%term

CVE202554236: Critical Adobe Commerce and Magento Open Source Flaw Allows Customer Account Takeover and RCE

Sep 10, 2025 By Andres Ramos In Arctic Wolf

On September 9, 2025, Adobe released an out-of-band security update to address a critical vulnerability in Adobe Commerce and Magento Open Source. The vulnerability, tracked as CVE-2025-54236 and referred to in open-source reporting as “SessionReaper,” allows a remote unauthenticated threat actor to take over customer accounts through the Commerce REST API.

Read Post

Arctic Wolf

Read more about CVE202554236: Critical Adobe Commerce and Magento Open Source Flaw Allows Customer Account Takeover and RCE

Product comparison: Detectify vs. Intruder

Sep 10, 2025 By Detectify In Detectify

Intruder is a cloud-based vulnerability scanner that provides an automated overview of an organization’s attack surface. Its primary function is to proactively identify weaknesses across internet-facing infrastructure and applications before they are exploited. The platform’s scanning engine runs a set of checks for both infrastructure-level misconfigurations and application-layer vulnerabilities, like those in the OWASP Top 10. It leverages open-source engines like ZAP to execute its checks.

Read Post

Detectify

Read more about Product comparison: Detectify vs. Intruder

CVE-2025-42944 - Insecure Deserialization in SAP NetWeaver

Sep 10, 2025 By Tal Zamir In IONIX

The IONIX research team is tracking CVE-2025-42944, an insecure deserialization vulnerability affecting SAP NetWeaver AS Java’s RMI-P4 module—a critical issue warranting immediate attention.

Read Post

IONIX

Read more about CVE-2025-42944 - Insecure Deserialization in SAP NetWeaver

When Secure Isn't Safe Uncovering OWASP Top 10 Business Logic Abuse

Sep 10, 2025 By Wallarm In Wallarm

The OWASP Top 10 for Business Logic Abuse reveals the most critical ways attackers exploit the design of your applications, not just their code. Business logic abuse isn’t about SQL injection or XSS, it's about bypassing the rules, manipulating workflows, and triggering unintended behaviors in ways your functional tests never anticipated. Why this Matters? Attackers are shifting from exploiting code flaws to abusing the intended functionality of your applications.These logic-level threats are particularly dangerous because they.

View Video

Wallarm

Read more about When Secure Isn't Safe Uncovering OWASP Top 10 Business Logic Abuse

Machines, the Silent Threat Lurking Inside the Enterprise

Sep 9, 2025 By Brian Ramsey, VP Americas - Sales In Xalient

The digital enterprise is no longer primarily made up of individuals' identities. According to Gartner, over 60% of all identities in a typical organization are non-human. These Non-Human Identities (NHIs) are digital identities assigned to software, services, applications, containers, or devices that require access to systems and data. Unlike human identities, NHIs operate autonomously, at scale, and often with high privilege. This makes them essential for modern automation and uniquely vulnerable to misuse.

Read Post

Xalient

Read more about Machines, the Silent Threat Lurking Inside the Enterprise

Snyk Named a Leader in the 2025 Forrester SAST Wave: SAST Solutions, Q3 2025

Sep 9, 2025 By Ben Desjardins In Snyk

We’re excited to announce that Snyk has been recognized as a Leader in the Forrester Wave: Static Application Security Testing (SAST) Solutions, Q3 2025. This recognition affirms our place at the forefront of developer-first security — and highlights the innovation, customer impact, and platform breadth that continue to set us apart.

Read Post

Snyk

Read more about Snyk Named a Leader in the 2025 Forrester SAST Wave: SAST Solutions, Q3 2025

Introducing UpGuard's Unified CRPM Platform

Sep 9, 2025 By Revashni Moodley In UpGuard

Cybersecurity isn’t a one-off battle. It’s a daily war fought on multiple fronts. Despite this, many security teams have been defending their organizations without cohesive visibility. Isolated security tools present a disjointed defense, one that is still fighting yesterday’s battles, but not today’s cyber threats.

Read Post

UpGuard

Read more about Introducing UpGuard's Unified CRPM Platform

5 Steps to Operationalize Threat Exposure Management

Sep 9, 2025 By Jessica Amado In Seemplicity

Security teams are drowning in findings, but only a fraction of exposures actually put the business at risk. Treating every issue as equal spreads resources thin, slows down remediation, and leaves critical systems exposed. Threat Exposure Management (TEM) changes the equation by forcing teams to focus on the exposures most likely to cause real damage – and to build the operating model that ensures they get fixed.

Read Post

Seemplicity

Read more about 5 Steps to Operationalize Threat Exposure Management

Patch vs. Workaround: How CVEs Actually Get Fixed

Sep 9, 2025 By Diogo Ferreira In BitSight

In order to collect various security-related metrics, Bitsight scans the entire internet, collecting a unique set of data that enables us to carry out a variety of studies that would be extremely difficult for any other company to conduct. One of the metrics that we collect is related to the presence of certain vulnerabilities. For this, we need to take into consideration all possible mitigation strategies that are available and that allow us to reduce the risk.

Read Post

BitSight

Read more about Patch vs. Workaround: How CVEs Actually Get Fixed

Guide to the OWASP Top 10 for LLMs: Vulnerability mitigation with Elastic

Sep 9, 2025 By Rich Cabrera In Elastic

Industries, governments, and enterprises of all kinds have adopted large language models (LLMs) and generative AI (GenAI) into their operations and workflows, unlocking new possibilities for everything from customer interaction to complex data analysis. But with this innovation comes new challenges for security, observability, and data science teams.

Read Post