Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

The Ghost in the Machine: How a Multi-Stage Phishing Campaign Evades Security to Steal Microsoft 365 Credentials

Dec 4, 2025 By KnowBe4 Threat Lab In KnowBe4
Since November 3, 2025, KnowBe4 Threat Labs has been monitoring a highly sophisticated, multi-stage phishing operation that is actively targeting organizations to steal employees’ Microsoft 365 credentials. The campaign has been engineered to bypass traditional email security defenses, such as secure email gateways (SEGs), and multi-factor authentication (MFA) tools.
Read Post
knowbe4

Report: Sophisticated Fraud Attacks Are on the Rise

Dec 4, 2025 By KnowBe4 Team In KnowBe4
Sophisticated online fraud techniques are growing more accessible to unskilled attackers, driven by AI tools and fraud-as-a-service platforms, according to Sumsub’s latest Identity Fraud Report. “hile the volume of attacks remains staggering, the nature of fraud is shifting,” the researchers write.
Read Post
mend

From Zero to RCE: How a Single HTTP Request Compromises React and Next.js Applications

Dec 4, 2025 By Tom Abai In Mend
On December 3, 2025, the React team disclosed CVE-2025-55182, a critical remote code execution vulnerability in React Server Components. The flaw carries a CVSS score of 10.0, the maximum severity rating. What makes this vulnerability particularly dangerous is its simplicity: attackers only need to send a single crafted HTTP request to gain complete control over vulnerable servers. No authentication required. No complex exploit chains. Just one malicious request.
Read Post
nightfall

Why Customer Support Teams Need Modern DLP for Zendesk

Dec 4, 2025 By Anant Mahajan In Nightfall
Customer support teams face an impossible paradox: they need to help customers quickly, but customers routinely share sensitive information that creates compliance risks and security exposure. Credit card numbers pasted into chat. Driver's licenses attached to verification tickets. Medical records uploaded to troubleshoot healthcare apps. Social security numbers submitted through web forms. Traditional DLP wasn't built for this reality.
Read Post
WatchGuard

How Firebox and FireCloud Boost Security in Hybrid, Distributed Environments

Dec 4, 2025 By Sam Manjarres In WatchGuard
A few weeks ago, a cyberattack shut down operations at the Japanese brewery Asahi, disrupting its supply chain and affecting product availability across the country. Incidents like these often take advantage of the complexity of distributed infrastructures, where insufficient segmentation between OT (Operational Technology) and IT (Information Technology) environments lets threats spread laterally uncontrolled.
Read Post
veracode

The New AppSec Reality: AI Anxiety, Silent Flaws, and Supply Chains

Dec 4, 2025 By Joe Ariganello In Veracode
We recently published a series of polls across our social channels to get a pulse on some of today’s application security concerns with AI. These recent conversations with our community reveal a clear and urgent shift in the application security landscape. Results show that while established challenges like software supply chain security remain top of mind, the rapid pace of AI has created a new center of gravity for anxiety.
Read Post
apono

7 Tips for Just-in-Time Privileged Access Management You Need to Implement Today

Dec 4, 2025 By The Apono Team In Apono
Managing access can become tedious and clunky. Someone always ends up with too much power, someone else is locked out when something’s on fire, and no one remembers who approved what in the first place. It’s the slow creep of “we’ll fix it later.” However, that “later” is catching up.
Read Post

Quick Start Guide for ggshield, the GitGuardian CLI

Dec 4, 2025 By GitGuardian In GitGuardian
Get up and running with ggshield, the GitGuardian CLI, in just a few minutes by installing it, authenticating, and running your first secrets scan. This quick-start video shows you how to scan individual files and entire projects, then lock in protection with a pre-commit Git hook to keep secrets out of your commits.
View Video

Episode 3 - Network Visibility in the Cloud: Why Network Traffic Analysis Remains Critical

Dec 4, 2025 By Corelight In Corelight
Richard Bejtlich discusses cloud security from a network-centric perspective with Corelight's cloud security researcher, David Burkett. They explore why monitoring network traffic remains essential in cloud environments, despite the presence of native security features offered by cloud providers. David highlights common threats such as container compromises, coin miners, and supply chain attacks, emphasizing the value of traffic visibility for detecting unusual behaviors and breaches.
View Video
Tines

SOAR in the AI era: How SAP uses intelligent workflows to build an AI SOC

Dec 4, 2025 By Thomas Kinsella In Tines
SOAR was created to help security teams work faster and more consistently by automating and orchestrating core security operations. It has always had to adapt to new and evolving technologies, but our current AI era has brought about a turning point. As cloud environments scale, manual playbooks can’t keep up. Now, it’s not enough to automate. We need systems that can understand the context they’re running in and adapt accordingly.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.