outpost 24

Navigating Cyber Essentials v3.3: A Guide to Compliance

Apr 23, 2026 By Dominique Adams In Outpost 24
On 27 April 2026, the National Cyber Security Centre (NCSC) will officially implement Cyber Essentials v3.3, delivered through a new self-assessment question set known as Danzell, which replaces the previous Willow set. The foundational five technical controls remain the bedrock of the scheme, but this latest iteration tightens wording, scoping, and marking criteria in ways that have immediate consequences.
Read Post
acronis

Microsoft 365 retention vs. backup vs. archiving: What's the difference?

Apr 23, 2026 By Lee Pender In Acronis
Microsoft 365 is great for sharing, creating and collaborating on data. Protecting data, however, is something else altogether. It’s not so easy. Many organizations assume Microsoft fully protects their information, only to discover gaps when something goes wrong. That’s why data retention, backup and archiving are so important. The three concepts have some similarities, but they serve very different purposes. More importantly, you can’t substitute one for another.
Read Post

How to scan your code bases using AI for vulnerabilities with Jeff McJunkin

Apr 23, 2026 By LimaCharlie In LimaCharlie
Join us for this week's Defender Fridays as Jeff McJunkin, Founder of Rogue Valley Information Security, walks through how he built an AI-powered pipeline to scan large codebases for real, exploitable vulnerabilities, using the Linux kernel as his proving ground. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
View Video
gitguardian

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Apr 23, 2026 By Guillaume Valadon In GitGuardian
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.
Read Post
Zenity

The Vendor to Beat, Built Before the Category Had a Name

Apr 23, 2026 By Ben Kliger In Zenity
A few years ago, we made a call that most of our industry was not ready to hear. AI agents were going to become the primary way enterprises get work done. Not as a concept, not as a research project, but as the operational reality of how the modern business runs. And the security infrastructure being built around them was designed for something fundamentally different. Prompt filtering. Model safety. Input guardrails.
Read Post
Corelight

From human-scale to AI-scale: Lessons in resilience from RSAC 2026

Apr 23, 2026 By Ed Smith In Corelight
The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?" During a featured session last week, Brian Dye (CEO, Corelight) talked with Deneen DeFiore (CISO, United Airlines) about the realities of protecting one of the world's most complex digital environments.
Read Post
cycognito

Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature Bypass

Apr 23, 2026 By Igal Zeifman In CyCognito
CVE-2026-40372 is an elevation of privilege vulnerability in ASP.NET Core caused by improper verification of cryptographic signatures in the Data Protection library. The flaw sits in the HMAC validation routine of the managed authenticated encryptor, where a defective comparison lets an attacker submit a forged payload that the application accepts as legitimately signed. The vulnerability carries a CVSS v3.1 base score of 8.1 (Important), as assigned by Microsoft in the official advisory.
Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.