Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

Introducing System Prompt Hardening: production-ready protection for system prompts

Mar 10, 2026 By Tiffany Jennings In Mend
Today, we’re launching System Prompt Hardening, Mend.io’s new capability that defends the hidden instructions that control how your AI systems behave. Unlike user-facing prompts, system prompts live behind the scenes, and when attackers manipulate them, the result can be data leaks, policy bypasses, or unsafe model behavior. System prompt hardening stops those attacks at the source and gives security, engineering, and risk teams a practical, auditable way to secure AI in production.
Read Post

Deepfakes, Fraud And The New Reality Of Trust

Mar 10, 2026 By Razorthorn Security In Razorthorn
We explore how deepfakes move from petty revenge and fake intimate content to multimillion-dollar fraud, synthetic colleagues on calls and cloned voices at the helpdesk. Viewers hear how easy these tools are to use, how validation habits need to change, and why both the public and security teams must rethink what they trust. ⸻ For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion..
View Video

The £2 Million Reason Your CISO Needs Power

Mar 10, 2026 By Razorthorn Security In Razorthorn
Major incidents demand rapid hiring, outside support and big spends within hours, not after weeks of approvals and budget meetings. Strong incident response gives security leaders pre agreed authority to sign contracts and access funds, so they bring in hundreds of specialists at speed instead of watching the breach spread. ⸻ For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion..
View Video
opti9

Business Continuity for Law Firms: Protecting Billable Hours and Court Deadlines

Mar 10, 2026 By Mark Mazza In Opti9
Law firm economics are unforgiving. According to the Clio Legal Trends Report, the average attorney bills only 2.5 hours per 8-hour workday. When IT systems fail, that already-thin margin disappears entirely. Consider a 20-attorney firm with average billing rates of $350 per hour.
Read Post
armo

Signature Verification Bypass in Authlib (CVE-2026-28802): What Cloud Security Teams Need to Know

Mar 10, 2026 By Ben Hirschberg In ARMO
OAuth and OpenID Connect are the backbone of modern cloud-native identity and access management. From SaaS platforms and internal APIs to Kubernetes microservices, these protocols are responsible for verifying who is allowed to access what. When a vulnerability appears in a widely used authentication library, the impact can cascade across entire application ecosystems.
Read Post
cyberark

Measure and Manage Cloud Identity Risk with CyberArk Cloud Discovery Service

Mar 10, 2026 By Brooke Markham In CyberArk
Most security teams cannot confidently answer a simple question: who has access to which cloud resources right now? Human identities and accounts now span across thousands of services, subscriptions, and SaaS platforms. The result is a vast, decentralized environment riddled with “unknown unknowns” that security teams cannot fully map, and that traditional security controls weren’t designed to address. Attackers count on these identity blind spots.
Read Post
cyberark

Identity governance gaps: How AI profiles move security beyond the label

Mar 10, 2026 By Brian Smits In CyberArk
If your identity governance program feels like a relic from a simpler time, you’re not alone. Traditional identity governance and automation (IGA) was built for a world where job titles told the whole story. A software engineer was a software engineer; a sales rep was a sales rep. Assigning access was intended to be as simple as slotting people into predefined roles.
Read Post
Feroot

Proving CCPA Compliance: Logs, Reports, and Runtime Evidence

Mar 10, 2026 By Feroot In Feroot
CCPA used to audit your policies and paperwork. Then came the Sephora settlement, and things moved to logs, runtime, and network reports. The company’s privacy policy said it didn’t sell consumer data. California’s AG ran the site, watched the cookies and pixels fire, and found that in reality, they did. Healthline followed in 2025. Then Disney in 2026. Different companies, common findings. Data gets collected and shared with third parties via tags. GPC gets ignored.
Read Post
Feroot

Why SAQ-A-EP Fails Without Client-Side Script Monitoring

Mar 10, 2026 By Feroot In Feroot
In 2024, Recorded Future’s Fraud Intelligence Report found over 11,000 e-commerce domains actively running payment page skimmers, a nearly 300% increase from the year before. The majority of those merchants had no client-side monitoring in place.Most of them were processing payments through legitimate, PCI-certified processors. Some of them were almost certainly SAQ-A-EP merchants who believed their processor’s compliance covered their risk. It doesn’t.
Read Post
Feroot

Third-Party BAA Checklist: HIPAA Requirements for Website Technology Vendors

Mar 10, 2026 By Feroot In Feroot
For most of HIPAA’s history, PHI moved through known systems, between known parties, for known reasons. You provisioned access and audited behavior. The data flows remained observable, and so did the vendor relationships built around them. EHR vendors, billing platforms, and transcription services, you knew what each one touched because you handed it to them. Then the website became part of the care journey. With it came appointment schedulers, symptom checkers, patient portals, and intake forms.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.