The New Guy (a.k.a. Agentic AI)

Aug 13, 2025 By Rubrik In Rubrik
AI agents have already caused unintended record updates, broken workflows, and pushed flawed logic into production systems. These misfires often go unnoticed until forecasts stall, pipelines break, or sensitive data is affected. These aren’t hallucinations. They’re executed actions with real consequences. At Rubrik, we’ve spent years helping enterprises recover from ransomware, insider threats, and operational errors. The pattern is always the same: Damage happens fast. The root cause is murky. And visibility is fragmented.
View Video
riscosity

Introducing the Riscosity AI Firewall

Aug 13, 2025 By Anirban Banerjee In Riscosity
AI is moving through enterprises faster than security teams can track. Over the past year, AI privacy incidents have risen 56%, and most of those stem from tools security never knew were in use. 84% of SaaS tools are purchased outside IT, and 62% of CISOs say fewer than a quarter of AI tools in use have been approved through procurement. That means sensitive, regulated, or confidential data is often flowing to AI services invisibly, sometimes across borders, without governance or guardrails.
Read Post
Trustwave

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub's Expanding Arsenal

Aug 13, 2025 By Nathaniel Morales and Nikita Kazymirskyi In Trustwave
Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.
Read Post

Episode 3: Exploring ManageEngine PAM's certificate lifecycle management capabilities

Aug 13, 2025 By ManageEngine In ManageEngine
In the third installment of the PAM Masterclass training series, we'll focus on mastering certificate lifecycle management. This session will guide you through best practices for deploying, renewing, and monitoring certificates to help you build a secure, well-maintained IT environment.
View Video
Arctic Wolf

CVE-2025-25256: PoC Available for FortiSIEM Remote Unauthenticated Command Injection Vulnerability

Aug 13, 2025 By Andres Ramos In Arctic Wolf
On August 12, 2025, Fortinet released fixes for a critical-severity vulnerability in FortiSIEM, tracked as CVE-2025-25256. The flaw arises from improper neutralization of special elements used in an OS command within the phMonitor service (TCP/7900). Successful exploitation could allow a remote, unauthenticated threat actor to execute unauthorized code or commands via crafted CLI requests.
Read Post
trustcloud

Why is now the time to modernize first-party risk programs

Aug 13, 2025 By Richa Tiwari In TrustCloud
In this article Senior leaders must remain vigilant in assessing both external and internal threats to their organizations. With emerging technologies, an ever-increasing interconnectedness, and the growing sophistication of cybercrime, risk management has become more complex and dynamic than ever before. As companies prepare for new challenges, 2025 is emerging as a critical year to modernize first-party risk programs.
Read Post
archTIS

Australia's 2025 Protective Security Policy Framework (PSPF) Now Mandates Zero Trust - What You Need to Know and Do

Aug 13, 2025 By Irena Mroz In archTIS
Australia’s updated Protective Security Policy Framework (PSPF) now mandates the adoption of Zero Trust principles. Australia’s Protective Security Policy Framework (PSPF) Annual Release 2025 now formally mandates the adoption of zero trust principles to improve cybersecurity posture. Government organisations must now align their cybersecurity strategies with the Information Security Manual and the Guiding Principles to Embed a Zero Trust Culture.
Read Post
idstrong

What you need to Know about the Allianz Life Data Breach

Aug 13, 2025 By IDStrong In IDStrong
Allianz Life Insurance Company of North America is a large financial and retirement solutions provider. It specializes in investment items, annuities, and life insurance. Operating as a subsidiary of Allianz SE, a German multinational finance conglomerate, the company serves over 1.4 million people. Established in 1896, the firm was initially known as North American Casualty. It went through different acquisitions before being acquired by Allianz SE in 1979.
Read Post
veracode

Using Mean Time to Resolve (MTTR) Effectively Across Static and SCA Findings

Aug 13, 2025 By Tim Jarrett In Veracode
Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to measure and motivate development teams, policy compliance doesn’t give you the granularity to introduce gamification or incentives.
Read Post

Modern APIs, Modern Threats: Why WAFs and API Gateways Aren't Enough

Aug 13, 2025 By Wallarm In Wallarm
APIs are the connective tissue of today’s digital ecosystems, driving innovation, automation, and business growth. But as APIs grow in complexity and volume, they’ve become prime targets for sophisticated and targeted attacks. Attackers are using threat vectors like business logic which bypass traditional tools like WAFs and API Gateways. In this webinar, we’ll explore why modern API security demands more than legacy defenses and how a dedicated API security solution is essential for protecting against today’s most advanced threats.
View Video
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.