Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

New Criminal Toolkit Abuses Browser Push Notifications

Dec 3, 2025 By KnowBe4 Team In KnowBe4
A new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers at BlackFog. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems,” the researchers write.
Read Post
knowbe4

KnowBe4 Is a Leader In the Gartner Magic Quadrant for Email Security For the Second Consecutive Year

Dec 3, 2025 By Bex Bailey In KnowBe4
Following its launch in 2024, Gartner has now published the second Magic Quadrant for Email Security —and KnowBe4 is delighted to once again be named a Leader! Email security is critical for all organizations globally. Fueled by factors such as GenAI and crime-as-a-service toolkits, the phishing threat landscape continues to become more sophisticated at an alarming pace.
Read Post

Is AI taking entry-level jobs a good thing? #cybersecurity #ai #podcast

Dec 3, 2025 By LimaCharlie In LimaCharlie
There's growing concern that AI automation is removing the hands-on experience junior analysts need to develop into senior defenders. In this Intel Chat, Matt Bromiley and Chris Luft challenge that assumption. Matt breaks down why the traditional entry-level path of endless log review and alert triage was never the best training ground to begin with. Log detection, alert triage, and drift detection are often cited as how defenders learn the trade. But most analysts never had time to get to drift detection because they were buried in repetitive work.
View Video

Is PAM Really Solving Security Problems?

Dec 3, 2025 By Razorthorn Security In Razorthorn
Privileged access management has long aimed to control powerful accounts, yet many environments still carry excessive permissions and weak accountability. Password vaults, rotating credentials and stronger governance place controls around admin accounts, linking PAM, access control and identity security to limit damage when something goes wrong.
View Video
Snyk

Security Advisory: Critical RCE Vulnerabilities in React Server Components & Next.js (CVE-2025-55182 / CVE-2025-66478)

Dec 3, 2025 By Stephen Thoemmes In Snyk
On December 3, 2025, coordinated disclosures revealed that multiple releases of React 19 and Next.js contain a critical flaw in the React Server Components (RSC) “Flight” protocol, allowing unauthenticated remote code execution (RCE). The vulnerability originates from unsafe deserialization of attacker-controlled data in server-side RSC payload handling.
Read Post
cloudflare

Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets

Dec 3, 2025 By Omer Yoachimik In Cloudflare
Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.