Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
A QUICker SASE client: re-building Proxy Mode
When you need to use a proxy to keep your zero trust environment secure, it often comes with a cost: poor performance for your users. Soon after deploying a client proxy, security teams are generally slammed with support tickets from users frustrated with sluggish browser speed, slow file transfers, and video calls glitching at just the wrong moment. After a while, you start to chalk it up to the proxy — potentially blinding yourself to other issues affecting performance.
The Next Generation of SAST Scanning
For years, developers have faced a frustrating trade-off when it comes to application security testing: you could have speed, or you could have depth. Deep, comprehensive scans often meant waiting for results. Fast scans, on the other hand, often missed critical vulnerabilities or flooded the backlog with false positives. But as development cycles accelerate and AI-generated code introduces new risks at scale, this choice is no longer acceptable.
OpenShift Virtualization Engine: The Complete Handbook
Running virtual machines and containers side by side typically means managing two separate infrastructure stacks with different tools and workflows. OpenShift Virtualization Engine solves this by letting VMs run as native Kubernetes resources within Red Hat OpenShift. You get one platform, one interface, and consistent policies across your entire environment.
Ep. 38 - The Evolution of Offensive Cybersecurity
"Hope is not a strategy." The roots of hacking go deeper than you think—all the way back to Bletchley Park and the first computers ever built. In the latest episode, Adrian Culley joins Tova Dvorin to trace the evolution of offensive security: from 1970s "phone freakers" to the sophisticated Breach & Attack Simulation (BAS) of today. The Insight: Penetration testing was a vital evolution, but it’s a "photo of a moving target." Modern resilience requires a "cyber training gym"—a continuous, automated sparring partner that validates your defenses against the latest TTPs 24/7/365.
The Future of the Cybersecurity Workforce in an AI-Driven Era
New research shows the cybersecurity workforce is undergoing a major shift as AI transforms security operations. While leaders remain deeply committed to the field, many are facing increasing burnout, evolving skill demands, and growing responsibility for governing AI-driven systems. The future cybersecurity leader will need to balance technical expertise with communication, business alignment, and AI oversight.
How to Implement Mobile AppSec in a CI/CD Pipeline
For many engineering teams, CI/CD security appears to be working. Static scans run automatically. Vulnerabilities are flagged. Security checks exist somewhere in the pipeline. Yet issues still surface after release. The reason is rarely the absence of tools. More often, it is the absence of structural enforcement across the build lifecycle. Security controls run inside the pipeline, but they do not always guarantee that the artifact being tested is the same artifact that ultimately reaches users.
Spear Phishing Attacks: Top 7 Signs to Watch For
Spear phishing is on the rise in the US and is quickly becoming the biggest cybersecurity threat for businesses. With more sophisticated, human-like emails and a greater reliance on email communication in general, it can be difficult to spot a standard phishing attack, let alone a spear phishing one.
Navigating the U.S. Public Sector's Unrelenting Cyber Crisis
The U.S. public sector faces unique challenges as it is tasked with safeguarding the most sensitive data of citizens, all while maintaining the critical infrastructure that keeps society functioning. Unfortunately, government and educational institutions are no longer just peripheral targets, they are on the frontline of cyberattacks.
Email Security: What It Is, How It Works, and Best Protection Methods
Email-based threats are evolving faster than traditional solutions can keep up. According to Verizon’s 2025 Data Breach Investigations Report, the use of synthetically generated text in malicious emails has doubled over the past two years. That makes it far more difficult to spot social engineering attacks like phishing, which trick users with deceptive messages.
Threat Actors Abuse Messaging Platforms to Launch Phishing Attacks
Messaging platforms are now a major vector for phishing and other social engineering attacks, according to a new report from NCC Group’s Fox-IT. The researchers warn that legitimate messaging apps such as WhatsApp, Telegram, Discord, Signal, LinkedIn, and Gmail-integrated messaging serve as avenues through which attackers can target users while evading email security filters.