Microsoft E3 vs E5: Understanding the Security Coverage You Already Own

Jan 5, 2026 By Reach Security In Reach Security
Assessing Microsoft E3 and E5 is less about the license tier and more about understanding the security coverage you already own. In our conversation, Todd and Garrett break down what often gets missed in the E3 → E5 journey: Organizations move to E5 without clearly understanding:⇢ what coverage they already have with E3⇢ what incremental capabilities E5 actually adds⇢ and whether those capabilities are being adopted at all.
View Video
signmycode

Cloud Computing and Code Signing as A Service: Stats, Future and Trends 2026

Jan 5, 2026 By SignMyCode In SignMyCode
Whenever you press the update button on your phone, or your server requests a new container image, an act of faith is being performed. You are relying on the fact that the code that you are downloading is what the developer wrote. You are hoping that a hacker didn’t place a backdoor in between. Our years of verifying trust with a basic digital handshake: Code Signing. But here is the thing. It is a weakened handshake. I call CTOs and security leaders weekly, and they are afraid.
Read Post

Honeytokens with ggshield: plant tripwires that alert on secret use

Jan 5, 2026 By GitGuardian In GitGuardian
In this video, we introduce ggshield honeytoken and why it’s one of the most powerful tools in the GitGuardian toolbox. A honeytoken is a decoy secret that alerts you the moment someone tries to use it or validate it. Think of it like a digital tripwire. In GitGuardian, honeytokens can be created through the dashboard or API, and they look like real AWS keys because they are valid credentials. The difference is they grant zero access and are isolated to an AWS account GitGuardian maintains specifically for this purpose.
View Video
securonix

Analyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection

Jan 5, 2026 By Shikha Sangwan, Akshay Gaikwad, Aaron Beardslee In Securonix
Securonix threat researchers have been tracking a stealthy campaign targeting the hospitality sector using click-fix social engineering, fake captcha and fake blue screen of death to trick users into pasting malicious code. It leverages a trusted MSBuid.exe tool to bypass defenses and deploys a stealthy, Russian-linked DCRat payload for full remote access and the ability to drop secondary payloads.
Read Post
acronis

Delivering Microsoft 365 Management Security and Protection Profitably

Jan 5, 2026 By Acronis In Acronis
Summary Microsoft 365 is mission-critical for SMBs, but managing it with fragmented backup and security tools creates complexity, security gaps, and shrinking margins for MSPs. Disconnected solutions increase manual work, operational overhead, and risk across email, data, identity, and compliance. A unified Microsoft 365 protection approach consolidates backup, XDR, email security, archiving, security awareness training, and posture management into a single multi-tenant platform.
Read Post
sentrium

MongoBleed: unauthenticated memory disclosure in MongoDB (CVE-2025-14847)

Jan 5, 2026 By Tom Keech In Sentrium
On December 12, 2025, the MongoDB Security Engineering team disclosed a high-severity vulnerability in MongoDB that allows unauthenticated memory disclosure. The issue is tracked as CVE-2025-14847 and has a CVSS score of 8.7 and was quickly nicknamed MongoBleed in the security community due to the way it exposes server memory.
Read Post
aikido

How Engineering and Security Teams Can Meet DORA's Technical Requirements

Jan 5, 2026 By Sooraj Shah In Aikido
Every financial entity operating in the European Union must comply with the Digital Operational Resilience Act (DORA). DORA focuses on whether systems can withstand, respond to, and recover from ICT-related disruptions and whether this can be demonstrated with evidence. For engineering, security, and risk teams, this introduces a practical requirement. Operational resilience must be observable in live systems, continuously tested, and traceable over time.
Read Post
cyberhaven

The ROI of Modern DLP Solutions: Why It's Worth the Investment

Jan 5, 2026 By John Loya In Cyberhaven
Every security leader is tasked with a difficult balancing act: reducing risk while controlling cost. Cybersecurity budgets aren’t unlimited, and executive teams demand clear justification for every new tool. Data loss prevention (DLP) has often struggled to prove its value in this context. Traditional solutions were expensive to deploy, noisy in practice, and often delivered more frustration than measurable protection.
Read Post
trustcloud

Dominate IoT data privacy: Strong safeguards for connected devices in 2026

Jan 5, 2026 By Shweta Dhole In TrustCloud
Everywhere you look, your wrist, your home, your car, smart devices quietly gather data. The Internet of Things (IoT) has evolved from a novelty into the backbone of daily life. From smart thermostats that learn your schedule to industrial sensors tracking performance in real time, connected devices are reshaping how we live, work, and interact. But with that progress comes peril. Each device represents a potential breach point; every upload, update, or firmware oversight can expose personal information.
Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.