Operations | Monitoring | ITSM | DevOps | Cloud

If you’re working with containers, SBOMs or any kind of vulnerability scan, you know the drill. Every scan lights up like a Christmas tree. Critical, high, medium and low vulnerabilities. It feels that the list will always go on. The goal is always zero CVEs. And while that sounds great, it’s not realistic. They come at such a high pace, and sometimes they are really hard to resolve. Teams are spending time chasing vulnerabilities that don’t matter.

A critical vulnerability in SAP NetWeaver (CVE-2025-31324) is currently being exploited in the wild. Disclosed on April 24, 2025, this vulnerability has the highest possible CVSS score of 10.0, indicating severe risk. The vulnerability affects SAP NetWeaver Application Server Java's Visual Composer Framework (version 7.50), allowing unauthenticated attackers to upload arbitrary files to NetWeaver servers. This can lead to remote code execution and complete system compromise.

Amazon Inspector is an automated security assessment service that scans AWS workloads for vulnerabilities, misconfigurations, unintended network exposure and compliance risks, helping organizations enhance cloud security, detect threats, and meet regulatory requirements (such as ISO/IEC 27001, HIPAA, NIS 2 and SOC 2 Type 2) in real time. Amazon Inspector discovers and scans Amazon EC2 instances, container images in Amazon ECR (Elastic Container Registry), and Lambda functions.

If you've ever received a call that looked like it was from your bank or, worse, a family member, but turned out to be a scam, you're not alone. These spoofed calls continue to be a huge headache, not just for everyday people but for businesses, phone carriers, and regulators too. The good news? The FCC is stepping up again. Last week, the Federal Communications Commission released a new Notice of Proposed Rulemaking (NPRM) to close a serious gap in our defense against robocalls: non-IP networks.

Why should you monitor PowerShell?…. PowerShell is a powerful automation tool, however its capabilities also make it a prime target for exploitation by cyber attackers. Implementing a robust, automated PowerShell monitoring solution is now essential to detect and prevent exploitation attacks before they compromise your systems. PowerShell is a powerful scripting tool that can automate tasks and manage systems, but its flexibility also makes it a target for abuse.

As more teams rely on public repositories in their software supply chain, the dependency chain has become both a critical foundation and a potential blind spot. Dependency chain abuse is not new, but a growing list of attack vectors - like typosquatting, dependency confusion, and now slopsquatting - means security leaders need to respond quickly as attackers adopt new techniques.

In the race to ship software faster, many teams have turned to automation, decentralised tools, and powerful pipelines. But lurking under the surface of these streamlined processes is a growing and often invisible Identity and Access Management (IAM) threat vector. — a core vulnerability in modern CI/CD security.