Operations | Monitoring | ITSM | DevOps | Cloud

Navigating the Growing Challenge of CVEs in Cybersecurity #shorts

Jun 13, 2025 By Ivanti In Ivanti
Navigating the Growing Challenge of CVEs in Cybersecurity Assets and known CVEs increase annually, complicating the work of security teams. Accumulating old CVEs and overwhelming data from vulnerability scans make compliance difficult. Security teams produce detailed reports for IT teams to address. While regular OS updates can fix many CVEs, delays create backlogs. Improved reporting in the Linux kernel enhances visibility but adds to the number of CVEs, highlighting the need to manage data effectively to tackle vulnerabilities.
View Video
cloudsmith

OWASP CI/CD Part 6: Insufficient Credential Hygiene

Jun 10, 2025 By Nigel Douglas In Cloudsmith
This post, part six of our OWASP CI/CD Top 10 series, looks at some of the common risks associated with Insufficient Credential Hygiene. By better understanding the flaws that affect credential hygiene, we can better understand how even the most sophisticated pipelines were compromised.
Read Post
cloudsmith

OWASP CI/CD Part 5 - Insufficient PBAC

Jun 6, 2025 By Nigel Douglas In Cloudsmith
One of the more overlooked yet critical vulnerabilities highlighted in the OWASP Top 10 for CI/CD Security Risks is Insufficient PBAC (Pipeline-Based Access Controls). Let’s unpack what PBAC is, why it's essential, and how you can leverage modern access control tools like Open Policy Agent (OPA) and Rego to mitigate these risks effectively.
Read Post
rancher

Community Vigilance, Enterprise Response: Addressing CVE-2024-21626 in Rancher

Jun 4, 2025 By Jiaqi Luo In Rancher
In backend engineering, many days follow a familiar rhythm: coffee, code reviews, maybe deploying a new feature. But occasionally, the routine is interrupted by a message that signals a different kind of challenge, like a Slack notification from the security team: “Hey, we’ve identified a potential issue. Need to sync up.” This post details one such instance—our journey addressing CVE-2024-21626, a privilege escalation vulnerability reported in Rancher.
Read Post
ivanti

AI threat hype: why chasing ghosts leaves real vulnerabilities exposed

Jun 2, 2025 By Ivanti In Ivanti
With AI at the center of media and industry focus, cybersecurity teams are increasingly putting pressure on themselves to prepare for AI-fueled cyber attacks. According to Ivanti’s 2025 State of Cybersecurity research, half of IT security professionals ranked “yet unknown weaknesses” as a high or critical threat – the same as or higher than compromised credentials, supply chain risks, DDoS attacks and other real-world threats.
Read Post
cloudsmith

OWASP CI/CD Part 4: Poisoned Pipeline Execution (PPE)

May 29, 2025 By Nigel Douglas In Cloudsmith
Modern development teams often rely on Continuous Integration (CI) pipelines to automate testing, building, and deployment of their code These pipelines are typically defined through configuration files stored within the source code repository. Developers, DevOps engineers, or other contributors with the appropriate permissions frequently need to edit these files to adjust workflows, add new checks, or support evolving project requirements.
Read Post
rancher

Fix What Matters: SUSE Application Collection Adds Real Context to CVEs With OpenVEX

May 28, 2025 By François-Xavier "FX" Houard In Rancher
If you’re working with containers, SBOMs or any kind of vulnerability scan, you know the drill. Every scan lights up like a Christmas tree. Critical, high, medium and low vulnerabilities. It feels that the list will always go on. The goal is always zero CVEs. And while that sounds great, it’s not realistic. They come at such a high pace, and sometimes they are really hard to resolve. Teams are spending time chasing vulnerabilities that don’t matter.
Read Post
haproxy

Protecting Against SAP NetWeaver Vulnerability (CVE-2025-31324) with HAProxy

May 21, 2025 By Jakub Suchy In HAProxy
A critical vulnerability in SAP NetWeaver (CVE-2025-31324) is currently being exploited in the wild. Disclosed on April 24, 2025, this vulnerability has the highest possible CVSS score of 10.0, indicating severe risk. The vulnerability affects SAP NetWeaver Application Server Java's Visual Composer Framework (version 7.50), allowing unauthenticated attackers to upload arbitrary files to NetWeaver servers. This can lead to remote code execution and complete system compromise.
Read Post
eg innovations

What is Amazon Inspector? Monitoring and Alerting with Amazon Inspector

May 21, 2025 By Babu Sundaram In eG Innovations
Amazon Inspector is an automated security assessment service that scans AWS workloads for vulnerabilities, misconfigurations, unintended network exposure and compliance risks, helping organizations enhance cloud security, detect threats, and meet regulatory requirements (such as ISO/IEC 27001, HIPAA, NIS 2 and SOC 2 Type 2) in real time. Amazon Inspector discovers and scans Amazon EC2 instances, container images in Amazon ECR (Elastic Container Registry), and Lambda functions.
Read Post
ribbon

Robocalls Aren't Going Away - But the FCC Is Taking Aim at a Big Vulnerability

May 14, 2025 By Tirthankar Pal In Ribbon
If you've ever received a call that looked like it was from your bank or, worse, a family member, but turned out to be a scam, you're not alone. These spoofed calls continue to be a huge headache, not just for everyday people but for businesses, phone carriers, and regulators too. The good news? The FCC is stepping up again. Last week, the Federal Communications Commission released a new Notice of Proposed Rulemaking (NPRM) to close a serious gap in our defense against robocalls: non-IP networks.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.