CLI commands.
Read Post
squarex

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Nov 19, 2025 By SquareX
SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users' devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands on users' devices, capabilities that traditional browsers explicitly prohibit. Concerningly, there is limited official documentation on the MCP API.
Read Post
seal security

OWASP Named Software Supply Chain Failures. Now It's Time to Fix Them.

Nov 19, 2025 By Bruce Gibson In Seal Security
Since OWASP unveiled its 2025 Top 10, one of the most-discussed items has been A03: Software Supply Chain Failures. For many in AppSec, this came as no surprise; enterprise software’s reliance on open source has become one of its greatest strengths and arguably its biggest liability.
Read Post
outpost 24

UK Cyber Security and Resilience Bill: What you need to know

Nov 19, 2025 By Marcus White In Outpost 24
The UK government introduced the Cyber Security and Resilience Bill to Parliament on November 12th, 2025. Science, Innovation and Technology Secretary Liz Kendall stated: “Cybersecurity is national security. This legislation will enable us to confront those who would disrupt our way of life.” If you work in healthcare, energy, water, transport, or supply IT services to these sectors, this legislation will directly affect how you manage cybersecurity.
Read Post
How Managed Cybersecurity Services Reduce Risk and Enable Business Growth

How Managed Cybersecurity Services Reduce Risk and Enable Business Growth

Nov 19, 2025 By SecuritySenses In SecuritySenses
Today's organizations of all sizes face increasing pressure to protect sensitive data, maintain compliance, and defend against sophisticated cyberattacks. At the same time, they must continue innovating, scaling, and delivering exceptional customer experiences. This dual mandate-security and growth-can feel at odds for many companies.
Read Post
bitsight

CVSS Is a Little Bit of Risk: Rethinking CVSS in Vulnerability Prioritization

Nov 18, 2025 By Ben Edwards In BitSight
The best part about my job is that I sometimes get to make some controversial statements. Well, as controversial as things can be in a niche area of cybersecurity like “what is a reasonable measure of vulnerability risk?” Along with my colleague Sander Vinberg we got to explore this question earlier this year at the second Annual VulnCon conference in Raleigh. Even though it’s only been held twice, it is quickly becoming one of my favorite conferences.
Read Post

Django Vulnerabilities Expose Apps to SQL Injection & DoS Attacks

Nov 18, 2025 By Indusface In Indusface
The Django Software Foundation has released critical security fixes for CVE-2025-64459 (SQL Injection) and CVE-2025-64458 (Denial of Service) vulnerabilities. These vulnerabilities affect query construction and redirect handling in Django, putting applications and data at risk. See how AI-powered AppTrana stops these attacks from Day 0.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.