Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

aikido

Aikido Attack finds multiple 0-days in Hoppscotch

Apr 8, 2026 By Robbe Verwilghen In Aikido
Hoppscotch is an open-source API development ecosystem, similar to Postman, with over 100,000 monthly users. Two weeks ago, we set up a self-hosted instance and ran our AI pentest agents against it. They found two high-severity vulnerabilities and one medium-severity vulnerability, all present in versions up to and including 2026.2.1, and all patched in 2026.3.0: All three were responsibly disclosed and have been resolved. Note: We accidentally grouped the XSS and an Access Control issue into one report.
Read Post
nakivo

How to Back Up Microsoft 365 to AWS: A Comprehensive Guide

Apr 8, 2026 By NAKIVO Team In NAKIVO
Microsoft 365 services are productive and reliable, but data loss can occur for various reasons. For example, a user may accidentally delete data or a ransomware infection may spread from local computers whose folders are synchronized with the cloud storage. Thus, Microsoft 365 backup is important for data protection and business continuity. With backups, you can recover the needed data and ensure uninterrupted workflows.
Read Post
teramind

How to Handle AI Policy Enforcement in the Era of Shadow AI

Apr 8, 2026 By Teramind In Teramind
Here’s the reality most security teams are already living: over 80% of employees are using unapproved AI tools at work, and nearly half are actively hiding it from IT. The question facing every organization is no longer whether to adopt artificial intelligence — it’s how to secure the sensitive data flowing into it every single day. This is the governance gap.
Read Post

Stop Drowning in Container CVE Alerts: Reachable Risk & Docker VEX with Mend.io

Apr 8, 2026 By Mend In Mend
Developers are often overwhelmed by thousands of container CVE alerts, most of which are unfixable base image noise. This walk-through covers how to use reachable risk factors and Docker VEX statements within the Mend.io platform to streamline your vulnerability management.
View Video

Public infrastructure protection depends on analysts with Mike Hamilton, PISCES International [308]

Apr 8, 2026 By LimaCharlie In LimaCharlie
Michael Hamilton, Chief Technology Officer at PISCES International, joins us to discuss the benefits of providing real world experience to students while they protect existing public infrastructure. The resilient future of local government security rests in our ability to adapt to changing threats and adopt new technologies, including AI.
View Video

Full SOC Operations with Claude Code: Fork, Install and Run Agents

Apr 8, 2026 By LimaCharlie In LimaCharlie
After RSAC, one thing was clear: security teams don't want a black box AI SOC product and they want to go beyond triage and co-pilots. They want infrastructure they can control, extend, and own. LimaCharlie runs composable AI agents built on real SecOps infrastructure, in production. Our open-source AI triage agents are designed as self-contained, installable units, each with defined scope, permissions, and behavior. Join Maxime Lamothe-Brassard, CEO and Founder, as he walks through the architecture and runs live demonstrations inside the Agentic SecOps Workspace.
View Video

Ep. 53 - The Dragon's Shadow: China's Silent Cyber War Has Already Begun

Apr 8, 2026 By SafeBreach In SafeBreach
What if the next cyberattack doesn’t steal your data…but quietly prepares to break your infrastructure? In this premiere episode of our series on Chinese threat actors, we uncover how China transformed from noisy, smash-and-grab hackers into the world’s most sophisticated cyber power—one focused not just on espionage, but on pre-positioning inside critical infrastructure. Through a chilling real-world scenario, we explore a new kind of threat: digital landmines—subtle, invisible changes inside power grids, telecommunications networks, and industrial systems that can be triggered at any time.
View Video
miniorange

IAM Security Risks You Can't Ignore in 2026

Apr 8, 2026 By Chaitali Avadhani In miniOrange
If you’re using an Identity and Access Management (IAM) solution for safeguarding employee and customer accounts, then you must know about the IAM security risks. This is to account for the possible gaps and work on them. Identity security risks are no longer limited to not meeting checklists, but have shifted to a dynamic approach. A continuous, real-time, and risk-based approach is the new norm.
Read Post
miniorange

Zero Trust IAM: Why Modern IAM is the Foundation of the Zero Trust Framework

Apr 8, 2026 By miniOrange In miniOrange
For years, cybersecurity relied on a secure network perimeter, where users were trusted once inside. This approach was effective when everything was contained in a controlled environment, but it no longer works today. Modern organizations operate across cloud platforms, SaaS, mobile devices, and distributed teams. Employees and partners connect from various locations while APIs exchange data. As a result, the traditional network boundary no longer exists.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.