Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

levelblue

Defining and Defending Against a Zero Day Attack

Dec 2, 2025 By LevelBlue In LevelBlue
Unexpected attacks are the hardest to fend off. In the realm of cyber, Zero Day vulnerabilities are among the greatest risks, as these software flaws are unknown and exploited before a fix is available, potentially compromising the thousands of organizations that are unwittingly using vulnerable software.
Read Post

Ep 21: How to start a threat program

Dec 2, 2025 By Sumo Logic, Inc. In Sumo Logic
In this Masters of Data episode, we welcome back Chas Clawson to discuss building effective threat hunting programs from the ground up. We explore the difference between proactive threat hunting and detection engineering, emphasizing how AI tools are making sophisticated security operations accessible to teams of any size. We cover practical approaches, such as prioritizing threats based on business risk, creating feedback loops between red and blue teams, and measuring success through meaningful metrics rather than vanity numbers.
View Video
memcyco

Why Account Takeover Is a CX Problem, Not Just a Security One

Dec 2, 2025 By Julian Agudelo In Memcyco
Account takeover is usually and unsurprisingly approached as a security incident, yet much of the customer impact begins earlier in the journey, long before security teams detect or analyse the event. When users face friction, lockouts, or unexpected changes to their accounts, trust starts to erode. This makes the account takeover impact on customer experience a major determinant of brand trust and loyalty.
Read Post
miniorange

What is VoIP and How Does it Work?

Dec 2, 2025 By Puja More In miniOrange
Your phone rings. The number looks local, even familiar - so you answer. But within seconds, you're being asked to “verify your bank account” or “reset your login credentials.” Sounds suspicious? It is. That call likely came from a VoIP number, which is not a regular phone line. VoIP (Voice over Internet Protocol) lets anyone make calls over the internet, not just through mobile networks or landlines.
Read Post
cyberhaven

How Generative AI is Changing the DLP Landscape

Dec 2, 2025 By Bruce Chen In Cyberhaven
Generative AI has revolutionized productivity, but it has also introduced a new class of data risk that legacy DLP tools simply can’t see. From engineers pasting source code into ChatGPT to marketers rewriting strategy docs, sensitive IP is leaving the browser through "Shadow AI" channels daily. Learn why traditional pattern matching fails against LLMs and how a data lineage approach secures AI usage without halting innovation.
Read Post
mend

Mend.io + Wiz: A New Code-to-Cloud Integration for Accurate, Context-Driven Risk Prioritization

Dec 2, 2025 By Tiffany Jennings In Mend
Today, we’re excited to announce the availability of Mend.io’s new integration with Wiz, delivering a powerful Code-to-Cloud security workflow for joint customers. By bringing Mend SAST’s high-accuracy code findings directly into the Wiz platform, organizations can now unify code-level risks with cloud posture, runtime context, identities, and infrastructure—unlocking the complete picture needed to prioritize and remediate risk with confidence.
Read Post
teramind

The 9 Best Endpoint Security Solutions

Dec 2, 2025 By Teramind In Teramind
Endpoint security solutions are specialized software designed to protect endpoint devices like computers, mobile phones, and tablets from cyber threats. These solutions prevent, detect, and respond to attacks by managing the security of these devices across the network. But with so many different endpoint security solutions available in the market, how can you know which is the right fit for your endpoint security strategy?
Read Post

Your SaaS Integrations are Leaking Sensitive Data - Salesloft /Salesforce incident #aws #apisecurity

Dec 2, 2025 By Wallarm In Wallarm
The Salesloft/Salesforce incident revealed the danger of BLA 5: Artifact Lifetime Exploitation. The flaw is simple: the application fails to expire tokens and sessions properly. Stolen OAuth tokens that should have been short-lived were used to steal AWS keys, Snowflake tokens, and passwords. Key Takeaway: If an artifact is meant to be short-lived (a token, a session, a temporary file), it must be retired immediately upon expiration. Rotate your keys aggressively!
View Video
vanta

The Australian startups guide to ISO 27001

Dec 2, 2025 By Vanta In Vanta
Not sure whether your Aussie startup needs to obtain an ISO 27001 certification? ISO 27001 isn’t legally required, but if you plan on trading internationally or have potential customers who are international, many organisations won’t even open conversation with you if you don’t have an ISO 27001 certification. ‍ To put a long story short: if you collect, store, transmit, or process data in any way, you may want to consider it.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.