Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

tripwire

The Forgotten Threat: How Supply Chain Attacks Are Targeting Small Businesses

May 14, 2025 By Isla Sibanda In Tripwire
When people hear "supply chain attack," their minds often go to headline-grabbing breaches. But while analysts, CISOs, and journalists dissect those incidents, a more tactical and persistent wave of attacks has been unfolding in parallel; one that's laser-focused on small businesses as the point of entry. This isn't collateral damage. It's by design.
Read Post
one identity

Top 5 mistakes to avoid during PAM deployment

May 14, 2025 By Richard Hosgood In One Identity
Privileged accounts are the keys to every organization’s kingdom. Protecting them isn’t optional. After all, the fallout of a breach can affect almost every part of the business. From leaking sensitive information and intellectual property, to fines and reputational damage from non-compliance or lack of governance.
Read Post
wallarm

Developer Leaks API Key for Private Tesla, SpaceX LLMs

May 14, 2025 By Wallarm In Wallarm
In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly two months, is a stark reminder of this disconnect. Such oversights not only jeopardize proprietary technologies but also highlight systemic vulnerabilities in API management. As more organizations integrate AI into their operations, ensuring robust API security has never been more critical.
Read Post
upguard

AI Just Rewrote the Rules of BEC: Are Your Defenses Ready?

May 14, 2025 By Leah Sadoian In UpGuard
Today, the average phishing email that lands in your CEO's inbox is flawless. It uses perfect grammar, contains an intimate understanding of your organization’s current business landscape, and ends with an urgent, contextually relevant request. This isn't the work of a typical cybercriminal; it's the hallmark of generative AI being weaponized, transforming social engineering from a numbers game into a targeted strike.
Read Post
mend

OWASP Dependency Check: How Does It Work?

May 14, 2025 By Mend.io Communications In Mend
The Open Web Application Security Project (OWASP), is an online community that produces free, publicly available articles, methodologies, documentation, tools, and technologies in the field of web application security. Open source components have become an integral part of software development. According to Mend’s Risk Report, 96.8% of developers rely on open source components.
Read Post
netskope

Safeguarding Sensitive Data in the Digital Age: The Evolution of DLP

May 14, 2025 By Ankur Chadda In Netskope
In today’s interconnected world, data has become the lifeblood of business success, driving innovation, customer engagement, and operational efficiency. As organizations embark on rapid digital transformation, the proliferation of cloud computing and mobile devices, stringent privacy regulations such as GDPR and CCPA, and the rise of disruptive technologies like AI all play a key role in guiding the direction.
Read Post

Office Hours With Or Amir - Dive Into The First Ever CRQ-Powered Cyber Risk Register

May 14, 2025 By Kovrr - Cyber Risk Quantification In Kovrr
Explore Kovrr’s brand-new CRQ-Powered Cyber Risk Register — a first-of-its-kind solution that’s redefining the way organizations build cyber GRC programs and manage cyber risk. Led by Or Amir, Product Manager at Kovrr, this session will offer a hands-on deep dive into the risk register’s extensive capabilities and show you why moving beyond static, spreadsheet-based registers to a fully quantified, dynamic risk intelligence framework is necessary for achieving resilience in today’s landscape.
View Video

5 SAST Purchasing Tips That Actually Maximize ROI

May 14, 2025 By Mend In Mend
Following these 5 tips when purchasing a SAST tool will save you headaches and regrets. A flashy demo or “industry-leading” badge doesn’t mean much if the tool doesn’t work for your code, your developers, or your workflow. This short video covers 5 things every AppSec or engineering team should consider before signing on the dotted line. Because choosing the wrong tool won’t just cost you budget, it’ll cost you trust.
View Video

Hackers REVEALED: The TRUTH About Bug Bounty Programs #cybersecurity #bugbounty

May 14, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

Turn Shadow IT into a Strategic Advantage with a Business-Led IT Approach

May 14, 2025 By JumpCloud In JumpCloud
90% of IT admins are worried about shadow IT, but here's the twist. 54% also believe employees use those apps to make their jobs easier. So what if, instead of fearing it, we saw shadow IT as a roadmap to a better workplace? This is business-led IT: collaboration, not control.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.