Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

protecto

How OWASP Top 10 Maps to Data Exposure Risks: 5 Hidden Threats Explained

Jan 8, 2026 By Protecto In Protecto
Most teams learn the OWASP Top 10 as a list of application security failures. Injection flaws. Broken access control. Security misconfiguration. Items to scan for, remediate, and close before the next audit or penetration test. But data exposure rarely arrives neatly packaged as a single OWASP finding. When sensitive data leaks, it is almost never because one category failed in isolation.
Read Post
CrowdStrike

CrowdStrike to Acquire SGNL to Secure Every Identity in the AI Era

Jan 8, 2026 By Michael Sentonas In CrowdStrike
I’m excited to announce CrowdStrike’s agreement to acquire SGNL, a leader in identity-first security. This acquisition will extend CrowdStrike Falcon Next-Gen Identity Security to deliver continuous, context-aware authorization for human, non-human, and AI agent identities across SaaS and hyperscaler cloud environments. As risk conditions and threats change, access to applications, data, and AI agents should change with them.
Read Post

How to Stop Sensitive Documents From Leaking in Slack, Gmail, and ChatGPT (Demo)

Jan 8, 2026 By Nightfall AI In Nightfall
Your security tools can detect credit card numbers, but they are blind to the files that actually matter. In this demo, we show how sensitive documents like: Internal source code Financial forecasts Performance reviews Customer lists are automatically detected and blocked in Slack, Google Drive, SharePoint, Gmail, and even ChatGPT using Nightfall’s new AI-powered file classifiers. No regex. No keywords. No training data.
View Video
cyberark

Inside CyberArk Labs: the evolving risks in AI, browsers and OAuth

Jan 8, 2026 By Andy Thompson In CyberArk
In 2025, we saw attackers get bolder and smarter, using AI to amplify old tricks and invent new ones. The reality is, innovation cuts both ways. If you have tools, AI is going to make them even more dangerous. Last year proved that every leap forward in technology brings new risks right alongside the rewards. At CyberArk Labs, our mission is to uncover hidden vulnerabilities and provide actionable insights that help organizations fortify their defenses.
Read Post
levelblue

When AI Becomes the Insider Threat

Jan 8, 2026 By James Prince In LevelBlue
Remember that annoying ‘paperclip’ in Microsoft Word 97? The one that was always trying to help you…Fast forward nearly 30 years and we now have AI. In the race to adopt artificial intelligence, businesses are embedding AI systems into their daily operations, streamlining workflows, enhancing productivity, and centralizing knowledge. But what happens when that very system becomes an attacker’s most valuable asset?
Read Post

Why the Target Breach Wasn't a Detection Failure - It Was Prioritization | Garrett Hamilton at UCI

Jan 8, 2026 By Reach Security In Reach Security
Nicole Perlroth asks Garrett how Reach's involvement would have impacted the breach with Target. Attackers came in through a third-party HVAC vendor. Credentials were compromised. Alerts fired. But nothing rose to the level of urgency it deserved. As Garrett Hamilton explains at UCI, this is where security breaks down—not detection, but prioritization. Most teams keep investing in reacting faster inside the SOC. The harder (and more effective) shift is upstream: reducing the exhaust before it ever hits the console.
View Video
knowbe4

Defending Against Modern Email Threats With Layered, AI-Driven Security

Jan 8, 2026 By KnowBe4 Team In KnowBe4
Email has been the backbone of business communication for decades and as such, it remains the attacker’s favorite doorway into an organization. Phishing, Business Email Compromise (BEC) and supply-chain attacks continue to rise, with adversaries leveraging AI and compromised accounts to bypass legacy defenses. This presents many challenges for CISOs, IT Directors and SOC teams alike: it seems pretty clear that threats are evolving faster than traditional email security can keep up.
Read Post
cato networks

Savanti: How Agentic AI Supercharge Cato's R&D Efficiency

Jan 8, 2026 By Dr. Guy Waizel In Cato Networks
Savanti is Cato Networks’ internal, agentic AI assistant that blends knowledge from Slack, Confluence, Git, and Jira to provide instant, context-rich answers. Savanti routes each query through an adaptive reasoning workflow by choosing between direct, deep, or multi-step reasoning based on the question’s complexity. Every answer is grounded in real internal context, backed by citations, and evaluated for confidence before being delivered.
Read Post
astra

How to Build an API Security Strategy: The Complete Guide (2026)

Jan 8, 2026 By Jinson Varghese In Astra
Today, APIs power everything from mobile apps to cloud platforms, quietly moving data behind the scenes. That invisibility makes them prime targets. Over 84% of organizations experienced API security incidents last year, with breaches exposing ten times more data than in traditional attacks. Attackers now deploy AI-powered tools that map endpoints in minutes and exploit business logic flaws your defenses can’t see.
Read Post
astra

What is AI Security? The CTO's Guide to Securing LLMs & Models

Jan 8, 2026 By Shikhil Sharma In Astra
Here’s an unsettling truth: While 80% of organizations are adopting AI, only 6% have any form of AI security strategy in place (SandboxAQ 2025 AI Security Benchmark report). It’s like buying a Porsche 911 without locks or keys, a cash-guzzling public service car whose cost you’re apparently happy to bear.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.