Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Feroot

Beyond PCI and HIPAA: How Feroot Powers Colorado Privacy Act (CPA) Compliance

Sep 5, 2025 By Feroot In Feroot
If your website or digital app collects, tracks, or sells data from Colorado residents, chances are the Colorado Privacy Act (CPA) applies to you. Like California’s CCPA and Virginia’s VCDPA, the CPA is part of the growing patchwork of state-level privacy laws reshaping how U.S. businesses handle personal data. Yet many companies underestimate the scope of the Colorado Privacy Act—or assume compliance is covered by PCI DSS or HIPAA if they process payments or healthcare data.
Read Post
WatchGuard

Less ransomware, same risk. How can it be prevented?

Sep 5, 2025 By Iratxe Vazquez In WatchGuard
Just because ransomware attacks have decreased doesn’t mean that the risk has disappeared. Indeed, it remains one of the most disruptive threats to any organisation. Headlines can convey a false sense of relief: Ransomware attacks are down 15%, according to Verizon's latest DBIR report. But for those of us who work in cybersecurity, we know that this doesn't tell the whole story, especially when the real issue isn't how often an attack occurs, but what happens when it does.
Read Post
gitguardian

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

Sep 5, 2025 By Gaetan Ferry In GitGuardian
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.
Read Post

Catch Bugs Early: Dynamic Scanning & the Cake Analogy Explained #cybersec

Sep 5, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

The MemcycoFM Show: Episode 15 - Remote Access Scams: The Hidden ATO Threat Security Teams Miss

Sep 5, 2025 By Memcyco In Memcyco
Remote access scams are social engineering attacks where fraudsters convince users to install or open remote desktop tools like TeamViewer or AnyDesk. Once inside, they hijack login flows, harvest credentials, and often bypass MFA — opening a hidden path to account takeover (ATO). These scams are rising fast, exploiting customer trust and evading traditional fraud controls. In this guide, we’ll break down how these scams work, why they’re so effective, and how security teams can detect and disrupt them — in real time, before ATO occurs.
View Video
memcyco

Remote Access Scams: How to Stop Them (and Why Security Teams Miss the Risk)

Sep 5, 2025 By Kate Cox In Memcyco
Remote access scams are social engineering attacks where fraudsters convince users to install or open remote desktop tools like TeamViewer or AnyDesk. Once inside, they hijack login flows, harvest credentials, and often bypass MFA, opening a hidden path to account takeover (ATO). These scams are rising fast, exploiting customer trust and evading traditional fraud controls.
Read Post
lookout

The Double-Edged Sword: Benefits and Risks of AI Transformations

Sep 5, 2025 By Lookout In Lookout
Over the past few years, artificial intelligence (AI) has transformed millions of organizations worldwide. AI can automate rote tasks, facilitate natural-language interfaces, and pick up subtle patterns in huge data sets. It can also hallucinate wrong answers, reinforce societal biases, and even introduce cybersecurity risks. Before incorporating the technology into their workflows, responsible organizations must weigh the benefits and risks of AI.
Read Post
knowbe4

Smishing Campaign Targets California Taxpayers With Phony Refund Offers

Sep 5, 2025 By KnowBe4 Team In KnowBe4
The State of California’s Franchise Tax Board (FTB) has warned of an ongoing SMS phishing (smishing) campaign targeting residents, Malwarebytes reports. The FTB stated, “These text messages contain a link to a fraudulent version of certain FTB web pages, which are designed to steal personal and banking information.
Read Post
knowbe4

Advanced Educational Competition - Ask Your Employees To Submit Their Best Phishing

Sep 5, 2025 By Roger Grimes In KnowBe4
I occasionally get human risk management (HRM) administrators asking me to help them with ideas of “contests” to better educate their end-users. They have usually done the traditional recommendations, which means at least monthly-to-weekly security awareness training (SAT) and simulated phishing. They are working to educate their end-users about social engineering and phishing attacks as best as they can without being overly annoying.
Read Post
knowbe4

Warning: New Spear Phishing Campaign Targets Executives

Sep 5, 2025 By KnowBe4 Team In KnowBe4
Researchers at Stripe warn of a wave of spear phishing attacks targeting C-suite employees and senior leadership across a wide range of industries. The emails pose as OneDrive document-sharing notifications with subject lines like “Salary amendment” or “FIN_SALARY.” If a user clicks the link, they’ll be taken to a spoofed Microsoft Office/OneDrive login page designed to steal their credentials.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.