Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

riscosity

The Strengths and Shortcomings of AI Control Tower

Jan 26, 2026 By Anirban Banerjee In Riscosity
This is why platforms like ServiceNow AI Control Tower are showing up in governance roadmaps. Control Tower helps organizations standardize how AI systems are requested, reviewed, cataloged, and managed across their lifecycle. It can bring order to chaos. But there’s a second, equally important reality: the strongest governance workflow in the world can’t govern what it can’t see.
Read Post
Safeguarding Transactions Outside Traditional Banking Channels

Safeguarding Transactions Outside Traditional Banking Channels

Jan 26, 2026 By SecuritySenses In SecuritySenses
Compliance teams often focus on banks, yet value can move through many routes that never touch a branch or a core banking platform. In safeguarding transactions outside traditional banking channels, the hardest part is defining the perimeter: nonbank payment providers, prepaid instruments, merchant networks, and informal value transfer systems that rely on trust, netting, or cash settlement.
Read Post

Cyber Resilience in 2026: Why Supply Chains Are the New Front Line

Jan 23, 2026 By SecurityScorecard In SecurityScorecard
"When cyber risk is treated as an internal problem, governments miss where most modern attacks actually begin: in their vendors, their service providers, digital dependencies that sit outside their direct control." SecurityScorecard's Head of Public Policy Michael Centrella shares his key takeaways and insights from the latest World Economic Forum’s Global Cybersecurity Outlook 2026 which states a simple, clear truth: cyber risk no longer lives inside the firewall.
View Video
The Hidden Security Risk of Enterprise Documents and Why AI Amplifies It

The Hidden Security Risk of Enterprise Documents and Why AI Amplifies It

Jan 23, 2026 By SecuritySenses In SecuritySenses
For years, enterprise security strategies have evolved around visible and measurable threats: network intrusions, endpoint compromise, identity misuse, and cloud misconfigurations. These domains are well understood, heavily monitored, and continuously audited. Yet one of the most critical security risk surfaces in modern enterprises remains largely under-governed: documents and unstructured data.
Read Post
bitsight

Inside the Rise of Clone Phishing and CAPTCHA-Based Social Engineering

Jan 22, 2026 By Emma Stevens In BitSight
In our previous two posts, The ABC’s of Ishing and From Lure to Breach, we broke down the foundational tactics used by cybercriminals to deceive users and gain unauthorized access. This follow-up report expands on that foundation by exploring three evolving phishing threats that go beyond traditional email lures: clone phishing, deepfake phishing, and Captcha phishing.
Read Post

Breaking Silos with SCDR: How SOCs & TPRM Teams Drive Integrated Cyber Strategies

Jan 22, 2026 By SecurityScorecard In SecurityScorecard
Too often, vendor risk management operates in a silo, focused on compliance checkboxes, while the SOC team is on the frontlines of threat intelligence and response. These two groups should be allies, but instead, they’re often working in isolation. That’s a problem because cyber risk isn’t just a compliance issue… it’s a threat issue. Join Steve Cobb for this talk on: SecurityScorecard monitors and scores over 12 million companies worldwide.
View Video
upguard

Emerging Risks: Typosquatting in the MCP Ecosystem

Jan 20, 2026 By Greg Pollock In UpGuard
Model Context Protocol (MCP) servers facilitate the integration of third-party services with AI applications, but these benefits come with significant risks. If a trusted MCP server is hijacked or spoofed by an attacker, it becomes a dangerous vector for prompt injection and other malicious activities. One way attackers infiltrate software supply chains is through brand impersonation, also known as typosquatting—creating malicious resources that closely resemble trusted ones.
Read Post
nucleus

Custom Risk Scoring Is the Missing Link Between Disconnected Findings and Real Exposure Management

Jan 20, 2026 By Rob Gibson In Nucleus
Most large organizations rely on multiple vulnerability and exposure scanning tools out of necessity. Infrastructure scanners, cloud security platforms, application security testing tools, container scanners, and attack surface management solutions all play a role. Each one is designed to answer a specific question. But when it comes to understanding the risk of the vulnerabilities and exposures they detect, each tool has its own approach to quantifying it.
Read Post

The Philanthropist's Take: Bolstering Cyber Civil Defense

Jan 20, 2026 By SecurityScorecard In SecurityScorecard
“Doing well by doing good” – there’s something to be said for that. Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Craig Newmark (Founder, craigslist, Craig Newmark Philanthropies) for this discussion on: SecurityScorecard monitors and scores over 12 million companies worldwide. Find your company's security score for free at SecurityScorecard.com Follow our CEO Dr. Aleksandr Yampolskiy.
View Video
Zenity

Securing AI Where It Acts: Why Agents Now Define AI Risk

Jan 20, 2026 By Chris Hughes In Zenity
In the first round of the AI gold rush, most conversations about AI security centered on models: large language models, training data, hallucinations, and prompt safety. That focus made sense when AI was largely confined to generating text, images, or recommendations. But that era is already giving way to something far more consequential.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.