Operations | Monitoring | ITSM | DevOps | Cloud

Inside Vulnerability Management: Live Demo & Roadmap

Jun 25, 2025 By N-able In N-able
Explore what’s new — and what’s coming next — in Vulnerability Management for N-central and N-sight. Hosted by Product Manager Geoff Green, this session covers current capabilities, recent enhancements, and a look at the roadmap. Watch the live demo, hear how your feedback is shaping development, and get answers to top questions in the live Q&A. Now included in both N-central and N-sight RMM platforms.
View Video
cloudsmith

OWASP CI/CD Part 8: Ungoverned Usage of 3rd Party Services

Jun 20, 2025 By Nigel Douglas In Cloudsmith
The boundaries of what organizations build internally and what they adopt externally have blurred. Developers routinely integrate third-party services into critical CI/CD pipelines, often with minimal friction and limited oversight. This rapid plug-and-play convenience, while key to modern engineering velocity, is also quietly expanding the attack surface in ways many teams struggle to track - let alone govern.
Read Post

Understanding Vulnerability and Patch Management Challenges #shorts

Jun 16, 2025 By Ivanti In Ivanti
Understanding Vulnerability and Patch Management Challenges Vulnerability and patch management often face challenges due to persistent false findings. OS updates can create missed maintenance windows, leaving systems exposed. Applying cumulative updates correctly can help resolve these issues. However, systems may still show as up to date while harboring vulnerabilities due to misidentified software. A notable example is a Java vulnerability that continues to exist despite updates, as it is part of a custom solution.
View Video
cloudsmith

OWASP CI/CD Part 7: Insecure System Configuration

Jun 16, 2025 By Nigel Douglas In Cloudsmith
Insecure system configuration is a textbook example of how neglected settings can create an entry point for attackers targeting your CI/CD pipelines. It’s rarely the cutting-edge zero-day that causes a breach. More often, it’s the unpatched service, the overly permissive role, or the default password that was never changed. While this risk overlaps with CI/CD credential hygiene (covered in Part 6 of our OWASP CI/CD series), the focus here is much broader.
Read Post

Navigating the Growing Challenge of CVEs in Cybersecurity #shorts

Jun 13, 2025 By Ivanti In Ivanti
Navigating the Growing Challenge of CVEs in Cybersecurity Assets and known CVEs increase annually, complicating the work of security teams. Accumulating old CVEs and overwhelming data from vulnerability scans make compliance difficult. Security teams produce detailed reports for IT teams to address. While regular OS updates can fix many CVEs, delays create backlogs. Improved reporting in the Linux kernel enhances visibility but adds to the number of CVEs, highlighting the need to manage data effectively to tackle vulnerabilities.
View Video
cloudsmith

OWASP CI/CD Part 6: Insufficient Credential Hygiene

Jun 10, 2025 By Nigel Douglas In Cloudsmith
This post, part six of our OWASP CI/CD Top 10 series, looks at some of the common risks associated with Insufficient Credential Hygiene. By better understanding the flaws that affect credential hygiene, we can better understand how even the most sophisticated pipelines were compromised.
Read Post
cloudsmith

OWASP CI/CD Part 5 - Insufficient PBAC

Jun 6, 2025 By Nigel Douglas In Cloudsmith
One of the more overlooked yet critical vulnerabilities highlighted in the OWASP Top 10 for CI/CD Security Risks is Insufficient PBAC (Pipeline-Based Access Controls). Let’s unpack what PBAC is, why it's essential, and how you can leverage modern access control tools like Open Policy Agent (OPA) and Rego to mitigate these risks effectively.
Read Post
rancher

Community Vigilance, Enterprise Response: Addressing CVE-2024-21626 in Rancher

Jun 4, 2025 By Jiaqi Luo In Rancher
In backend engineering, many days follow a familiar rhythm: coffee, code reviews, maybe deploying a new feature. But occasionally, the routine is interrupted by a message that signals a different kind of challenge, like a Slack notification from the security team: “Hey, we’ve identified a potential issue. Need to sync up.” This post details one such instance—our journey addressing CVE-2024-21626, a privilege escalation vulnerability reported in Rancher.
Read Post
ivanti

AI threat hype: why chasing ghosts leaves real vulnerabilities exposed

Jun 2, 2025 By Ivanti In Ivanti
With AI at the center of media and industry focus, cybersecurity teams are increasingly putting pressure on themselves to prepare for AI-fueled cyber attacks. According to Ivanti’s 2025 State of Cybersecurity research, half of IT security professionals ranked “yet unknown weaknesses” as a high or critical threat – the same as or higher than compromised credentials, supply chain risks, DDoS attacks and other real-world threats.
Read Post
cloudsmith

OWASP CI/CD Part 4: Poisoned Pipeline Execution (PPE)

May 29, 2025 By Nigel Douglas In Cloudsmith
Modern development teams often rely on Continuous Integration (CI) pipelines to automate testing, building, and deployment of their code These pipelines are typically defined through configuration files stored within the source code repository. Developers, DevOps engineers, or other contributors with the appropriate permissions frequently need to edit these files to adjust workflows, add new checks, or support evolving project requirements.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.