Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

wallarm

6 Lessons Security Leaders Must Learn About AI and APIs

Apr 27, 2026 By Wallarm In Wallarm
Most organizations treating AI security as a model problem are defending the wrong layer. Security teams filter prompts, patch jailbreaks, and tune model behavior, which is all necessary work, while the actual attack surface sits largely unexamined underneath. That surface is the API layer: the endpoints AI systems use to retrieve data, call tools, and take action on behalf of users. This isn't a theoretical gap.
Read Post

Chipotle Bot Hacked! AI Fails: Live Laugh Logs ep1

Apr 27, 2026 By Coralogix In Coralogix
What happens when 20,000 engineers descend on Amsterdam to talk about Kubernetes and AI? Welcome to Episode 1 of Live Laugh Logs, the podcast from Annie, Lewis and Andre from the Coralogix Developer Relations team where we will get together and recap everything going on in our worlds! We had an amazing time at KubeCon in Amsterdam and had loads of insights from the talks we went to around designing observability systems, all the AI tools being created and how to observe them, and using agent-generated code.
View Video
Snyk

Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining

Apr 27, 2026 By Julia Kinday In Snyk
In early February 2026, users of Qinglong (青龙), a popular open source timed task management platform with over 19,000 GitHub stars, began reporting that their servers were maxing out CPU usage. The cause was a cryptominer binary called.fullgc, deployed through two authentication bypass vulnerabilities that allowed unauthenticated remote code execution. The attacks went largely unnoticed in the English-speaking security community.
Read Post
reach security

The Configuration Drift Behind the Teams Helpdesk Breach

Apr 27, 2026 By Garrett Hamilton In Reach Security
On April 22, 2026, Google's Threat Intelligence Group and Mandiant disclosed a campaign by a threat actor they're tracking as UNC6692. The group breached enterprise networks by impersonating IT helpdesk staff over Microsoft Teams, ultimately exfiltrating Active Directory databases and achieving full domain compromise. What's notable about UNC6692 is what they didn't do. They didn't use a zero-day. They didn't exploit a software vulnerability.
Read Post
persona

Introducing Atlas: a global age regulation tracker

Apr 27, 2026 By Brandon Chen In Persona
Over 300 age-related bills were introduced across several US states in 2025 alone. We’ve heard firsthand from numerous legal and compliance teams that keeping up with these regulations is incredibly overwhelming. That’s why we developed Atlas, a global database tracking evolving age assurance regulations. Atlas tracks recent legislation impacting social media platforms, adult content, age-restricted services, and other related legislation.
Read Post
LimaCharlie

Agentic SecOps: Build a security AI agent that automatically investigates detections

Apr 27, 2026 By Daniel Ballmer In LimaCharlie
A credential access event fired. An AI agent investigated it, correlated it against running processes, assessed the risk, and closed the ticket. No analyst touched it. The entire loop ran in minutes. This is what security operations look like when AI can actually operate in the environment rather than advise from outside it. Security operations have always required a special kind of person.
Read Post
archTIS

NSW Treasury Breach, ABAC, and Principles of Least Privilege

Apr 27, 2026 By Wade Barisoff In archTIS
Recent headlines heralded another unfortunate security breach: an employee of the NSW Treasury in Sydney, Australia, illegally downloaded more than 5,600 sensitive government documents, which were later recovered at his home. This was labeled a “significant cyber incident” by the NSW government and had been detected by an internal security monitoring tool that detected “movement of a large cache of documents”.
Read Post
sedara

What Is Red Team Penetration Testing?

Apr 27, 2026 By Liz Sujka In Sedara
Red Team Penetration Testing is a simulated cyberattack that mimics real-world threat behavior to identify vulnerabilities, test defenses, and evaluate how effectively an organization can detect and respond to an attack. It goes beyond traditional testing by focusing on how an attacker would actually move through an environment.
Read Post
nightfall

How Do AI Agents Create Data Exfiltration Risk?

Apr 27, 2026 By Chris Martinez In Nightfall
AI agents create data exfiltration risk by combining three capabilities that are dangerous together: access to private data, exposure to untrusted content, and the ability to communicate externally. When all three exist in one agent, an attacker can hide instructions inside an email, document, or webpage the agent processes and trick it into sending sensitive data out. No software vulnerability is required. The attacker doesn't need to break in. They just need to talk to your agent.
Read Post
the cyber helpline

New Partnership With Friends Against Scams: Together Against Cybercrime

Apr 27, 2026 By The Cyber Helpline In The Cyber Helpline
We're excited to announce our new partnership with Friends Against Scams, a National Trading Standards initiative working to protect people from scams across the UK. Together, we've created a cybercrime factsheet to help individuals understand the threats they face online, who is most at risk, and where to turn for support.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.