Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cycognito

Emerging Threat: (CVE-2026-29145) Apache Tomcat Authentication Bypass

Apr 20, 2026 By Igal Zeifman In CyCognito
CVE-2026-29145 is an authentication bypass flaw in Apache Tomcat and Apache Tomcat Native affecting the CLIENT_CERT authentication path. When OCSP soft-fail is disabled, certain code paths fail to treat an OCSP check failure as a hard authentication failure, allowing a connecting client to reach protected resources without presenting a valid, revocation-checked certificate.
Read Post
1Password

What we learned using AI agents to refactor a monolith

Apr 20, 2026 By Nancy Wang, Wayne Duso, K.J. Valencik In 1Password
AI agents are increasingly used to refactor large codebases, but many teams lack a clear understanding of where they succeed and where they fail. At 1Password, we applied agentic tooling to a multi-million-line Go monolith, and in this blog we'll share what worked, what broke, and what it means for teams adopting AI in production systems.
Read Post
Arctic Wolf

Introducing Decipio: A Community Tool to Catch Credential Theft in the Act with Defense First AI

Apr 20, 2026 By Ismael Valenzuela In Arctic Wolf
Today, Arctic Wolf is announcing Decipio, a new community‑shared cybersecurity tool designed to help defenders catch attackers while they’re trying to steal credentials inside a network. Credential theft is one of the most common ways cyber attacks begin and one of the hardest to detect early. In many cases, there’s no alert, no obvious warning, and no immediate sign that anything is wrong.
Read Post
outpost 24

AI Penetration Testing: Protecting LLMs From Cyber Attacks

Apr 20, 2026 By David Ketler In Outpost 24
88% of organizations now regularly use artificial intelligence (AI) in at least one business function. While adoption of AI technologies has accelerated rapidly, security measures often lag. The rush to roll out AI has, in many cases, overshadowed essential testing and safety protocols. This is particularly a worry when AI and Large Language Models (LLMs) become deeply embedded within organizational workflows and systems in a way that most software isn’t.
Read Post

Why AI Security Needs More Than One Tool #shorts #ai

Apr 20, 2026 By Protecto In Protecto
Why AI security needs more than one tool Most teams believe a single cybersecurity tool—like WAF, EDR, or API security—is enough to protect their AI systems. But that approach is outdated. AI security is not one layer—it’s a full stack problem. Discovery – Identify Shadow AI and unknown AI usage Build-Time Security – Prevent data poisoning & model risks (MLSecOps) Runtime Security – Stop real-time AI attacks and agent misuse Governance (AISPM) – Ensure visibility, compliance, and policy control.
View Video
apono

The Hims Data Breach: What Standing Access Costs in Healthcare

Apr 20, 2026 By Gabriel Avner In Apono
Hims & Hers, one of the biggest telehealth platforms in the U.S., just disclosed that millions of customer records were exposed. Not because of some sophisticated exploit, but because a single compromised login had standing access to a connected platform. One identity was all it took. This breach is worth paying attention to not because it’s unusual, but because it’s so ordinary.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.