Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Seemplicity AI Analysts First to Provide Autonomous Vulnerability Response
AI-driven validation confirms runtime exploitability directly within the remediation workflow.
The Identity Problem Hiding in AI Agent Deployments
As organizations rush to deploy AI agents across enterprises to handle HR cases, write and execute code, and manage customer interactions, they very often need to grant them access to sensitive systems and data.
How a Modern Autonomous Penetration Testing Framework Differs from Legacy DAST
Over the years, Dynamic Application Security Testing (DAST) has helped you identify common vulnerabilities via automated scanning, fuzzing, and pattern-based detection. While valuable for baseline vulnerability discovery and compliance requirements, many security leaders, including maybe yourself, are now questioning DAST.
How to Run an IAM Policy Simulator: Step-by-Step Guide
AWS IAM Policy Simulator is a testing tool that helps teams evaluate whether an IAM policy allows or denies specific AWS actions before those permissions are applied in production.
Identiverse 2026: The Challenges Of Solving Identity For AI Agents At Scale
This year's event made it clear that as AI agents scale across enterprises, we must solve ownership, delegation, least privilege, and auditability before production risk grows.
Hunting Leaked PyPI Tokens: 62 Live, 125 Packages Exposed
We found 62 live PyPI tokens leaking on public sources, enough to push malicious code to 125 packages with 25,000 monthly downloads. We reported them to PyPI, which revoked every one. Here's how we decoded the macaroons and checked which still worked.
Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets
On Jun 24, 2026, the codfish/semantic-release-action GitHub Action was compromised through an imposter commit attack. An attacker force-pushed two malicious commits into the repository and repointed sixteen tags to them, including the floating major version tags v2, v3, v4, and v5. Any workflow referencing the action by one of those tags will pull and run the attacker's code on its next CI run.
Boost Security Workflows with Veracode Analytics | Secure Coding Challenges & Solutions
Struggling with inefficient secure coding workflows, lack of visibility into developer actions, and growing security debt? In this clip, Christian Dalomba breaks down the biggest challenges organizations face with secure development and shows how Veracode Fix Analytics helps you move beyond just finding vulnerabilities to actually fixing them faster and smarter. Key takeaways.
Grid by LimaCharlie: Automated Detection, Investigation, and Response - Full Demo
In this session, LimaCharlie CEO Maxime Lamothe-Brassard walks through Grid, LimaCharlie's agentic SecOps layer built on Claude Code, and shows how it solves security operations problems end-to-end, from initial setup to ongoing autonomous maintenance. What's covered: Grid runs on Claude Code under the hood, with your own API keys, so cost is transparent and fully in your control. Timestamps.
Why AI Is Becoming an Operational Requirement for Security Teams
In our previous article, From Vulnerability Management to Continuous Security Operations, we explored how organizations are moving beyond traditional vulnerability management toward a model built on continuous visibility, continuous prioritization, and continuous action. But that evolution raises an important question: how do security teams sustain this model at scale? For years, the cybersecurity industry focused on visibility.