Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cycognito

Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature Bypass

Apr 23, 2026 By Igal Zeifman In CyCognito
CVE-2026-40372 is an elevation of privilege vulnerability in ASP.NET Core caused by improper verification of cryptographic signatures in the Data Protection library. The flaw sits in the HMAC validation routine of the managed authenticated encryptor, where a defective comparison lets an attacker submit a forged payload that the application accepts as legitimately signed. The vulnerability carries a CVSS v3.1 base score of 8.1 (Important), as assigned by Microsoft in the official advisory.
Read Post
Zenity

The Vendor to Beat, Built Before the Category Had a Name

Apr 23, 2026 By Ben Kliger In Zenity
A few years ago, we made a call that most of our industry was not ready to hear. AI agents were going to become the primary way enterprises get work done. Not as a concept, not as a research project, but as the operational reality of how the modern business runs. And the security infrastructure being built around them was designed for something fundamentally different. Prompt filtering. Model safety. Input guardrails.
Read Post
Snyk

Hardcoding Security into Every Commit: The Future of Snyk Secrets

Apr 23, 2026 By Kate Powers Burke In Snyk
In the modern software development lifecycle, the speed of innovation is often at odds with the security of our most sensitive data. As organizations embrace cloud-native development and AI-generated code, they face a phenomenon known as “secret sprawl”, aka, the uncontrolled and widespread distribution of API keys, passwords, and tokens across repositories, CI/CD logs, and developer collaboration tools.
Read Post
Snyk

JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?

Apr 23, 2026 By John Carione In Snyk
JPMorganChase's Global Technology Leadership published "Fortifying the enterprise: 10 actions to take now for AI-ready cyber resilience" on April 17, 2026. It's a CISO mandate for every large enterprise. Snyk directly addresses 8 of those 10 actions — out of the box, in the developer workflow, with one platform.
Read Post

How to scan your code bases using AI for vulnerabilities with Jeff McJunkin

Apr 23, 2026 By LimaCharlie In LimaCharlie
Join us for this week's Defender Fridays as Jeff McJunkin, Founder of Rogue Valley Information Security, walks through how he built an AI-powered pipeline to scan large codebases for real, exploitable vulnerabilities, using the Linux kernel as his proving ground. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
View Video

Unexpected hurdles creating U.S. cyber policies

Apr 23, 2026 By LimaCharlie In LimaCharlie
The early days of U.S. cyber policy were defined by agencies that had no common language and no playbook to follow. J. Michael Daniel, President and CEO of Cyber Threat Alliance and former White House cybersecurity coordinator, talks through what it actually took to coordinate cyber policy across the federal government, build public-private partnerships that work, and stand up an intelligence sharing organization that serves the entire cybersecurity industry.
View Video
nakivo

How to Protect Backups from Ransomware with NAKIVO's Malware Scan

Apr 23, 2026 By NAKIVO Team In NAKIVO
Backups have become a primary target for ransomware. Hackers want to ensure that companies pay the ransom by not allowing them to recover their data independently. With NAKIVO Backup & Replication, you get several features (for example, immutable backup targets) to ensure that once created, a backup cannot be infected or corrupted with a new ransomware infection.
Read Post
gitprotect

How We Prevented a Critical Jira Data Loss Incident (and So Can You)

Apr 23, 2026 By Łukasz Dydek In GitProtect
As daily Jira users, the GitProtect Team experiences the platform’s pros and cons firsthand. A recent notification from Atlassian about data loss was a sharp reminder of digital fragility. Without GitProtect, our enterprise-grade backup solution, the loss could potentially turn into a critical data incident. Let’s see what happened and how we responded.
Read Post
aikido

Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm

Apr 23, 2026 By Ilyas Makari In Aikido
Version 2026.4.0 of the widely-used @bitwarden/cli npm package (78,000 weekly downloads) has been identified as malicious. The package contains a sophisticated multi-stage credential theft worm that explicitly names itself "Shai-Hulud: The Third Coming", a direct callback to previous Shai-Hulud supply chain campaigns, and targets developer credentials including SSH keys, cloud secrets, and even MCP configuration files.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.