Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

foresiet

The New Mandate: CISA CPG 2.0 and the Evolution of Critical Infrastructure Security

Dec 16, 2025 By Foresiet In Foresiet
The digital threats facing critical infrastructure—from energy grids and water treatment plants to hospitals and financial systems—are no longer theoretical. Nation-state actors and organized cybercrime are relentlessly targeting these essential services. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has responded with the updated Cybersecurity Performance Goals (CPG) 2.0, moving the industry beyond simple compliance toward verifiable cybersecurity resilience.
Read Post
Tines

5 reasons patch management stalls and what modern IT teams can do to fix it

Dec 16, 2025 By Megan Elsayed In Tines
Patch management is one of those responsibilities everyone agrees is essential, yet very few teams feel confident about. The organizations I speak with every week are not struggling because they lack urgency or awareness. They are struggling because the environment around patching has changed dramatically.
Read Post
sumologic

Platform enhancements strengthening security across every child org

Dec 16, 2025 By Margaret Selid In Sumo Logic
Multi-org environments introduce complexity that most tools simply weren’t built for. Analysts are often forced to jump between different orgs, duplicate configuration work, and maintain parallel dashboards, alerts, and content–inefficiencies that increase risk, overhead, and time-to-response. Every minute spent managing infrastructure is one you’re not spending serving your clients or responding to threats.
Read Post
sumologic

Questions to ask before vetting an AI agent for your SOC

Dec 16, 2025 By Margaret Selid In Sumo Logic
So you’re ready to “hire” an agent or two for security operations. While AI agents won’t replace your human analysts, they are quickly becoming indispensable team members. Choosing the right ones should resemble a typical hiring process: you need to determine if they possess the necessary skills to fill your team’s gaps, work effectively with others, and grow with your organization. Here are five questions worth asking before you bring an AI agent on board in your SOC.
Read Post

Cybersecurity Predictions 2026: What Security Leaders Learned in 2025

Dec 16, 2025 By Cloudflare In Cloudflare
In this special compilation episode of The Connectivity Cloud Podcast with Cloudflare, Lia Kazandzhieva, Marketing Campaign Manager at Cloudflare revisits the most impactful conversations from 2025 with leading CISOs and security experts to distill the lessons that will define 2026 and beyond. What You'll Learn.
View Video

Proactive WAF Vulnerability Protection & Firewall for AI + Multiplayer Chess Demo in ChatGPT

Dec 16, 2025 By Cloudflare In Cloudflare
In this episode of This Week in NET, we talk with Daniele Molteni, Director of Product Management for Cloudflare’s WAF, about how Cloudflare responded within hours to a newly disclosed React Server Components vulnerability — deploying global protection before the public advisory was even released.
View Video

Fireside Chat: LevelBlue + Tenable Partnership - Unlimited Vulnerability Scanning at No Cost

Dec 16, 2025 By LevelBlue In LevelBlue
Discover how LevelBlue and Tenable are transforming cybersecurity in this exclusive fireside chat featuring Michael Vaughn, Director of Product Management at LevelBlue, and Greg Goetz, VP of Global Strategic Partners at Tenable.
View Video

Ep 23: How to bootstrap your AppSec program

Dec 16, 2025 By Sumo Logic, Inc. In Sumo Logic
On this episode of Masters of Data, Adam sits down with Zoe Hawkins and David Girvin to talk AppSec programs that don't suck. David's hot take from his 1Password and Red Canary days? AppSec is a people problem, not a tooling problem—stop being the person devs dodge at standup. We cover the essentials: build relationships first, threat model based on actual business risk (not your anxiety), and ditch the "shift left" obsession with scanning everything. Instead, start with offensive testing that finds vulnerabilities attackers can actually exploit.
View Video
cyberark

Identity security: The essential foundation for every CISO's 2026 cybersecurity strategy

Dec 16, 2025 By Omer Grossman In CyberArk
When I first joined CyberArk, it wasn’t just about the company or the technology, but a belief. A belief that identity security is the foundation of cybersecurity. Identity security is the unifying thread that ties together risk management, resilience, and trust in an era where identity—human, AI, and machine—has become the true perimeter of the enterprise. Every day, I see how this conviction plays out across industries and organizations.
Read Post
mend

NPM User Flooding Registry with Fake Font Packages

Dec 16, 2025 By Tom Abai In Mend
During routine monitoring of NPM registry activity, we identified a suspicious pattern involving user sdjkals who has published 10 packages containing what appear to be WOFF2 font files. Initial analysis reveals these are not legitimate font assets. The packages are scoped under @sdjkals/* with version numbers reaching 1.0.1594 and 1.0.1912, indicating extremely rapid republishing cycles, new versions are being pushed every few minutes.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.