Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cyberark

Contain the SSO blast radius: Identity security beyond MFA

Feb 4, 2026 By Eric Sun In CyberArk
Over the past week, multiple research teams have documented a renewed wave of voice-led social engineering (vishing) targeting identity providers and federated access. The entry point is not through malware or a zero-day exploit. The goal is simple. Persuade a user to help complete authentication in real time, then use that trusted session to move through SaaS applications and exfiltrate data. Security leaders already know the fundamentals. Multi-factor authentication (MFA) can be socially engineered.
Read Post
miniorange

User Provisioning and Data Synchronization - User Synchronization for WordPress

Feb 4, 2026 By Identity & Access Management (IAM) In miniOrange
With the growth of any business or organization, the importance of data accuracy, consistency, and privacy is rising. Things that may seem like a minor data error or glitch can have a major negative impact on sales, decision-making, and customer retention.
Read Post
apono

Passing SOC 2 Without the Overhead: How Zero Standing Privileges Simplifies Compliance

Feb 4, 2026 By Gabriel Avner In Apono
Getting ready for a SOC 2 audit can feel like an endless checklist. You already have tools collecting logs, provisioning users, and pulling reports from your systems, yet proving compliance still feels harder than it should be. The biggest pain in SOC 2 is not collecting data. It is managing access in a way that continuously aligns with your own policies.
Read Post
graylog

Anomaly Detection with Machine Learning to Improve Security

Feb 4, 2026 By Jeff Darrington In Graylog
Being a security analyst can feel like being trapped in a Where’s Waldo book. You can find yourself staring at a data stream looking for something that “isn’t like the others.” However, as your organization collects and correlates more data from the environment, finding the Waldo can feel overwhelming. In a modern IT environment, organizations have hundreds or thousands of devices, users, and data points that they need to correlate so they can identify normal network activity.
Read Post
keeper

What's New With Keeper | February 2026

Feb 4, 2026 By Rachel Gessner In Keeper
The Keeper Security Government Cloud (KSGC) platform has been authorized at the FedRAMP High baseline, enabling federal civilian agencies to protect high-impact unclassified data as defined under FIPS 199 and FedRAMP High baselines. The “High Impact” designation applies to systems where unauthorized access or disruption could cause severe or catastrophic harm to agency operations, assets or individuals.
Read Post
kovrr

The Monetary Authority of Singapore (MAS) on AI Risk Governance

Feb 4, 2026 By Kovrr In Kovrr
‍ ‍The Monetary Authority of Singapore's (MAS) Consultation Paper on Guidelines on Artificial Intelligence Risk Management, released in November 2025, dramatically altered how AI is positioned within the country’s financial supervision. The document states that the proposed Guidelines "set out MAS' supervisory expectations relating to AI risk management in financial institutions (FIs)" (p.3).
Read Post
Razorthorn

Third Party Supplier Security: Are Your Vendors Safe?

Feb 4, 2026 By Razorthorn In Razorthorn
Your third party suppliers probably aren’t as secure as you think they are. SecurityScorecard’s 2025 Global Third Party Breach Report found that at least 35.5% of all data breaches in 2024 originated from third party compromises. That’s not a minor risk you can ignore. The numbers tell a stark story. But here’s what most organisations miss: the real figure is likely higher since many breaches aren’t disclosed or are mistakenly reported as internal incidents.
Read Post
What Happens If the At-Fault Driver Was Working at the Time of the Crash?

What Happens If the At-Fault Driver Was Working at the Time of the Crash?

Feb 4, 2026 By SecuritySenses In SecuritySenses
You got hurt in a crash. The other driver caused it. Then you learn that driver was on the clock for work. That one fact can change everything. It can affect who pays your medical bills. It can affect lost wages. It can affect how you rebuild your life. When a driver works, the employer may share legal responsibility. The company may have insurance with higher limits. Yet the rules are strict. You must show the driver was actually working. You must also act fast. Evidence fades. Memories shift. Companies protect themselves.
Read Post
How Whistleblowers and Activists Protect Their Identity When Mailing

How Whistleblowers and Activists Protect Their Identity When Mailing

Feb 4, 2026 By SecuritySenses In SecuritySenses
When you deal with sensitive information as a whistleblower, activist, or journalist, even sending regular documents can feel risky. Sure, the letter itself can be 100% legal, nothing shady at all, just information. But the stress is still there. The problem isn't really what you're sending. rather it's the trail that leads straight back to you.
Read Post
Featured Post
Innovation at Speed: Why Machine Identity Security Is Now a Boardroom Priority

Innovation at Speed: Why Machine Identity Security Is Now a Boardroom Priority

Feb 3, 2026 By Dave McGrail, Head of Business Consultancy In Xalient
CEOs across the manufacturing sector remain optimistic about the potential of digital transformation to boost productivity, efficiency, and competitiveness. Yes - manufacturers face a double bind - innovate fast (and potentially feel pain) or risk falling behind; but every step forward expands the attack surface. This sits alongside a stark reality: the manufacturing sector now suffers 26% of all cyberattacks, making it one of the most targeted industries globally. However, the most significant emerging threat is not always the one that leaders expect.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.