Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Endpoint Data Loss Prevention: Everything You Need to Know
Endpoint data loss prevention (DLP) is a critical compliance service designed to ensure that an organization's sensitive or confidential information remains secure by implementing robust security controls and continuously monitoring devices to protect data from unauthorized access or transmission and prevent potential data breaches.
Beyond PCI and HIPAA: How Feroot Powers Colorado Privacy Act (CPA) Compliance
If your website or digital app collects, tracks, or sells data from Colorado residents, chances are the Colorado Privacy Act (CPA) applies to you. Like California’s CCPA and Virginia’s VCDPA, the CPA is part of the growing patchwork of state-level privacy laws reshaping how U.S. businesses handle personal data. Yet many companies underestimate the scope of the Colorado Privacy Act—or assume compliance is covered by PCI DSS or HIPAA if they process payments or healthcare data.
Less ransomware, same risk. How can it be prevented?
Just because ransomware attacks have decreased doesn’t mean that the risk has disappeared. Indeed, it remains one of the most disruptive threats to any organisation. Headlines can convey a false sense of relief: Ransomware attacks are down 15%, according to Verizon's latest DBIR report. But for those of us who work in cybersecurity, we know that this doesn't tell the whole story, especially when the real issue isn't how often an attack occurs, but what happens when it does.
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.
Catch Bugs Early: Dynamic Scanning & the Cake Analogy Explained #cybersec
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
The MemcycoFM Show: Episode 15 - Remote Access Scams: The Hidden ATO Threat Security Teams Miss
Remote access scams are social engineering attacks where fraudsters convince users to install or open remote desktop tools like TeamViewer or AnyDesk. Once inside, they hijack login flows, harvest credentials, and often bypass MFA — opening a hidden path to account takeover (ATO). These scams are rising fast, exploiting customer trust and evading traditional fraud controls. In this guide, we’ll break down how these scams work, why they’re so effective, and how security teams can detect and disrupt them — in real time, before ATO occurs.
Remote Access Scams: How to Stop Them (and Why Security Teams Miss the Risk)
Remote access scams are social engineering attacks where fraudsters convince users to install or open remote desktop tools like TeamViewer or AnyDesk. Once inside, they hijack login flows, harvest credentials, and often bypass MFA, opening a hidden path to account takeover (ATO). These scams are rising fast, exploiting customer trust and evading traditional fraud controls.
The Double-Edged Sword: Benefits and Risks of AI Transformations
Over the past few years, artificial intelligence (AI) has transformed millions of organizations worldwide. AI can automate rote tasks, facilitate natural-language interfaces, and pick up subtle patterns in huge data sets. It can also hallucinate wrong answers, reinforce societal biases, and even introduce cybersecurity risks. Before incorporating the technology into their workflows, responsible organizations must weigh the benefits and risks of AI.
Smishing Campaign Targets California Taxpayers With Phony Refund Offers
The State of California’s Franchise Tax Board (FTB) has warned of an ongoing SMS phishing (smishing) campaign targeting residents, Malwarebytes reports. The FTB stated, “These text messages contain a link to a fraudulent version of certain FTB web pages, which are designed to steal personal and banking information.
Advanced Educational Competition - Ask Your Employees To Submit Their Best Phishing
I occasionally get human risk management (HRM) administrators asking me to help them with ideas of “contests” to better educate their end-users. They have usually done the traditional recommendations, which means at least monthly-to-weekly security awareness training (SAT) and simulated phishing. They are working to educate their end-users about social engineering and phishing attacks as best as they can without being overly annoying.