Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Deepfake Candidates Are Getting Hired - Here's How

Dec 9, 2025 By Cloudflare In Cloudflare
Hiring in 2025: Is the person you hired even real? Deepfakes resumes. Outsourced interviews. Candidates landing jobs they never intended to do. We've moved from KYC to KYE, and organizations haven't caught up yet. In the latest episode of The Connectivity Cloud Podcast, we explore how attackers are weaponizing the job market with Vladimir Krupnov and Blake Darché. For anyone in hiring, HR tech, or security leadership, this is a must-listen.
View Video

How Salt Security & AWS Simplify API Security

Dec 9, 2025 By Salt Security In Salt Security
See your Blind Spots in Minutes, not Months: How Salt Security & AWS Simplify API Security AI agents and cloud-native architectures have unleashed a wave of APIs and with them, new attack surfaces. Most security teams are struggling to keep up, especially in dynamic AWS environments where shadow and zombie APIs can easily go undetected. This Salt Security and AWS webinar explores a better approach to API discovery and security in AWS without the burden of in-line traffic collection or sensor deployments.
View Video
armo

The 3 Biggest Cloud Workload Threats (and Why Teams Miss Them)

Dec 8, 2025 By Ben Hirschberg In ARMO
In this article, we’ll break down the three most prevalent runtime threat vectors behind most modern cloud breaches – and why traditional cloud security tools fail to detect them. Let’s get one thing clear: the cloud itself hasn’t become more dangerous – but cloud-native architectures fundamentally changed the threat landscape. In the datacenter era, most threats targeted hosts, networks, and endpoints.
Read Post
Azure Tenant Hardening Basics: Identity, Conditional Access, and "Default Safe" Settings

Azure Tenant Hardening Basics: Identity, Conditional Access, and "Default Safe" Settings

Dec 8, 2025 By SecuritySenses In SecuritySenses
When you spin up a new Azure tenant, it's easy to assume that Microsoft has locked the doors and barred the windows for you. The interface is sleek, the services are powerful, and the infrastructure is world-class. But here is the uncomfortable truth: while the cloud infrastructure is secure, your specific configuration of it likely isn't. A default Azure Active Directory (now Microsoft Entra ID) environment is designed for usability and adoption, not maximum security. It prioritizes getting your team connected over keeping bad actors out.
Read Post

Delivering Intelligent IT Foundations for Safe AI Usage

Dec 5, 2025 By JumpCloud In JumpCloud
JumpCloud CTO Greg Keller explains why traditional, fragmented IT tools create a critical Zero Trust gap for AI agents, bots, and non-human identities (NHIs). The biggest inhibitor to innovation isn't restrictive policy—it's the internal lack of a unified identity foundation. Learn how to address "identity sprawl" and transform IT operations to deliver auditable trust, extend Zero Trust enforcement to machine-to-machine interactions, and build the Intelligent IT foundations required for safe, accelerated AI adoption.
View Video

Episode 3 - Network Visibility in the Cloud: Why Network Traffic Analysis Remains Critical

Dec 4, 2025 By Corelight In Corelight
Richard Bejtlich discusses cloud security from a network-centric perspective with Corelight's cloud security researcher, David Burkett. They explore why monitoring network traffic remains essential in cloud environments, despite the presence of native security features offered by cloud providers. David highlights common threats such as container compromises, coin miners, and supply chain attacks, emphasizing the value of traffic visibility for detecting unusual behaviors and breaches.
View Video
securonix

Built for AWS. Built for How Security Teams Really Work.

Dec 3, 2025 By Jeff Fink, Director, Cloud Alliances In Securonix
Every security team I meet is dealing with the same pressure: more cloud, more AI, more data, more noise, and less time. The cloud promised speed and flexibility, and it delivered. However, customers are asking for an easier path to understanding what’s actually happening across that environment. That gap, between what teams can see and what they need to see, is where threats hide.
Read Post
salt security

Securing the New AI Edge: Why Salt Security Is Bringing MCP Protection to AWS WAF

Dec 3, 2025 By Eric Schwake In Salt Security
The definition of the "edge" is changing. For years, security teams have focused on the traditional perimeter: web applications, public APIs, and user interfaces. We built firewalls, deployed WAFs, and established strict access controls to keep bad actors out. But with the rapid adoption of Agentic AI, the perimeter has expanded. Today, your "edge" isn't just where users connect to your apps; it's where AI agents connect to your data.
Read Post
cloudflare

Cloudflare WAF proactively protects against React vulnerability

Dec 3, 2025 By Daniele Molteni In Cloudflare
Cloudflare has deployed a new protection to address a vulnerability in React Server Components (RSC). All Cloudflare customers are automatically protected, including those on free and paid plans, as long as their React application traffic is proxied through the Cloudflare Web Application Firewall (WAF). Cloudflare Workers are inherently immune to this exploit. React-based applications and frameworks deployed on Workers are not affected by this vulnerability.
Read Post
cloudflare

Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets

Dec 3, 2025 By Omer Yoachimik In Cloudflare
Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.