Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Inside Adhaar : Challenges of Securing the World's Largest Digital Identity System #cybersecurity

Nov 28, 2025 By Indusface In Indusface
Discover what it takes to secure Aadhaar, the world’s largest digital identity system. This teaser dives into the massive responsibility behind protecting over a billion citizens’ data powered by strict privacy guardrails, zero-trust principles, encryption, biometric template protection, and privileged access management at national scale. In this clip from Guardians of the Enterprise, Nishith Kumar Datta (Head of Cybersecurity & InfoSec, Titan) shares his insights on the challenges and discipline required to secure such a critical national platform.
View Video

Apache Tomcat Vulnerability CVE-2025-55752: Risk & Protection

Nov 28, 2025 By Indusface In Indusface
CVE-2025-55752 exposes a dangerous path traversal flaw in Apache Tomcat caused by a rewrite and decoding regression. This video breaks down how the bug works, why it becomes severe when combined with HTTP PUT, which versions are affected, and what teams must do to patch or mitigate it. We also show how WAAP protection blocks exploitation attempts even before servers are updated.
View Video
Feroot

Goshen & Hancock Settle Meta Pixel Lawsuits: Healthcare Tracking Risk

Nov 28, 2025 By Feroot In Feroot
Two Indiana healthcare providers, Goshen Health System and Hancock Regional Hospital, recently reached settlements tied to the use of website tracking technologies, including Meta Pixel. Neither organization admitted to any deliberate misconduct, emphasizing that the settlement is done to avoid the cost and disruption of continued litigation.
Read Post
ignyte Team

FedRAMP IaaS vs PaaS vs SaaS - What's The Difference?

Nov 28, 2025 By Max Aulakh In Ignyte
If you’ve browsed the FedRAMP marketplace in the interest of using a government-certified service, either as part of your own services or on behalf of an agency, you’ve likely seen the various -aaS designations. The “aaS” stands for “as a Service”, and it’s part of how modern internet services function. What are the different kinds of services, and how do they engage with FedRAMP? The differences can be important.
Read Post
WatchGuard

Black Friday: How to Protect Your Retail Clients from Ransomware

Nov 28, 2025 By Stephen Helm In WatchGuard
Black Friday is one of the most demanding seasons for the retail sector. Massive spikes in online traffic, aggressive promotions, and pressure to keep services available significantly increase the risk of an attack. Cybercriminals are aware of this and exploit the saturation to launch ransomware campaigns, phishing attempts, and supply chain attacks that aim to disrupt operations, steal sensitive data, and cause maximum impact.
Read Post
knowbe4

Phishing Campaign Uses Fake Party Invites to Deliver Remote Access Tools

Nov 28, 2025 By KnowBe4 Team In KnowBe4
A large phishing campaign is using phony seasonal party invites to trick users into installing remote management and monitoring (RMM) tools, according to researchers at Symantec. “A highly active threat actor that specializes in using the ScreenConnect remote management and monitoring (RMM) software in its attacks has changed tactics and is now infecting its victims with multiple RMM tools, including LogMeIn Resolve and Naverisk,” Symantec says.
Read Post
knowbe4

One-Size-Fits-All Security Training Fits Nobody

Nov 28, 2025 By Javvad Malik In KnowBe4
Here's a curious thing about people, sometimes we crave the familiar, and sometimes we demand the novel. Go see Metallica live. What do you want? Enter Sandman. Master of Puppets. The songs you know by heart. Play some deep cut from a B-side and watch 50,000 people suddenly become very interested in their phones. But go see your favourite comedian and the contract flips entirely. Tell me a joke I've heard before and I'll ask for my money back. The difference?
Read Post
detectify

Why traditional black box testing is failing modern AppSec teams

Nov 28, 2025 By Detectify In Detectify
Applications have long evolved from monolithic structures to complex, cloud-native architectures. This means that the tried-and-true methods we rely on are becoming dangerously outdated. For AppSec to keep pace, we must look beyond current tooling and revisit the very fundamentals of DAST – the automated discipline of black box testing.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.