Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Nx npm Malware Explained: AI Agent Hijacking

Aug 28, 2025 By Snyk In Snyk
Nx npm malware (Aug 2025): attackers published malicious Nx packages that weaponized AI coding agents (Claude Code, Gemini CLI, Amazon Q) via a postinstall script to inventory sensitive files and exfiltrate sensitive data to public GitHub repos named “s1ngularity-repository-*.” We break down what happened, affected versions, and how to check + respond (rotate credentials, hunt IoCs, and more). Resources.
View Video
safebreach

Countering Chinese State-Sponsored Espionage Campaigns: SafeBreach Coverage for CISA Advisory AA25-239A

Aug 28, 2025 By SafeBreach In SafeBreach
In August 2025, a joint Cybersecurity Advisory (CSA) was issued by CISA, NSA, FBI, and allied cybersecurity agencies across the Five Eyes, EU, and partner nations. This advisory details a long-term espionage campaign by People’s Republic of China (PRC) state-sponsored actors—linked to companies supporting the Ministry of State Security (MSS) and People’s Liberation Army (PLA).
Read Post
safebreach

NIS2: Why Europe's New Cyber Directive is a Blueprint for True Cyber Resilience

Aug 28, 2025 By Tova Dvorin In SafeBreach
A new cybersecurity reality has taken shape across Europe: the European Union’s updated Network and Information Security Directive (also known as NIS2) went into effect in January 2025. This sweeping regulation expands the cybersecurity obligations of thousands of organizations in critical sectors from energy and transport to healthcare, finance, cloud and data centers. Much like the Digital Operational Resilience Act (DORA) in the financial world, NIS2 isn’t just another compliance checkbox.
Read Post
appknox

Mobile App Authentication Best Practices: MASVS-AUTH Compliance Guide

Aug 28, 2025 By Vinay Kumar Rasala In Appknox
In our increasingly interconnected world, mobile applications have become indispensable tools for accessing a vast array of services and sensitive data. This post provides an in-depth exploration of mobile application authentication, grounded in the OWASP Mobile Application Security Verification Standard (MASVS), with a particular focus on MASVS-AUTH.
Read Post
Trustwave

Unraveling Phishing Campaigns Flagged by Trustwave's URL Scanner

Aug 28, 2025 By Karla Agregado In Trustwave
In recent months, Trustwave SpiderLabs, A LevelBlue Company, saw a significant increase in phishing URLs containing familiar patterns, similar phishing templates, and a resurgence in the use of email marketing platforms. The use of URL redirectors, along with the abuse of Amazon Web Hosting and Cloudflare services, was also widely observed. Trustwave operates a URL-scanning system that we call PageML.
Read Post
gitprotect

Why Back Up Microsoft 365?

Aug 28, 2025 By Miłosz Jesis In GitProtect
Any tool that is crucial for your daily operations – from Microsoft Teams or emails to OneDrive files – needs backup and reliable restore strategies. This way, you support the business continuity, compliance efforts, credibility, and overall security stance of your business. Keep in mind – without a well-thought-out backup strategy, you are risking being exposed to: Let’s take a closer look at aspects affecting your Microsoft 365 data.
Read Post
signmycode

Top 10 Code Signing Tools for Developers

Aug 28, 2025 By SignMyCode In SignMyCode
You’ve built an amazing app. You upload it. A user downloads it. But instead of launching, their system throws a terrifying warning. “The publisher of this app could not be verified.” Trust destroyed. Install abandoned. Reputation at risk. That’s where code signing tools come in and why you can’t afford to skip them.
Read Post

Optimizing the SOC: Leveraging AI and automation for modern threats

Aug 28, 2025 By Tines In Tines
The Security Operations Center (SOC) is the nerve center of an organization's defenses, but its efficiency and effectiveness are often limited by the growing volume and complexity of threats. By leveraging AI-driven threat detection and automated incident response, security leaders can optimize their SOC to respond faster and smarter. For CISOs, this means not only protecting the organization from current threats but also future-proofing defenses against an increasingly sophisticated threat landscape.
View Video

How To Boost Your Internet Security: Simple Steps! #appsec #infosec

Aug 28, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.