Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

armo

CVE-2026-0968: The libssh Heap Read That Isn't as Scary as Scanners Say

Apr 10, 2026 By Ben Hirschberg In ARMO
A missing null check in libssh’s SFTP directory listing code lets a malicious server crash clients, but real-world exploitability is extremely constrained. CVE-2026-0968 is an out-of-bounds heap read in sftp_parse_longname(), triggered when an SFTP client processes a crafted SSH_FXP_NAME response with a malformed longname field. Red Hat, which serves as the CNA (CVE Numbering Authority) for this vulnerability, scored it 3.1 (Low), while Amazon Linux independently scored it 4.2 (Medium).
Read Post
acronis

HIPAA-Compliant Email Archiving: What Healthcare MSPs Need to Know in 2026

Apr 10, 2026 By Acronis In Acronis
Email remains the primary communication channel in healthcare, carrying patient records, referral notes, billing data, and administrative correspondence that frequently contains electronic Protected Health Information (ePHI). For Managed Service Providers (MSPs) serving healthcare clients, HIPAA-compliant email archiving is no longer optional. It is a foundational requirement for supporting regulatory compliance, responding to audits, and protecting against data loss.
Read Post
acronis

Acronis earns SoftwareReviews recognition for midmarket endpoint protection

Apr 10, 2026 By Acronis In Acronis
Acronis has earned new recognition from Info‑Tech SoftwareReviews, with Acronis Cyber Platform named a leader in the Endpoint Protection – Midmarket Data Quadrant. This recognition is based entirely on feedback from verified end users, highlighting the value MSPs and their clients see in Acronis endpoint protection capabilities. Unlike awards driven solely by analyst opinion or market presence, SoftwareReviews’ recognition reflects real‑world experience.
Read Post
graylog

What is the OWASP Top 10 for LLM Application Security

Apr 10, 2026 By Jeff Darrington In Graylog
Initially published by the Open Worldwide Application Security Project (OWASP) in 2023, the Top 10 for LLM Application Security list seeks to bridge the gap between traditional application security and the unique threats related to large language models (LLMs). Even where the vulnerabilities listed have the same names, the Top 10 for LLM Application Security focuses on how threat actors can exploit LLMs in new ways and potential remediation strategies that developers can implement.
Read Post
knowbe4

Phishing Campaign Targets Japanese Firms During Tax Season

Apr 10, 2026 By KnowBe4 Team In KnowBe4
A criminal threat actor called “Silver Fox” is launching tax-themed phishing attacks against Japanese companies during the country’s tax season, according to researchers at ESET. “The ongoing campaign uses convincing phishing lures related to tax compliance violations, salary adjustments, job position changes, and employee stock ownership plans,” ESET says. “All emails share the same goal – trick the recipients into opening malicious links or attachments.
Read Post
knowbe4

Rising Compliance Oversight Pressure: From Audit Fatigue to Continuous Readiness

Apr 10, 2026 By KnowBe4 Team In KnowBe4
Public sector cybersecurity leaders are no longer measured solely on whether they stop attacks, they are measured on whether they can prove it. Across federal, state, local and education environments, compliance obligations continue to expand. Frameworks and mandates include: These are not annual checkbox exercises. They require auditable, continuous evidence of control effectiveness, and for already stretched teams, this creates a second job: compliance documentation.
Read Post

Every Tech Revolution Follows This Pattern (AI Is No Different)

Apr 10, 2026 By Razorthorn Security In Razorthorn
AI adoption is happening faster than any technology cycle in history. Information security and risk management are being sacrificed for speed and every single technology revolution has followed the same pattern. In this episode of Razorwire Raw, Jim Rees draws on decades of experience through the internet boom, virtualisation revolution and cloud computing adoption to explain what's actually happening with AI right now. Each cycle has been faster than the last, and each time, security gets left behind.
View Video

Your Convenient AI Agent Is a Backdoor to Your Files #agenticai #promptinjection

Apr 10, 2026 By Razorthorn Security In Razorthorn
People are installing powerful AI agents on everyday laptops without realising those tools can access files, emails and operating system functions. Once prompt injected, that agent can behave like a malicious version of its user, which turns convenience into a direct path for deletion, exfiltration and loss of control.
View Video
memcyco

Memcyco Certifications: ISO 27001, 27017, 27018 and SOC 2 Type II

Apr 10, 2026 By Julian Agudelo In Memcyco
As of 2026, Memcyco maintains active certifications across ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and SOC 2 Type II (AICPA). These certifications confirm that Memcyco maintains independently audited processes for managing information security, securing cloud environments, and protecting sensitive data.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.