Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Feroot

How to Prevent Cross-Site Scripting (XSS) on Payment Pages

Oct 9, 2025 By Feroot In Feroot
Many teams believe that cross-site scripting, or XSS, is a problem of the past. Modern frameworks promise built-in protections, and developers often assume the browser will handle the rest. The reasoning sounds logical: if React auto-encodes output, XSS can’t happen. However, XSS prevention doesn’t work on assumptions; it works on visibility. We’ve learned that XSS prevention is about maintaining continuous control over the browser environment where your application runs.
Read Post
veracode

The Business Case for Investing in AppSec Tools

Oct 9, 2025 By Natalie Tischler In Veracode
Relying on disjointed, manual security processes creates bottlenecks that delay software releases and increase business risk. As development accelerates, security teams struggle to keep pace, leading to a rise in security debt and a greater likelihood of breaches. Investing in the right AppSec tools is no longer a technical decision; it is a strategic business imperative.
Read Post
CloudCasa

Enhancing Disaster Recovery for Red Hat OpenShift with CloudCasa and Red Hat OpenShift on AWS (ROSA)

Oct 9, 2025 By CloudCasa In CloudCasa
Building resilient infrastructure is a must for modern organizations operating across hybrid environments. As applications move between on-premises and the cloud, ensuring data protection and continuity becomes a key priority. Red Hat OpenShift offers a consistent platform for running containerized and virtualized workloads across hybrid environments.
Read Post

Extending Zero Trust to Every Endpoint

Oct 9, 2025 By LevelBlue In LevelBlue
Learn how to evolve your Zero Trust strategy with expert insights from LevelBlue. As organizations grow and face new compliance challenges, securing access to data and applications is more critical than ever. In this Zero Trust webinar, our cybersecurity experts explore how to build a unified, resilient Zero Trust framework using managed security services that combine endpoint security and network security.
View Video
knowbe4

Multitasking Employees Are Particularly Vulnerable to Phishing Attacks

Oct 9, 2025 By KnowBe4 Team In KnowBe4
Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in the European Journal of Information Systems. “In real-world settings, users are frequently engaged in other digital tasks when a suspicious message appears, requiring them to momentarily interrupt their workflow,” the researchers write.
Read Post
knowbe4

If You Have Not Realized It, Vishing Is Really Taking Off

Oct 9, 2025 By Roger Grimes In KnowBe4
Fighting voice-based phishing needs to be a big part of your human risk management (HRM) plan. KnowBe4 and the HRM industry have been warning about voice-based social engineering and phishing for decades. Some of the biggest and most notable hacks have long been based on it. Stories have often been told of brazen calls that resulted in big hacks.
Read Post

The Lost Payload: MSIX Resurrection

Oct 9, 2025 By Splunk In Splunk
MSIXBuilder transforms what was traditionally a complex, multi-tool process into a single automated workflow that mirrors actual attacker techniques. By automatically handling certificate lifecycle management, dependency resolution, and package signing, the tool removes the technical barriers that previously prevented security teams from creating realistic test scenarios. This means defenders can quickly generate both signed and unsigned MSIX packages to validate their AppXDeployment event log coverage, confirm detection rules, and build detection coverage that actually works against real-world threats.
View Video
Forward Networks

How a Global Bank Nearly Eliminated Audit Response Time

Oct 9, 2025 By Forward Networks In Forward Networks
Across the financial sector, compliance teams face rising expectations from regulators and customers alike. Agencies such as the SEC, OCC, FDIC, CFPB, and the European Banking Authority now demand proof of continuous compliance—not point-in-time reports. Yet most financial institutions still depend on spreadsheets, manual command-line checks, and tribal knowledge to validate security controls.
Read Post
cloudflare

Introducing REACT: Why We Built an Elite Incident Response Team

Oct 9, 2025 By Chris O'Rourke In Cloudflare
Cloudforce One’s mission is to help defend the Internet. In Q2’25 alone, Cloudflare stopped an average of 190 billion cyber threats every single day. But real-world customer experiences showed us that stopping attacks at the edge isn’t always enough. We saw ransomware disrupt financial operations, data breaches cripple real estate firms, and misconfigurations cause major data losses. In each case, the real damage occurred inside networks.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.