Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

CVE-2025-25249: Remote Code Execution Vulnerability in FortiOS and FortiSwitchManager

Jan 13, 2026 By Julian Tuin In Arctic Wolf
On January 13, 2026, Fortinet released an advisory describing a high-severity remote code execution vulnerability affecting its FortiOS and FortiSwitchManager products. According to Fortinet, the vulnerability stems from a flaw in the CAPWAP Wireless Aggregate Controller Daemon and could allow an unauthenticated, remote threat actor to execute arbitrary code or commands. The vulnerability was discovered internally by Fortinet’s Product Security Team.
Read Post
Arctic Wolf

From Dugouts to Data Lakes: Applying Moneyball to the AI SOC

Jan 13, 2026 By Arctic Wolf In Arctic Wolf
In AI-powered security, advantage comes not from automation alone, but from clear insight into how decisions are made. At Arctic Wolf, home to one of the world’s largest commercial security operations centers (SOC), we process over 10 trillion security events weekly. Rather than chasing automation for its own sake, we build AI that scales human expertise – preserving judgment where it matters most. But what is the optimal combination of humans and machines for security operations?
Read Post
bluevoyant

AI in the SOC

Jan 13, 2026 By Dan Petrillo In BlueVoyant
Gartner frames the AI SOC landscape as a dichotomy: providers pursuing full SOC replacement versus those building AI products to augment existing staff. Of these two approaches, only augmentation aligns with real-world security operations. It helps analysts triage alerts, investigate faster, enrich context, and summarize incidents with better consistency, all while keeping humans in the loop, even if their day-to-day efforts change.
Read Post
seal security

Announcing Our Partnership with Wiz: Seal Hardened Base Images Now Seamlessly Integrated in Wiz

Jan 13, 2026 By Itamar Sher In Seal Security
Security teams can now eliminate container vulnerabilities at the source without developer effort or version upgrades. At Seal Security, we believe vulnerability management should start with secure foundations.That’s why we’re excited to share that Seal’s pre-patched packages to harden base and secure images are now officially integrated in Wiz. This partnership brings together Wiz’s best-in-class cloud visibility with Seal’s remediation-first approach to container security.
Read Post

The CEO's Take: The Human Element of Security

Jan 13, 2026 By SecurityScorecard In SecurityScorecard
“Human error contributes to 95% of data breaches.” From unsecured collaboration channels to poor password hygiene, the attack surface of an organization extends across both its vendor ecosystem as well as all of the employees within it. Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Marc van Zadelhoff (CEO, Mimecast) for this discussion on: SecurityScorecard monitors and scores over 12 million companies worldwide. Find your company's security score for free at SecurityScorecard.com.
View Video
exabeam

Decoding the 2025 MITRE ATT&CK Evals: A Call for Clarity and a Guide for Analysts

Jan 13, 2026 By Exabeam In Exabeam
The latest MITRE ATT&CK Enterprise Evaluations are out, featuring scenarios that emulate sophisticated actors like Scattered Spider and Mustang Panda. While every release of the findings is a significant event for the security community, this year’s evaluation highlights both new and recurring concerns for security professionals.
Read Post
levelblue

Secure What's Next: How a World-Class MSSP Builds Trust and Scale for 2026

Jan 13, 2026 By LevelBlue In LevelBlue
Jesse Emerson, Chief Product Officer at LevelBlue, the world’s largest pure-play Managed Security Service Provider (MSSP), recently sat down to answer a few questions about what makes an MSSP a valuable client resource and how he sees the MSSP’s role changing in the coming year.
Read Post
Feroot

HIPAA Compliance for Pharmaceutical Websites, Portals, and Mobile Apps

Jan 13, 2026 By Feroot In Feroot
If you operate pharmaceutical websites, portals, adherence tools, or patient support platforms, client-side execution is part of your compliance surface. Analytics, pixels, chat interfaces, and third-party libraries stop being neutral once they run alongside condition-specific content, authenticated access, or patient-initiated actions. At that point, they participate in disclosure. OCR’s clarification on tracking technologies did not create new obligations.
Read Post
Feroot

Why Content Security Policy Fails PCI 6.4.3 (And What QSAs Accept Instead)

Jan 13, 2026 By Feroot In Feroot
Content Security Policy looks like it was designed for PCI Requirement 6.4.3. You define which domains can load scripts on your payment page, the browser enforces it, and unauthorized code gets blocked. For teams drowning in third-party JavaScript, CSP feels like the obvious answer. Then you get to your audit, and the QSA starts asking questions CSP can’t answer.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.