Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Why most SOCs are failing (and how to fix them) with Alec Fenton from Foresite Cybersecurity [274]

Dec 10, 2025 By LimaCharlie In LimaCharlie
On this episode of The Cybersecurity Defenders Podcast we speak with Alec Fenton, VP of Security Operations at Foresite Cybersecurity about his journey from SOC analyst to security leader. Alec Fenton is a seasoned Cyber Security professional with over 15 years of extensive experience across many IT domains. With a career spanning more than a decade, Alec has honed his expertise in addressing a broad spectrum of cybersecurity challenges, leveraging his analytical prowess and hands-on approach to leadership.
View Video
bitsight

Unsubscribed Doesn't Mean Disconnected: The Persistent Risk of Calendar Domains

Dec 10, 2025 By Emma Stevens In BitSight
We trust our devices to keep our lives organized, from reminders and appointments to birthdays and holidays. But behind that convenience lies an invisible risk. Every time you subscribe to an external calendar, you may be granting an unknown third party the ability to send events directly to your device for as long as the subscription remains active.
Read Post
cato networks

Mitigating Credential Phishing in the Age of AI and Cloud Convergence

Dec 10, 2025 By Dr. Guy Waizel In Cato Networks
Phishing remains one of the most effective methods for stealing credentials and breaching enterprise environments. Despite advanced email and browser protections, attackers now leverage AI, and automation to outpace traditional defenses. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involve the human element, often triggered within seconds of a phishing lure, just 21 seconds to click and 28 seconds to submit credentials.
Read Post

Kubernetes 1.35 Security Changes: cgroup, WebSockets, Image Pull Auth + More

Dec 10, 2025 By Sysdig In Sysdig
It’s December, and Kubernetes 1.35 is almost here - with security changes that can break workloads or access paths if you upgrade unprepared. This video is a fast, practical security edition rundown for security and platform engineers: what changed, why it matters, and what to verify before you roll 1.35 into production. In this video (Kubernetes 1.35 security highlights): If you want a deeper dive, comment with what you’re running today (managed K8s vs self-managed, distro, container runtime, auth setup) and I’ll break down the safest upgrade path.
View Video

Living off the Land - 2025 MITRE ATT&CK Enterprise Evaluations

Dec 10, 2025 By CrowdStrike In CrowdStrike
The 2025 MITRE ATT&CK Enterprise Evaluations tested detecting malicious living-off-the-land attacks while avoiding false positives on legitimate tools. CrowdStrike delivered 100% detection and protection with zero false positives. Adversaries like Mustang Panda weaponize legitimate tools like PowerShell, WinRAR, and curl.exe while these same tools run legitimately across enterprises daily. You can't block these tools without collapsing operations.
View Video

Charlotte AI - 2025 MITRE ATT&CK Enterprise Evaluations

Dec 10, 2025 By CrowdStrike In CrowdStrike
The 2025 MITRE ATT&CK Enterprise Evaluations featured sophisticated cross-domain attacks from Scattered Spider, and CrowdStrike's Charlotte AI proved essential in delivering 100% detection and protection with zero false positives. Charlotte AI accelerated every stage of security operations with Agentic Detection Triage for instant verdicts, Agentic Response that investigates alerts like expert analysts, and command-line analysis in plain language.
View Video
knowbe4

Report: Phishing Has Surged 400% Year-Over-Year

Dec 10, 2025 By KnowBe4 Team In KnowBe4
Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts. “The company tracked a 400% year-over-year increase in successfully phished identities, with nearly 40% of the 28+ million recaptured phished records containing a business email address – compared to just 11.5% in recaptured malware data,” the researchers write.
Read Post
apono

Better Together: Apono and 1Password Join Forces to Deliver Secure, Just-in-Time Access to Secrets

Dec 10, 2025 By Ben Avner In Apono
We’re excited to announce Apono integration with 1Password to help organizations control, automate, and audit access to sensitive credentials and secrets bringing stronger security and smoother operations to teams everywhere. This new integration enables customers to enforce Zero Standing Privileges (ZSP) and provision Just-in-Time (JIT) and just-enough access (JEA) to secrets stored in 1Password Enterprise Password Manager through Apono’s automated access flows.
Read Post
Online IQ Testing in the Age of Cybersecurity

Online IQ Testing in the Age of Cybersecurity

Dec 10, 2025 By SecuritySenses In SecuritySenses
As more psychological and cognitive assessments move online, questions about data security, privacy, and trust have become just as important as test accuracy. From personality tests to intelligence assessments, users are increasingly cautious about where they enter personal information and how that data is handled.
Read Post
Hybrid Work Risks That Start in the Office: What Companies Often Overlook

Hybrid Work Risks That Start in the Office: What Companies Often Overlook

Dec 10, 2025 By SecuritySenses In SecuritySenses
Hybrid work has become a defining part of modern business, yet many companies underestimate the extent to which risk originates in the physical workspace. Employees move between home and office with new expectations, and the environment they return to often shapes their performance more than policies do. Rooms that once supported predictable routines now carry a different emotional weight, influencing how people communicate, collaborate, and settle into their day.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.