jfrog

Automate NIST SSDF Compliance: A Technical Guide to Policy as Code in JFrog AppTrust

Apr 16, 2026 By Segev Sharabi In JFrog
For many engineering and security teams, NIST SP 800-218 (Secure Software Development Framework, or SSDF) compliance feels like a hurdle that is too difficult to overcome. To meet these and other emerging regulations and be effective in today’s DevSecOps environment, organizations are moving toward codifying these standards into machine-readable rules, also known as Policy as Code (PaC).
Read Post
securonix

Complexity in the Stack Is Slowing Down Decisions

Apr 16, 2026 By Cyrille Badeau In Securonix
Security environments did not become complex by design. They evolved incrementally. Each tool addressed a gap in detection, visibility, or response. Over time, the architecture expanded, but the system was never designed to operate as a single decision layer. Data moves between systems, but context does not consistently follow. Alerts surface without full entity history. Intelligence exists, but it is not always applied at the point where decisions are made.
Read Post
sentrium

Windows IKE Service Extensions Vulnerability Enables Remote Code Execution (CVE-2026-33824)

Apr 16, 2026 By Theklis Stefani In Sentrium
In April 2026, Microsoft disclosed and patched a critical remote code execution vulnerability affecting the Windows Internet Key Exchange Service Extensions. Tracked as CVE-2026-33824, the issue was addressed as part of Microsoft’s April 2026 Patch Tuesday release. The affected component forms part of the Windows IPsec and IKEv2 stack, which is widely used to provide secure network connectivity.
Read Post

Why Stablecoins Need Infrastructure to Scale

Apr 16, 2026 By Fireblocks In Fireblocks
Stablecoins are the obvious choice for cross-border payments. But scaling them means solving for interoperability across chains, stablecoins, and ecosystems, and integrating with the core banking and treasury systems institutions already use. In this clip from Fintech Fireside Asia, Dan Sleep, Head of Business Solutions APAC at Fireblocks, breaks down why infrastructure is the connective layer and how Fireblocks Network for Payments is bridging issuers, movers, and custodians across the value chain.
View Video
cultureai

Why we can't have nice things! ...Or can we?

Apr 16, 2026 By CultureAI Team In CultureAI
On 7th April 2026, Anthropic published a system card for an AI model we may never be allowed to use: Claude Mythos. This preview demonstrated a significant leap in capability over Anthropic’s previous Claude Model (Opus 4.6), and their Responsible Scaling Policy (RSP) v3.1 led to them making the decision to withhold it from general availability, serving as a "defensive only" asset.
Read Post
1Password

Beyond patching: Building a Mythos-ready security program

Apr 16, 2026 By Dave Lewis In 1Password
When Anthropic revealed the existence of Mythos, the frontier AI model they deemed too dangerous for public release, the security community was alarmed. And it’s not hard to see why: Mythos is capable of detecting software vulnerabilities at a previously unimaginable scale, and autonomously crafting exploits to weaponize these flaws. According to Anthropic, Mythos created 181 exploits of Firefox in testing, ninety times more than the company’s previous model (Claude Opus 4.6).
Read Post
mend

What Is SAST - Static Application Security Testing

Apr 16, 2026 By AJ Starita In Mend
SAST, or Static Application Security Testing, is a method of analyzing source code to find vulnerabilities before the application is deployed. It's a type of white box testing that scans the code without executing it, looking for weaknesses that could be exploited. SAST helps developers identify and fix security issues early in the Software Development Life Cycle (SDLC), potentially reducing costs and improving the overall security posture of the application.
Read Post
veracode

Seamless DevSecOps for GitLab: Security Built Into Every Pipeline

Apr 16, 2026 By Veracode Engineering Team In Veracode
Modern development teams move fast; security must keep pace. As organizations increasingly rely on GitLab to power CI/CD pipelines, integrating application security directly into the workflow is no longer optional — it’s essential. The Veracode GitLab Workflow Integration embeds automated security testing directly into GitLab pipelines, enabling teams to shift security left without disrupting delivery.
Read Post
knowbe4

Early Results From KnowBe4's AI Agents Show Easier Administration and Lower Cyber Risk

Apr 16, 2026 By Roger Grimes In KnowBe4
You often hear companies touting that they are AI enabled. But most do not give you the results of how that new AI stacks up with their previous non-AI offerings. We have some early data and want to share it. KnowBe4 was the first Human Risk Management (HRM) vendor to use AI. While our competitors have been touting the use of AI only since 2023 at the earliest, we have been using machine learning (ML), the backbone workhorse of AI, since early 2016 – for a decade!
Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.