Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Why Authorization Is Still the Weakest Link in API Security? #apisecurity #authorization #zerotrust
Even as authentication improves, broken authorization remains one of the most exploited vulnerabilities in APIs. In this clip, Wallarm and Oracle experts discuss real-world authorization flaws—including how missing or weak access checks can let attackers access sensitive data and functions. Learn why robust, field-level authorization is essential to protecting your APIs.
The Unified IT Imperative: Simplifying Complexity and Future-Proofing Your Organization
In this episode of the Make Work Happen podcast, we explore the strategic imperative of unified IT and how it helps leaders shape the future of their organizations. We draw on key findings from JumpCloud’s latest IT trends report to understand why IT fragmentation is a critical challenge for leaders worldwide. Joining us is JumpCloud customer Ricky Jordan, who provides a real-world case study on how a unified platform can simplify complex IT environments, address security risks, and drive strategic conversations.
MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations
On August 13, security researchers at Tel Aviv University disclosed a new HTTP/2 denial-of-service (DoS) vulnerability that they are calling MadeYouReset (CVE-2025-8671). This vulnerability exists in a limited number of unpatched HTTP/2 server implementations that do not sufficiently enforce restrictions on the number of times a client may send malformed frames. If you’re using Cloudflare for HTTP DDoS mitigation, you’re already protected from MadeYouReset.
Adversary Tradecraft: Exploitation of the SharePoint RCE
CVE-2025-53770 and CVE-2025-53771 are critical remote code execution vulnerabilities (CVSS base score 9.8) impacting Microsoft SharePoint, a widely deployed enterprise collaboration and content management platform. In this blog, we will simulate the exploitation of this SharePoint RCE vulnerability and analyze the resulting telemetry inside Graylog.
SIEM isn't dead. It's reborn and finally worth using.
The question isn’t whether security information and event management (SIEM) is dead. The real question is whether the traditional model of SIEM still serves today’s defenders. Spoiler alert: it doesn’t. Born from compliance needs and static rules, first-generation SIEMs provided log collection and correlation but not context. They buried analysts in noise and left threat detection slow, brittle, and expensive. But that’s changing.
Trustwave's FedRAMP Authorization: A Game-Changer for Your Security Strategy
The importance of a cybersecurity vendor being Federal Risk and Authorization Management Program (FedRAMP) authorized cannot be understated. In February 2025, after a multi-year process, Trustwave achieved full FedRAMP authorization for its Government Fusion platform, becoming the first pure-play Managed Detection and Response (MDR) provider to do so.
How Researchers Collect Indicators of Compromise
As security researchers, we actively monitor the latest CVEs and their publicly available exploits to create signatures. Beyond CVEs, we also hunt for malware on platforms such as MalwareBazaar, which enhances our visibility into attacks occurring across networks. Today, we'll demonstrate a simple workflow showing how researchers use various tools to collect indicators of compromise (IOCs) and develop appropriate signatures from detonated malware.
IBM 2025 Cost of a Data Breach Report: Lessons for API and AI Security
IBM’s 2025 Cost of a Data Breach Report offers one of the clearest and most comprehensive views yet of how AI adoption is shaping the security landscape. While breach numbers are relatively low – only 13% of organizations reported breaches involving AI models or applications – the report reveals a troubling pattern: APIs and integrations are often the real entry point, and they’re frequently under-secured. At Wallarm, we’ve been banging this drum for a while.
The MemcycoFM Show: Episode 12 - How The 5 Biggest Bank ATO Attacks Could've Been Stopped
Bank account takeover fraud is a growing global threat, costing financial institutions and customers billions each year. Attackers are refining their tactics, blending phishing, credential stuffing, and mobile malware to bypass traditional defenses. For banks, the stakes are high: a single breach can erode customer trust and regulatory standing overnight. We break down five of the most impactful account takeover attacks in recent years, examining what happened, how it happened, and how Memcyco’s real-time, browser-level, and mobile-layer protections could have mitigated the damage.
Kroll Conversations: Meet the Offensive Security Experts
Organizations are under constant threat from vulnerabilities hidden deep within their own systems and applications. Uncovering these types of weaknesses before they lead to security issues such as malware, ransomware attacks and social engineering is a challenge that Jugal Bhatt and Jonathan Hosick take on every day.