Operations | Monitoring | ITSM | DevOps | Cloud

flowmon

Chrysalis Backdoor: What You Need to Know - and How Progress Flowmon Threat Briefing Helps You Stay Ahead

Feb 6, 2026 By Martin Škoda In Flowmon
A newly analyzed threat, Chrysalis, is a sophisticated backdoor attributed to the Chinese APT group Lotus Blossom. The malware employs advanced evasion techniques including heavy obfuscation, API hashing, dynamic DNS resolution, custom encryption and stealthy C2 communication disguised as legitimate traffic.
Read Post
ivanti

Exposure Management vs. Vulnerability Management: Which Delivers Real Risk Reduction?

Jan 29, 2026 By William Graf In Ivanti
Vulnerability management has served organizations and the cybersecurity industry for years. It is a capable practice that has helped companies defend their attack surface and prevent threat actors from exploiting vulnerabilities. But technology and IT infrastructure have evolved. Vulnerability management no longer can meet the challenges that come with this evolution.
Read Post

Addressing Critical Linux CVEs and React Vulnerabilities #patch

Dec 19, 2025 By Ivanti In Ivanti
Key Takeaways December Patch Tuesday lineup includes one known exploit in the Windows OS that warrants attention. Third-party Patch Tuesday updates include Mozilla and Adobe. Google Chrome released iOS updates so far, but a Chrome Desktop release is expected this week. Here we are at the final Patch Tuesday for 2025. Microsoft has resolved 56 CVEs (two Critical and 54 Important). Included in this release is one known exploited (CVE-2025-62221) and two publicly disclosed CVEs (CVE-2025-54100 and CVE-2025-64671).
View Video
Understanding Today's Biggest Cyber Threats and How Professionals Can Prepare

Understanding Today's Biggest Cyber Threats and How Professionals Can Prepare

Dec 19, 2025 By OpsMatters In OpsMatters
Cyber threats are growing faster than many organizations can keep up with. As technology becomes more connected and embedded in daily life, the risks around digital systems rise just as quickly. Businesses, individuals, and governments depend on networks, cloud services, and remote tools, and each layer introduces new vulnerabilities. Attackers continually refine their methods, making the threat landscape constantly shift.
Read Post

Latest Software Updates: Adobe, Microsoft, and Mozilla #shorts #patch

Dec 18, 2025 By Ivanti In Ivanti
Adobe has released five updates, featuring a major cold fusion update addressing over 140 CVEs. Microsoft has issued six updates, with no critical CVEs in its OS update. Mozilla has rolled out three critical updates for Firefox. Effective management of CVEs relies on risk-based prioritization, as individual ratings may not accurately represent real-world risks.
View Video
haproxy

HAProxy Enterprise WAF Protects Against React2Shell (CVE-2025-55182)

Dec 8, 2025 By Ron Northcutt In HAProxy
On December 3, 2025, the React team announced a critical security vulnerability in React Server Components (RSC). Identified as CVE-2025-55182 (and covering the now-duplicate CVE-2025-66478), this flaw allows unauthenticated attackers to execute arbitrary JavaScript code on backend servers.
Read Post
harness

Protect Against Critical Unauthenticated RCE in React & Next.js (CVE-2025-55182) with Traceable WAF

Dec 4, 2025 By Roshan Piyush In Harness
A critical, unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-55182, has been discovered in React Server Components and Next.js with the maximum severity rating of 10.0. The article highlights that Traceable by Harness WAF provided immediate, proactive protection against this vulnerability class through multi-layered defenses like Server Side Template Injection (SSTI) and Node.js Injection attack rules, even before the CVE was officially disclosed.
Read Post
Beyond the Budget Cut: Strategically Investing in Business Continuity

Beyond the Budget Cut: Strategically Investing in Business Continuity

Dec 1, 2025 By OpsMatters In OpsMatters
When budgets tighten, it's easy to cut expenses across the board, but doing so can overlook the essential need for business continuity. Strategic investment in continuity isn't about spending more - it's about spending wisely to protect core operations and stay resilient against disruptions.
Read Post
Why do companies buy Exposure Management Platforms?

Why do companies buy Exposure Management Platforms?

Nov 29, 2025 By OpsMatters In OpsMatters
For the better part of two decades, the cybersecurity industry has been running on a treadmill. We call it "Vulnerability Management," but in practice, it's often little more than a never-ending game of "Whac-A-Mole." Security teams run a scan, generate a 500-page PDF of Critical vulnerabilities, hand it to IT, and pray that patching happens before an exploit does. Then, they repeat the cycle next week.
Read Post

Critical Vulnerabilities in Linux and VMware Tools: What You Need to Know #patch

Nov 20, 2025 By Ivanti In Ivanti
CVE 2025-11561 affects Red Hat Linux and other distributions, requiring configuration of the Kross local authentication plugin for mitigation. Linux updates differ by vendor, with some delays in addressing vulnerabilities. A VMware tools vulnerability is actively exploited, prompting a recommendation to upgrade to a supported Linux version. Additionally, CVE 2025-58438 presents a traversal vulnerability in Python libraries on both Windows and Linux, resolved by upgrading to version 5.5.0.1.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.