Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Black Hat Asia 2026: Everything from cat feeders to solar farms

Jun 10, 2026 By Ben Reardon In Corelight
There is a saying you will hear from veterans in the Black Hat Network Operations Center (NOC): “Threat hunting on the Black Hat network is like trying to find a needle in a stack of needles." With dozens of training classes running live exploit chains, capture-the-flag traffic, and researchers probing every corner of the internet, our Corelight sensors generate a rich set of Zeek logs, many of which can look suspicious in varying degrees.
Read Post
aikido

Code is being written everywhere, and the device is the only constant

Jun 10, 2026 By Nicholas Thomson In Aikido
This post is based on Mackenzie's conversation with James Hawkins on The Secure Disclosure podcast. Listen to the full episode or watch below. PostHog's engineering team is merging roughly as many pull requests through Slack as through their code editor. As James Hawkins, co-founder and co-CEO of PostHog, explains on the podcast, the shift towards dispersed coding interfaces is underway. "Why are code editors all desktop apps right now? That's a relic of the past.
Read Post
aikido

SBOMs in 2026: Everyone's generating them, no one's using them

Jun 10, 2026 By Jens Gellynck In Aikido
ENISA just published its SBOM Adoption State of Play 2026, based on a survey of 334 organizations (65% EU-based, 80% directly impacted by the Cyber Resilience Act (CRA)). It is the clearest snapshot yet of where the industry stands on software supply chain transparency, and the picture is more nuanced than "everyone's on board." Here's what stood out.
Read Post
knowbe4

Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern

Jun 10, 2026 By KnowBe4 Team In KnowBe4
Cyberattacks are now the top concern of leading CEOs, overtaking fears over geopolitical turmoil or inflation, the Wall Street Journal reports. A survey by the Conference Board and the Business Council found that 65% of CEOs at blue-chip companies cited cyberattacks as their top worry in the second quarter of 2026, an increase from 56% in Q1 2026.
Read Post
knowbe4

A Look at Spam vs. Phishing: 4 Key Differences

Jun 10, 2026 By KnowBe4 Team In KnowBe4
Spam and phishing are often used interchangeably in email security, but they serve distinct purposes and carry varying levels of risk. Understanding the difference between spam vs. phishing helps organizations better recognize threats and respond appropriately. This guide breaks down how spam and phishing differ, how to identify each, and what steps organizations can take to reduce risk.
Read Post
knowbe4

KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards

Jun 10, 2026 By KnowBe4 Team In KnowBe4
We’re proud to share that KnowBe4 has once again been recognized as a leader in cybersecurity, receiving six 2026 TrustRadius Top Rated Awards across our platform. These awards are especially meaningful because they’re based entirely on customer feedback—making them a direct reflection of how our customers view the value and impact of our partnership.
Read Post

Ep. 62 - Zero Trust Breaks Against MCP: Why "Verified" No Longer Means Safe

Jun 10, 2026 By SafeBreach In SafeBreach
Most enterprises assume their Zero Trust architecture covers their AI agents. It doesn't. Hosts Tova Dvorin and Adrian Culley break down why zero trust breaks against the Model Context Protocol (MCP)—and why "verified" no longer means "safe." They unpack trust decay, the WhatsApp and GitHub MCP exploits, rug-pull tool poisoning, CVE-2025-49596, and the rise of "zero standing trust," then close with three moves for CISOs this quarter: inventory your MCP estate, mandate authentication, and validate your controls.
View Video

A Fake MCP Server Just Exposed Your WhatsApp History

Jun 10, 2026 By SafeBreach In SafeBreach
A security researcher introduced a malicious MCP server into an environment that already had a legitimate WhatsApp integration—and watched it silently expose message history without any user approval. The technique is called a rug pull. The server advertised one behavior at installation. On second usage, it switched to something else entirely. The approval was real. The thing you approved was not. This is what trust decay looks like in practice—and it passes every classical security check.
View Video

One Poisoned AI Agent Hijacks Your Entire Pipeline #aiagents #mcp #zerotrust

Jun 10, 2026 By SafeBreach In SafeBreach
In a multi-agent AI workflow, one agent's output becomes the next agent's input. That's the design. It's also the attack surface. Researchers have demonstrated that a single poisoned output can cascade across an entire pipeline — triggering unauthorized behavior, data exfiltration, and control flow hijacking across chained MCP processes. The attack class is called toxic flows. And every one of them passes classical zero trust checks.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.