Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kubernetes 1.35 Security Changes: cgroup, WebSockets, Image Pull Auth + More

Dec 10, 2025 By Sysdig In Sysdig
It’s December, and Kubernetes 1.35 is almost here - with security changes that can break workloads or access paths if you upgrade unprepared. This video is a fast, practical security edition rundown for security and platform engineers: what changed, why it matters, and what to verify before you roll 1.35 into production. In this video (Kubernetes 1.35 security highlights): If you want a deeper dive, comment with what you’re running today (managed K8s vs self-managed, distro, container runtime, auth setup) and I’ll break down the safest upgrade path.
View Video

Living off the Land - 2025 MITRE ATT&CK Enterprise Evaluations

Dec 10, 2025 By CrowdStrike In CrowdStrike
The 2025 MITRE ATT&CK Enterprise Evaluations tested detecting malicious living-off-the-land attacks while avoiding false positives on legitimate tools. CrowdStrike delivered 100% detection and protection with zero false positives. Adversaries like Mustang Panda weaponize legitimate tools like PowerShell, WinRAR, and curl.exe while these same tools run legitimately across enterprises daily. You can't block these tools without collapsing operations.
View Video

Charlotte AI - 2025 MITRE ATT&CK Enterprise Evaluations

Dec 10, 2025 By CrowdStrike In CrowdStrike
The 2025 MITRE ATT&CK Enterprise Evaluations featured sophisticated cross-domain attacks from Scattered Spider, and CrowdStrike's Charlotte AI proved essential in delivering 100% detection and protection with zero false positives. Charlotte AI accelerated every stage of security operations with Agentic Detection Triage for instant verdicts, Agentic Response that investigates alerts like expert analysts, and command-line analysis in plain language.
View Video
knowbe4

Report: Phishing Has Surged 400% Year-Over-Year

Dec 10, 2025 By KnowBe4 Team In KnowBe4
Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts. “The company tracked a 400% year-over-year increase in successfully phished identities, with nearly 40% of the 28+ million recaptured phished records containing a business email address – compared to just 11.5% in recaptured malware data,” the researchers write.
Read Post
apono

Better Together: Apono and 1Password Join Forces to Deliver Secure, Just-in-Time Access to Secrets

Dec 10, 2025 By Ben Avner In Apono
We’re excited to announce Apono integration with 1Password to help organizations control, automate, and audit access to sensitive credentials and secrets bringing stronger security and smoother operations to teams everywhere. This new integration enables customers to enforce Zero Standing Privileges (ZSP) and provision Just-in-Time (JIT) and just-enough access (JEA) to secrets stored in 1Password Enterprise Password Manager through Apono’s automated access flows.
Read Post
Online IQ Testing in the Age of Cybersecurity

Online IQ Testing in the Age of Cybersecurity

Dec 10, 2025 By SecuritySenses In SecuritySenses
As more psychological and cognitive assessments move online, questions about data security, privacy, and trust have become just as important as test accuracy. From personality tests to intelligence assessments, users are increasingly cautious about where they enter personal information and how that data is handled.
Read Post
Hybrid Work Risks That Start in the Office: What Companies Often Overlook

Hybrid Work Risks That Start in the Office: What Companies Often Overlook

Dec 10, 2025 By SecuritySenses In SecuritySenses
Hybrid work has become a defining part of modern business, yet many companies underestimate the extent to which risk originates in the physical workspace. Employees move between home and office with new expectations, and the environment they return to often shapes their performance more than policies do. Rooms that once supported predictable routines now carry a different emotional weight, influencing how people communicate, collaborate, and settle into their day.
Read Post
kovrr

Transforming AI Risk Awareness Into Measurable AI Governance

Dec 9, 2025 By Kovrr In Kovrr
Only a few years ago, after more than a decade of debate over how cybersecurity incidents affect the financial stability of public companies, the U.S. Securities and Exchange Commission (SEC) finally made cyber risk disclosure a formal requirement. The intent was to bring transparency and accountability to a category of risk that had long been treated as technical rather than financial. Now, albeit voluntarily, AI has entered that same conversation, but the speed of its arrival has been remarkable.
Read Post
teramind

How AWS WorkSpaces & Teramind Enhance Workforce Intelligence

Dec 9, 2025 By Teramind In Teramind
Teramind, an ISV Accelerate AWS Partner, delivers a crucial layer of visibility, security, and productivity management that highly complements the Amazon WorkSpaces Family services. This partnership ensures customers move beyond the architectural security and agility provided by AWS to gain granular control over user behavior, insider risk, and operational efficiency within their virtual desktop infrastructure (VDI).
Read Post
1Password

The role of credentials in the AI espionage campaign reported by Anthropic

Dec 9, 2025 By Anand Srinivas In 1Password
Anthropic recently announced that the company has disrupted the first reported AI-orchestrated cyber espionage campaign. This attack used Claude Code to automate many steps, with AI handling up to 90% of the tasks, including web searches and the autonomous writing of exploit code. The attackers bypassed Claude’s guardrails by breaking each step into small tasks and role-playing as a red team member.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.