Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
The Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik and Amit Malik
The race for AI dominance has created a dangerous imbalance between business velocity and cyber resilience. In this episode, host Caleb Tolin is joined by Joe Hladik, Head of Rubrik Zero Labs, and Staff Security Researcher Amit Malik to break down the findings of their latest report on agentic adoption. The discussion centers on the Agentic Paradox. This is the technical reality that tools designed to automate high-level tasks are inherently built to find the most efficient path around obstacles, including existing security policies.
Application Security Prioritization: How the Best Teams Fix What Matters Most
In the race to ship software faster, security teams are drowning. Not in vulnerabilities… those are abundant, predictable even. They’re drowning in noise. The average enterprise application generates thousands of security findings from multiple scanners, each screaming for attention with equal urgency. Meanwhile, developers are building faster than ever, fueled by cloud-native architectures, open-source dependencies, and AI-generated code. The uncomfortable truth?
Unlock the Power of Agents with JFrog's Skills and MCP Tools
Agents are writing code, suggesting dependencies, and reviewing PRs, without any knowledge about your trusted package sources, security posture, or governance policies. When agents operate without supply chain context, they introduce risk, create rework, and weaken the guardrails DevSecOps teams rely on to ship with confidence. JFrog is changing that.
Beyond the Checklist: Inspection-Readiness Starts With Building a Culture of Compliance and Transparency
Inspection readiness in life sciences is no longer just about checklists and technical controls. True compliance requires a culture of transparency, strong data governance, and continuous audit readiness. By embedding traceability, accountability, and automated compliance into everyday workflows, organizations can build trust with regulators, reduce inspection risk, and ensure their data integrity supports both regulatory success and patient safety.
Moving past bots vs. humans
For us humans to interact with the online world, we need a gateway: keyboard, screen, browser, device. What is called "human detection" online are patterns that humans use when interacting with such devices.
If "stdio" is a Vulnerability, So Is "git clone" - Notes on Riding the AI Vulnerability Trend
A developer clones a repository and opens it in VS Code at 10:47 a.m. Before their cursor blinks, six different configuration file formats on disk have a chance to execute shell commands on the host. A.vscode/tasks.json with runOn: folderOpen. A.devcontainer/devcontainer.json with initializeCommand. A post-checkout hook already sitting in.git/hooks/. A postinstall line waiting in package.json for the next dependency install. A.envrc in the project root.
How to Detect AI-Mediated Data Exfiltration in the Cloud
Your SOC gets an alert from the CNAPP: an outbound connection from a pod in the ai-prod namespace to . The destination is in the allowlist. The payload size is 28 kilobytes — well under the DLP threshold. The agent’s service account has permission to invoke the email tool. By every check your stack runs, the traffic is normal. Forty minutes later, a customer support lead notices that an email went out containing a summary of 2,400 customer records that the agent had no business querying.
AI Agent Sandboxing in Financial Services: Containing Blast Radius
Your progressive enforcement rollout is working. eBPF sensors are deployed across the cluster. Behavioral baselines are converging. Enforcement policies are generating from observed behavior, just like the observe-to-enforce methodology prescribes. Then your compliance officer walks over to the platform team’s desks and asks a question nobody anticipated: “Which agents are in observation mode right now?”
From Panic to Playbook: Modernizing ZeroDay Response in AppSec
Why the next Log4Shell will be won or lost in the first 72 hours—and what a modern zero‑day workflow looks like. Every security team remembers where they were when Log4Shell dropped. A quiet Friday afternoon in December 2021 turned into a weekend of war rooms, emergency patches, and executive updates. Years on, the Log4j fallout still shows up in breach reports—a stubborn reminder that zero‑days don’t end when the news cycle does.
The OtterCookie Matryoshka
Over the past month, the cybersecurity community has published isolated reports detailing disparate attacks by the North Korean state-aligned threat group Shifty Corsair (also known as FAMOUS CHOLLIMA). While individual vendors have documented specific supply chain poisons or targeted spear-phishing campaigns, the Threat Fusion Cell (TFCTI) at BlueVoyant has synthesized these findings to reveal a much larger, coordinated offensive.