Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Hybrid Team Security After the VPN Switch: A Field Playbook
Hybrid work security breaks when teams pretend every remote session starts from a clean, controlled network. It does not. People connect from home routers with old firmware, from shared family devices, from hotel Wi-Fi where nobody can tell you who else is sitting on the same access point. A VPN tunnel helps protect traffic in transit, yes, but that is only one slice of the risk surface. If the endpoint is weak or the account is compromised, the tunnel just carries bad traffic more privately. Start with an exposure map before buying more tools. List where people actually work, which devices they use, which apps they touch daily, and which actions would cause real damage if abused. Then rank those flows by business impact. I think teams skip this because it feels less exciting than deploying software, but this map is what keeps programs grounded. Without it, controls get placed where they are easy, not where they matter, and attackers find the same blind spots over and over.
The Hidden Security Risks of Mobile Workforce Applications in Field Operations
Mobile workforce applications are a $7+ billion market, forming the backbone of modern field service, but they are also becoming the primary targets of sophisticated cyberattacks. For a field technician, a mobile device is a tool, like a wrench or a multimeter, yet it holds the keys to your entire customer database and internal financial records.
Elastic: Unifying security operations with Elastic: From data ingestion to threat response
Discover how Elastic Security brings together the full spectrum of security operations - from ingesting large volumes of diverse data to responding to threats in real time - all within a single, scalable platform. This session will showcase Elastic Security's AI-powered workflows, including automated data ingestion, intelligent alert triaging, and a context-aware AI assistant that helps accelerate investigations and reduce noise.
Forescout: The Zero Day Clock Just Broke: Why AI Is Forcing a Rethink of Vulnerability Management
The rules of vulnerability management just changed, and most security programs aren't ready. Frontier AI models and autonomous agents are collapsing the time between vulnerability discovery and exploitation from months to days, and in some cases, hours. Initiatives like Claude Mythos and Project Glasswing aren't just accelerating research, they're changing the economics of attack. What once required elite expertise, extended timelines, and manual effort can now be automated, chained, and executed at machine speed.
Top tips: How you can shrink the time between a vulnerability and an attack
Top tips is a weekly column where we highlight what’s trending in the tech world and share ways to stay ahead. This week, we’re looking at how the gap between a vulnerability and an attack is shrinking rapidly. A vulnerability is discovered. It could be a small bug, a missed update, or a gap in how a system is configured. It gets reported, documented, and sometimes even publicly disclosed. For a long time, there used to be an extended window between discovery and attack.
Securonix Connects Threat Intelligence to Action with AI-Powered Threat Research Agent and ThreatWatch Validation
Threat Research Agent and ThreatWatch combine AI-driven threat research and exposure validation to help security teams act with confidence.
Penetration testing vs vulnerability assessment: What's the difference?
Understanding the difference between penetration testing and vulnerability assessment is an important part of building an effective security programme. While the terms are often used interchangeably, they serve distinct purposes and provide different types of insight into an organisation’s risk profile. For technology-led organisations, particularly those operating complex SaaS platforms or cloud environments, both approaches have a role to play.
Are You Behind on Patching? | CISA KEV vs. Third-Party KEVs
Are you relying solely on the CISA KEV list for your vulnerability management? You might already be behind. In this video, Rob Babb, Exposure Management Strategist at Seemplicity, discusses why waiting for a vulnerability to appear on the CISA KEV list can leave your organization exposed for weeks. In this video, you’ll learn: It's time to break the cycle of technical debt. Learn more at: seemplicity.ai.
Mend.io and GitHub Partner to Bring Mend Renovate Cloud to Open Source Maintainers
At Mend.io, we understand better than some the weight that sits atop the shoulders of open source maintainers who support the ecosystem at large. These maintainers need to keep on top of supply chain security best practices, keep their dependencies up-to-date, taking on new contributions from users, all the while trying to squeeze that into their “off hours”.
AI: The hero's journey with Ken Westin
Join us for this week's Defender Fridays as Ken Westin, Senior Solutions Engineer at LimaCharlie, shares his AI journey and what the hero's journey framework reveals about how security professionals can move from hesitation to genuine mastery of AI tools. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.