Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cyberark

Rethinking SaaS access security after login

Mar 4, 2026 By Brooke Markham In CyberArk
Most organizations have gotten very good at protecting the front door. We invest heavily in single sign-on (SSO), mandate multi-factor authentication (MFA), and lock down who can log in, from where, and under what conditions. We do everything to ensure that the right user has the right access. But one critical question often still goes unanswered: What really happens after someone logs in?
Read Post
cato networks

Cato CTRL Threat Research: New MongoDB Vulnerability Allows Instant Remote Server Takedown (CVE-2026-25611)

Mar 4, 2026 By Vitaly Simonovich In Cato Networks
Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a new vulnerability (CVE-2026-25611 with a “High” severity rating of 7.5 out of 10) in all MongoDB versions with compression enabled (version 3.4+, enabled by default since version 3.6), including MongoDB Atlas. The vulnerability can enable a threat actor to crash any MongoDB server. MongoDB Atlas clusters are not internet-reachable by default.
Read Post
Zenity

What a Rogue Vacuum Army Teaches Us About Securing AI

Mar 4, 2026 By Andrew Silberman In Zenity
If you’re like me, you’ve been enthralled with the recent story, expertly written by Sean Hollister at The Verge, about how Sammy Azdoufal built a remote control for his DJI Romo vacuum with a PlayStation controller, and ended up in control of 7,000+ robovacs all over the world. On the surface, it sounds like vibe coding gone slightly sideways. I mean, really, what could a vacuum possibly do? Turns out… a lot.
Read Post

Your AI Just Became the Insider Threat | CrowdStrike Global Threat Report 2026

Mar 4, 2026 By CrowdStrike In CrowdStrike
Hackers can reach your critical systems in just 27 seconds. In 2025, AI-powered cyberattacks surged 89% as adversaries weaponized the same AI tools organizations use every day. From eCrime groups to China-nexus actors, North Korean operatives, and Russian intelligence, AI is accelerating and reshaping global threat activity. In this video, you’ll learn: Adversaries are not just using AI. They are weaponizing your AI against you.
View Video

AI certificate

Mar 4, 2026 By Cato Networks In Cato Networks
You can ask AI to create a song that sounds like a famous band sang it. But what happens if you use it or share it? Are there legal or other implications? AI tools must be visible and governed. Shadow AI isn’t. Take Cato’s AI in Cybersecurity course to understand the risks of unsanctioned AI tools. It’s free, comes with a downloadable cert, and earns CPE credits. Register now.
View Video

Ep. 48 - Iran's 12 Days of Cyber War: How Missiles Triggered a Global OT Hacking Campaign

Mar 4, 2026 By SafeBreach In SafeBreach
June 2025 marked a turning point in cyber warfare. In this episode of The Cyber Resilience Brief, Tova Dvorin and offensive engineer Adrian Cully break down the cyber escalation that followed Operation Rising Lion—what some analysts now describe as Iran’s 12 days of cyber war. As missiles struck Iranian strategic targets, coordinated hacktivist groups like Cyber Avengers and Handala launched psychological operations, mass SMS spoofing campaigns, and attacks targeting operational technology (OT) systems—including Unitronics PLCs used in water and industrial facilities worldwide.
View Video
memcyco

How LAPSUS$ Bypassed MFA and How to Prevent Similar Identity Attacks

Mar 4, 2026 By Julian Agudelo In Memcyco
LAPSUS$-linked breaches did not break multi-factor authentication (MFA) cryptographically. Attackers obtained valid authentication outcomes through techniques commonly described as MFA fatigue attacks or MFA bypass attacks, including push-prompt abuse, SIM swapping, social engineering, and session token replay. Understanding how these attacks succeed helps explain where modern identity defenses must evolve.
Read Post
upguard

The Vendor Tiering Series: Mapping Tiers to Inherent Risk

Mar 4, 2026 By Revashni Moodley In UpGuard
Cybersecurity doesn’t really have quiet days. Usually, it’s just long stretches of constant noise before realizing you’ve been blindsided. That blindside is a flat list of unprioritized vendors. Without a way to filter what matters when a team needs to mitigate the fallout of a crisis, a vendor inventory like this becomes a compliance-only activity that offers a false sense of security.
Read Post
vista infosec

NIS2 Documentation Requirements: Policies You Must Have

Mar 4, 2026 By Narendra Sahoo In VISTA InfoSec
NIS2 documentation requirements form the essential foundation of regulatory compliance — defining the documented controls that underpin NIS2 audit readiness and demonstrable cybersecurity governance. Yet in 2026, the landscape is shifting: documentation alone is no longer enough.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.