Trustwave

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub's Expanding Arsenal

Aug 13, 2025 By Nathaniel Morales and Nikita Kazymirskyi In Trustwave
Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.
Read Post
trustcloud

Why is now the time to modernize first-party risk programs

Aug 13, 2025 By Richa Tiwari In TrustCloud
In this article Senior leaders must remain vigilant in assessing both external and internal threats to their organizations. With emerging technologies, an ever-increasing interconnectedness, and the growing sophistication of cybercrime, risk management has become more complex and dynamic than ever before. As companies prepare for new challenges, 2025 is emerging as a critical year to modernize first-party risk programs.
Read Post
Arctic Wolf

CVE-2025-25256: PoC Available for FortiSIEM Remote Unauthenticated Command Injection Vulnerability

Aug 13, 2025 By Andres Ramos In Arctic Wolf
On August 12, 2025, Fortinet released fixes for a critical-severity vulnerability in FortiSIEM, tracked as CVE-2025-25256. The flaw arises from improper neutralization of special elements used in an OS command within the phMonitor service (TCP/7900). Successful exploitation could allow a remote, unauthenticated threat actor to execute unauthorized code or commands via crafted CLI requests.
Read Post
archTIS

Australia's 2025 Protective Security Policy Framework (PSPF) Now Mandates Zero Trust - What You Need to Know and Do

Aug 13, 2025 By Irena Mroz In archTIS
Australia’s updated Protective Security Policy Framework (PSPF) now mandates the adoption of Zero Trust principles. Australia’s Protective Security Policy Framework (PSPF) Annual Release 2025 now formally mandates the adoption of zero trust principles to improve cybersecurity posture. Government organisations must now align their cybersecurity strategies with the Information Security Manual and the Guiding Principles to Embed a Zero Trust Culture.
Read Post
idstrong

What you need to Know about the Allianz Life Data Breach

Aug 13, 2025 By IDStrong In IDStrong
Allianz Life Insurance Company of North America is a large financial and retirement solutions provider. It specializes in investment items, annuities, and life insurance. Operating as a subsidiary of Allianz SE, a German multinational finance conglomerate, the company serves over 1.4 million people. Established in 1896, the firm was initially known as North American Casualty. It went through different acquisitions before being acquired by Allianz SE in 1979.
Read Post
veracode

Using Mean Time to Resolve (MTTR) Effectively Across Static and SCA Findings

Aug 13, 2025 By Tim Jarrett In Veracode
Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to measure and motivate development teams, policy compliance doesn’t give you the granularity to introduce gamification or incentives.
Read Post

Modern APIs, Modern Threats: Why WAFs and API Gateways Aren't Enough

Aug 13, 2025 By Wallarm In Wallarm
APIs are the connective tissue of today’s digital ecosystems, driving innovation, automation, and business growth. But as APIs grow in complexity and volume, they’ve become prime targets for sophisticated and targeted attacks. Attackers are using threat vectors like business logic which bypass traditional tools like WAFs and API Gateways. In this webinar, we’ll explore why modern API security demands more than legacy defenses and how a dedicated API security solution is essential for protecting against today’s most advanced threats.
View Video
tripwire

Preventing the Preventable: Tackling Internal Cloud Security Risks

Aug 13, 2025 By Kirsten Doyle In Tripwire
Once the frontier of innovation, the cloud has become the battleground of operational discipline. As cloud complexity rises, the most common and costly security threats aren't advanced nation-state attacks. They're internal errors. According to the CSA's Top Threats to Cloud Computing Deep Dive 2025, more than half of reported cloud breaches stemmed from preventable issues like misconfigurations, IAM failures, and operational oversights. These are self-inflicted and are happening with alarming frequency.
Read Post
idstrong

What You Need to Know about the Tea App Data Breach

Aug 13, 2025 By IDStrong In IDStrong
Sean Cook created the tea app in November 2022. As a former product manager at Salesforce and Shutterfly, Sean self-funded the project, inspired by his mother’s negative experiences in the dating pool. The Tea app was designed to be a women-only platform vetting potential dates and providing AI-engineered gender verification. It has gained significant traction following viral popularity on TikTok and Reddit, amassing over 6 million users.
Read Post
tanium

From Fragmented to Unified: Driving Autonomous Endpoint Management Across Mobile and Computing Devices with the Tanium Connector for Microsoft Intune

Aug 13, 2025 By Tanium In Tanium
The Tanium Connector for Microsoft Intune enables organizations to unify, manage, and report on all their endpoints—including those across multiple Intune tenants—through a single platform, streamlining security and operations workflows.
Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.