Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

securonix

Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode

Feb 4, 2026 By Akshay Gaikwad, Shikha Sangwan, Aaron Beardslee In Securonix
Securonix Threat Research has been tracking a stealthy malware campaign that uses an uncommon chain of VHD abuse, script-based execution, self-parsing batch logic, fileless PowerShell injections and ultimately dropping RAT. The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory shellcode injection into trusted Windows processes, never dropping a decrypted binary to disk.
Read Post
safeaeon

Passwordless Authentication: Where It Strengthens Security and Where It Doesn't

Feb 4, 2026 By SafeAeon Inc. In SafeAeon
Passwords are still used almost everywhere. People reuse and share their passwords without knowing the risks. Attackers take advantage of these situations. Phishing emails and malware are enough to steal a password, and this is how many security incidents start. The problem can be reduced using passwordless authentication. When passwords are removed from the login process, attackers would find it difficult to attack that device or account.
Read Post
sentrium

Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251)

Feb 4, 2026 By Theklis Stefani In Sentrium
During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and exchange attachments through ticket replies.
Read Post
How Whistleblowers and Activists Protect Their Identity When Mailing

How Whistleblowers and Activists Protect Their Identity When Mailing

Feb 4, 2026 By SecuritySenses In SecuritySenses
When you deal with sensitive information as a whistleblower, activist, or journalist, even sending regular documents can feel risky. Sure, the letter itself can be 100% legal, nothing shady at all, just information. But the stress is still there. The problem isn't really what you're sending. rather it's the trail that leads straight back to you.
Read Post
What Happens If the At-Fault Driver Was Working at the Time of the Crash?

What Happens If the At-Fault Driver Was Working at the Time of the Crash?

Feb 4, 2026 By SecuritySenses In SecuritySenses
You got hurt in a crash. The other driver caused it. Then you learn that driver was on the clock for work. That one fact can change everything. It can affect who pays your medical bills. It can affect lost wages. It can affect how you rebuild your life. When a driver works, the employer may share legal responsibility. The company may have insurance with higher limits. Yet the rules are strict. You must show the driver was actually working. You must also act fast. Evidence fades. Memories shift. Companies protect themselves.
Read Post
Featured Post
Innovation at Speed: Why Machine Identity Security Is Now a Boardroom Priority

Innovation at Speed: Why Machine Identity Security Is Now a Boardroom Priority

Feb 3, 2026 By Dave McGrail, Head of Business Consultancy In Xalient
CEOs across the manufacturing sector remain optimistic about the potential of digital transformation to boost productivity, efficiency, and competitiveness. Yes - manufacturers face a double bind - innovate fast (and potentially feel pain) or risk falling behind; but every step forward expands the attack surface. This sits alongside a stark reality: the manufacturing sector now suffers 26% of all cyberattacks, making it one of the most targeted industries globally. However, the most significant emerging threat is not always the one that leaders expect.
Read Post
trustcloud

Mastering HIPAA compliance in telemedicine: Secure remote healthcare delivery in 2026

Feb 3, 2026 By Shweta Dhole In TrustCloud
Telemedicine has revolutionized healthcare delivery, enabling patients to access medical consultations from the comfort of their homes. However, this shift to virtual care necessitates strict adherence to the Health Insurance Portability and Accountability Act (HIPAA) to ensure the protection of patient privacy and the security of electronic health information.
Read Post
miniorange

What to Look for in a PAM Solution: Essential Features and Requirements

Feb 3, 2026 By Vipika Kotangale In miniOrange
Security breaches occur in 86% of cases because of unauthorized privileged credential access, while the PAM market reached $4 billion in 2025 because of rising identity-based threats which include ransomware and cloud sprawl. Organizations need to address their hybrid system problems and AI-based cyber threats during 2026 because their existing password storage systems fail to fulfill their requirements.
Read Post
cyberhaven

Cyberhaven DSPM: Uniting DSPM & DLP to Secure Data in the AI Era

Feb 3, 2026 By Bruce Chen In Cyberhaven
Enterprise security programs were built for a time when data lived in a small number of predictable locations. That model no longer holds. Today, data is constantly created, copied, transformed, and shared across cloud applications, endpoints, on-prem systems, and generative AI tools, often without clear visibility. Protecting data in the AI era requires three pillars: holistic visibility across the full data lifecycle, a deep understanding of data with context (e.g.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.