Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Five-Year Plans, Forever Wars: China's Blueprint for Cyber Dominance
Chinese state-backed cyber operations are often misunderstood as a single, centrally controlled machine. In reality, they are fragmented, diverse, and strategically aligned with China’s national objectives, from economic development to critical infrastructure positioning. In this episode of Data Security Decoded, join Caleb Tolin as he sits down with Mei Danowski, Co-Founder of Natto Thoughts and expert in geopolitical intelligence, to explore how China’s cyber ecosystem operates and how it is shaped by cultural, political, and economic structures.
Why Point-in-Time Audits Are Failing You
Annual audits show how compliant you were on one day. But cyber threats don’t wait for next year’s check-in. We need a living, breathing approach to compliance.
Master Tool Sprawl: A Path to Simplicity
IT Pros: if you're feeling overwhelmed by the sheer number of IT tools, you're not alone. JumpCloud's new report found IT teams use an average of 9.3 tools for core functions. But this 'tool sprawl' isn't just an annoyance. 74% of IT pros say it adds complexity, and the top challenge? Security gaps, cited by 56%.
Black Hat 2025 - From Chaos to Control - How Bank Of Hope Achieved Zero Critical Vulnerabilities
At Black Hat 2025, Nucleus Security and Bank of Hope shared how a small but determined security team transformed its vulnerability management program into a risk-driven, automated operation.
MITRE Introduces AADAPT Framework to Combat Crypto-Focused Cyber Threats
Amid a surge in cryptocurrency-related cybercrime, MITRE has unveiled AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a brand-new framework designed to shore up cybersecurity weaknesses within digital financial systems such as cryptocurrency.
AI Agents Complicate GRC
The challenge isn’t just that AI agents are new. It’s that they blur traditional boundaries of data control, creating hidden sub-processors and uncontrolled data flows. For CISOs, compliance officers, and security leaders, this presents a fundamental governance problem: if you don’t know which AI services are touching your data, you cannot prove compliance.
An exploration of information exposure on document sharing platforms
Public document libraries and hosting services are websites which host content such as academic and legal papers, work templates, and more. Occasionally, these services allow users to freely search, read, and upload documents without requiring a subscription. This can lead to incidents where content is uploaded without a user’s full understanding of the ramifications of making such documents public.
GDPR Compliance Checklist and Requirements for 2025
For consumers and businesses, a GDPR compliance checklist helps everyone understand how to protect data, how to manage their data with companies, and what steps can be taken to limit how their data is used or prevent data breaches. Throughout this article, we will discuss in depth what steps should be monitored when following a GDPR compliance checklist to avoid fines or legal consequences.
Software Supply Chain Attacks in 2025: What We Learned from Gartner
Download the Gartner 2025 Market Guide for Software Supply Chain Security (SSCS) to learn how to protect your organization. Software supply chain attacks are a top threat to enterprises worldwide. These sophisticated attacks target everything from open-source components and third-party APIs to critical DevOps toolchains. If you’re building software, your supply chain is a prime target.
AWS Lambda GitHub Actions Integration: Streamlining Serverless CI/CD
In August 2025, AWS made native support available to deploy AWS Lambda functions straight from GitHub Actions. With this integration, a lot of the complexity developers have had to undergo conventionally with serverless automatic deployment is eliminated. As a valuable practical improvement, teams will now gain the ability to utilize declarative GitHub workflows with OIDC-secured authentication and auto-packaging of code for simpler CI/CD pipelines.