Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
TurboTax SMS Scam
It is tax season in the United States and that means plenty of tax scams. I recently received these SMS messages. I am a TurboTax user, so hey, these might be legit, even though they look scammy. I first looked up the ttax.us domain using GoDaddy’s Whois service. The ttax.us domain is not valid. Fact is, scammers would not have sent out a scam message using a non-existent domain, so it probably means that it was taken down. Well, that’s good!
"503 Service Unavailable" Error on the vSphere Web Client: What Should You Do?
VMware vCenter Server, the centralized management point in vSphere, is used for managing ESXi hosts, clusters, VMs, and other components in your virtualized data center. This blog post addresses the 503 Service Unavailable that you may get in vSphere Client when you try to connect to vCenter. Read to learn about the potential causes of this error and how to fix it. NAKIVO for VMware vSphere Backup Complete data protection for VMware vSphere VMs and instant recovery options.
3 pillars of hyperproductivity for MSPs
The shift to distributed work has permanently changed how managed service providers (MSPs) operate. Endpoints now span offices, homes, airports and everything in between, and each one requires consistent protection, visibility and management. Attackers have also accelerated their use of automation and AI, increasing pressure on technicians already managing growing workloads. Traditional, manual service models can no longer keep up.
Rethinking SaaS access security after login
Most organizations have gotten very good at protecting the front door. We invest heavily in single sign-on (SSO), mandate multi-factor authentication (MFA), and lock down who can log in, from where, and under what conditions. We do everything to ensure that the right user has the right access. But one critical question often still goes unanswered: What really happens after someone logs in?
Cato CTRL Threat Research: New MongoDB Vulnerability Allows Instant Remote Server Takedown (CVE-2026-25611)
Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a new vulnerability (CVE-2026-25611 with a “High” severity rating of 7.5 out of 10) in all MongoDB versions with compression enabled (version 3.4+, enabled by default since version 3.6), including MongoDB Atlas. The vulnerability can enable a threat actor to crash any MongoDB server. MongoDB Atlas clusters are not internet-reachable by default.
What a Rogue Vacuum Army Teaches Us About Securing AI
If you’re like me, you’ve been enthralled with the recent story, expertly written by Sean Hollister at The Verge, about how Sammy Azdoufal built a remote control for his DJI Romo vacuum with a PlayStation controller, and ended up in control of 7,000+ robovacs all over the world. On the surface, it sounds like vibe coding gone slightly sideways. I mean, really, what could a vacuum possibly do? Turns out… a lot.
Your AI Just Became the Insider Threat | CrowdStrike Global Threat Report 2026
Hackers can reach your critical systems in just 27 seconds. In 2025, AI-powered cyberattacks surged 89% as adversaries weaponized the same AI tools organizations use every day. From eCrime groups to China-nexus actors, North Korean operatives, and Russian intelligence, AI is accelerating and reshaping global threat activity. In this video, you’ll learn: Adversaries are not just using AI. They are weaponizing your AI against you.
Browser Extensions Are a Hidden Attack Surface
CrowdStrike Exposure Management.
AI certificate
You can ask AI to create a song that sounds like a famous band sang it. But what happens if you use it or share it? Are there legal or other implications? AI tools must be visible and governed. Shadow AI isn’t. Take Cato’s AI in Cybersecurity course to understand the risks of unsanctioned AI tools. It’s free, comes with a downloadable cert, and earns CPE credits. Register now.
Ep. 48 - Iran's 12 Days of Cyber War: How Missiles Triggered a Global OT Hacking Campaign
June 2025 marked a turning point in cyber warfare. In this episode of The Cyber Resilience Brief, Tova Dvorin and offensive engineer Adrian Cully break down the cyber escalation that followed Operation Rising Lion—what some analysts now describe as Iran’s 12 days of cyber war. As missiles struck Iranian strategic targets, coordinated hacktivist groups like Cyber Avengers and Handala launched psychological operations, mass SMS spoofing campaigns, and attacks targeting operational technology (OT) systems—including Unitronics PLCs used in water and industrial facilities worldwide.