Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

WatchGuard

RIP mVPN: Why ZTNA Is the Future of Secure Access for SMBs

Feb 4, 2026 By Martin Lethbridge In WatchGuard
Once upon a time, the managed VPN (mVPN) was the hero of remote work. Employees worked from the office, servers lived in cupboards, and if you could gain access to the network, you were trusted. Fast forward to today, and that hero has not aged well. Hybrid work is permanent. Cloud apps rule. Attackers are smarter, faster, and annoyingly persistent. SMB IT teams are expected to hold it all together with limited time, limited budget, and zero tolerance for downtime.
Read Post
memcyco

Account Takeover Fraud in 2026: How Attacks Really Happen and How to Stop Them Before Impact

Feb 4, 2026 By Ran Arad In Memcyco
Account takeover (ATO) fraud is a critical threat to digital businesses. Despite heavy investment in MFA and login anomaly detection, many attacks succeed because they bypass traditional safeguards entirely. Modern ATO doesn’t start at the login screen. It begins upstream with pre-login exposure and real-time credential relay, allowing attackers to hijack sessions before traditional defenses even engage.
Read Post
levelblue

Through a Strategic Partnership with LevelBlue, AT&T Named as a Leader in the IDC Worldwide Managed SASE Services 2025

Feb 4, 2026 By LevelBlue In LevelBlue
AT&T, through a partnership with LevelBlue, has been positioned in the Leaders Category in the IDC MarketScape: Worldwide Managed SASE Services 2025 Vendor Assessment (doc October 2025). The IDC MarketScape noted, “AT&T offers managed SASE services globally through a strategic partnership with LevelBlue — AT&T's spun-off cybersecurity arm, now a joint venture with WillJam Ventures.
Read Post
securonix

Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode

Feb 4, 2026 By Akshay Gaikwad, Shikha Sangwan, Aaron Beardslee In Securonix
Securonix Threat Research has been tracking a stealthy malware campaign that uses an uncommon chain of VHD abuse, script-based execution, self-parsing batch logic, fileless PowerShell injections and ultimately dropping RAT. The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory shellcode injection into trusted Windows processes, never dropping a decrypted binary to disk.
Read Post
safeaeon

Passwordless Authentication: Where It Strengthens Security and Where It Doesn't

Feb 4, 2026 By SafeAeon Inc. In SafeAeon
Passwords are still used almost everywhere. People reuse and share their passwords without knowing the risks. Attackers take advantage of these situations. Phishing emails and malware are enough to steal a password, and this is how many security incidents start. The problem can be reduced using passwordless authentication. When passwords are removed from the login process, attackers would find it difficult to attack that device or account.
Read Post
sentrium

Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251)

Feb 4, 2026 By Theklis Stefani In Sentrium
During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and exchange attachments through ticket replies.
Read Post
How Whistleblowers and Activists Protect Their Identity When Mailing

How Whistleblowers and Activists Protect Their Identity When Mailing

Feb 4, 2026 By SecuritySenses In SecuritySenses
When you deal with sensitive information as a whistleblower, activist, or journalist, even sending regular documents can feel risky. Sure, the letter itself can be 100% legal, nothing shady at all, just information. But the stress is still there. The problem isn't really what you're sending. rather it's the trail that leads straight back to you.
Read Post
What Happens If the At-Fault Driver Was Working at the Time of the Crash?

What Happens If the At-Fault Driver Was Working at the Time of the Crash?

Feb 4, 2026 By SecuritySenses In SecuritySenses
You got hurt in a crash. The other driver caused it. Then you learn that driver was on the clock for work. That one fact can change everything. It can affect who pays your medical bills. It can affect lost wages. It can affect how you rebuild your life. When a driver works, the employer may share legal responsibility. The company may have insurance with higher limits. Yet the rules are strict. You must show the driver was actually working. You must also act fast. Evidence fades. Memories shift. Companies protect themselves.
Read Post
Featured Post
Innovation at Speed: Why Machine Identity Security Is Now a Boardroom Priority

Innovation at Speed: Why Machine Identity Security Is Now a Boardroom Priority

Feb 3, 2026 By Dave McGrail, Head of Business Consultancy In Xalient
CEOs across the manufacturing sector remain optimistic about the potential of digital transformation to boost productivity, efficiency, and competitiveness. Yes - manufacturers face a double bind - innovate fast (and potentially feel pain) or risk falling behind; but every step forward expands the attack surface. This sits alongside a stark reality: the manufacturing sector now suffers 26% of all cyberattacks, making it one of the most targeted industries globally. However, the most significant emerging threat is not always the one that leaders expect.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.