Why Your Attack Surface Is Bigger Than Your SOC Can See | Financial Cyber Risk Explained

Jan 13, 2026 By Bitsight In BitSight
Your organization’s attack surface doesn’t stop at the network—and in financial services, that reality can’t be ignored. In this clip, Dov Lerner explains why even companies with strong internal security programs remain vulnerable when attackers target customers through phishing and account takeover schemes.
View Video
protecto

Sensitive Data Is the Common Thread Across Most OWASP Top 10 Issues. Here's Why

Jan 13, 2026 By Anwita In Protecto
The OWASP Top 10 is usually presented as a list of technical failures. Broken access control. Injection. Insecure design. Misconfiguration. Each category points to something that went wrong in the application. What it doesn’t say explicitly is what was actually at risk when it went wrong. In most real incidents, the answer is not “the application.” It’s the data inside it. Sensitive data is the reason attackers care about OWASP failures in the first place. Credentials.
Read Post

Inside the Deep & Dark Web Marketplace Fueling Financial Cyber Attacks

Jan 13, 2026 By Bitsight In BitSight
The deep and dark web isn’t chaos—it’s a fully functioning marketplace. In this clip from Exposed: Cyber Risk in the Financial Sector and its Supply Chain, Dov Lerner explains how aspiring attackers can purchase phishing kits, stolen bank credentials, initial network access, and even cash-out services—often without technical expertise.
View Video
knowbe4

AI Deepfakes Are Impersonating Religious Figures to Solicit Donations

Jan 13, 2026 By KnowBe4 Team In KnowBe4
WIRED reports that deepfake attacks are impersonating pastors and other religious figures in order to scam congregations. Father Mike Schmitz, a priest who hosts a podcast with over a million followers, warned his listeners in November that AI-generated deepfakes were using his likeness to fraudulently solicit donations. WIRED found that several of these fake accounts are still active on TikTok, and they appear when a TikTok user searches for Father Schmitz.
Read Post
Feroot

Why Content Security Policy Fails PCI 6.4.3 (And What QSAs Accept Instead)

Jan 13, 2026 By Feroot In Feroot
Content Security Policy looks like it was designed for PCI Requirement 6.4.3. You define which domains can load scripts on your payment page, the browser enforces it, and unauthorized code gets blocked. For teams drowning in third-party JavaScript, CSP feels like the obvious answer. Then you get to your audit, and the QSA starts asking questions CSP can’t answer.
Read Post
graylog

Using LLMs, CVSS, and SIEM Data for Runtime Risk Prioritization

Jan 13, 2026 By Jeff Darrington In Graylog
A recent University of North Carolina Wilmington study tested whether general-purpose large language models could infer CVSS v3.1 base metrics using only CVE description text, across more than 31,000 vulnerabilities. The results show measurable progress, but they also expose a hard limit that matters far more than model selection: Model quality helps, but missing context sets a ceiling on reliability.
Read Post
Feroot

HIPAA Compliance for Pharmaceutical Websites, Portals, and Mobile Apps

Jan 13, 2026 By Feroot In Feroot
If you operate pharmaceutical websites, portals, adherence tools, or patient support platforms, client-side execution is part of your compliance surface. Analytics, pixels, chat interfaces, and third-party libraries stop being neutral once they run alongside condition-specific content, authenticated access, or patient-initiated actions. At that point, they participate in disclosure. OCR’s clarification on tracking technologies did not create new obligations.
Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.