Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

China-linked group targets cloud, Russian cyber espionage, agentic AI systems flaw & Nginx [313]

Apr 20, 2026 By LimaCharlie In LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
View Video
wallarm

Attacking the MCP Trust Boundary

Apr 20, 2026 By Wallarm In Wallarm
Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of.
Read Post
Penetration Testing as a Tool That Reveals the Real State of Cybersecurity

Penetration Testing as a Tool That Reveals the Real State of Cybersecurity

Apr 20, 2026 By SecuritySenses In SecuritySenses
Most security measures are built on the assumption that if something is configured correctly, it is secure. But there is a big difference between "configured" and "able to withstand an attack" - a gap that cannot be seen without practical testing. Penetration testing is not just another item on a compliance checklist; it is a way to get an honest and realistic answer to the question that truly matters to a business: can an attacker reach what is most important to us?
Read Post
memcyco

How to Detect Man-in-the-Middle Attacks: Indicators, Methods, and Detection Gaps

Apr 17, 2026 By Ezra M. In Memcyco
Most MITM attacks don’t announce themselves. No alerts fire, no certificates visibly break, and no users report anything unusual. By the time the interception is discovered, credentials or session tokens are already in attacker hands. Knowing how to detect man-in-the-middle attacks requires looking across multiple layers: network traffic, DNS resolution, TLS certificate integrity, and session behavior.
Read Post
sophos

QEMU abused to evade detection and enable ransomware delivery

Apr 16, 2026 By Morgan Demboski In Sophos
Sophos analysts are investigating the active abuse of QEMU, an “open-source machine emulator and virtualizer,” by threat actors seeking to hide malicious activity within virtualized environments. Attackers are drawn to QEMU and more common hypervisor-based virtualization tools like Hyper-V, VirtualBox, and VMware because malicious activity within a virtual machine (VM) is essentially invisible to endpoint security controls and leaves little forensic evidence on the host itself.
Read Post
bitsight

Analyzing the RondoDox Botnet: A DDoS and Mining Threat

Apr 16, 2026 By João Godinho In BitSight
A few weeks ago we published the first part of this series where we described the infrastructure used by the RondoDox threat actors to scan and exploit vulnerable systems. In this second post we’ll take a deep dive into the malware that is deployed into vulnerable systems. Specifically, we’ll look at the initial implant used to fetch the RondoDox binary and the binary itself, detailing its behaviour, how it communicates with the Command and Control (C2), and its malicious capabilities.
Read Post
graylog

How Lean Security Teams Stay Ahead of AI-Powered Attacks

Apr 16, 2026 By Jeff Darrington In Graylog
In “Terminator 2“, the T-800 does not win because humans worked harder. It wins because the same machine capability that made it dangerous was reprogrammed to fight for the defenders. Project Glasswing is exactly that. Claude Mythos Preview is Anthropic’s most powerful AI model and the one they refused to release publicly because it autonomously found thousands of zero-day vulnerabilities across every major operating system and browser. Flaws that decades of expert review never caught.
Read Post

Understanding how attackers think & how you avoid threats with Terry Bradley, Mile High Cyber [311]

Apr 15, 2026 By LimaCharlie In LimaCharlie
Terry Bradley, Founder and President of Mile High Cyber, shares how you can uncover vulnerabilities and strengthen your organization's defenses with expert penetration testing and security assessments.
View Video

82% of Attacks Skip Malware Entirely

Apr 15, 2026 By CrowdStrike In CrowdStrike
27 seconds. That’s how fast an adversary can move to your critical systems. In this clip, you’ll learn: How adversaries blend in using everyday admin tools Why traditional, reactive security models fall behind What makes modern intrusions so hard to detect Watch the full video to see how teams are shifting to proactive hunting.
View Video
Featured Post
Iranian Cyber Threats, Geopolitics and the New Cyber Reality

Iranian Cyber Threats, Geopolitics and the New Cyber Reality

Apr 13, 2026 By Robert Hannigan, Chairman of International Business In BlueVoyant
In recent weeks, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the National Cyber Security Centre (NCSC) have all issued warnings about the growing risk of cyber activity attributed to Iranian-aligned actors. Their message is clear: the geopolitical situation is volatile, and organisations should assume they may be in scope for retaliation. The agencies all highlight similar weaknesses being repeatedly exploited: unpatched vulnerabilities, weak identity controls, and exposed remoteaccess services.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.