Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
COPPA Compliance - Now!
On June 23, 2025, the Federal Trade Commission’s sweeping amendments to the Children’s Online Privacy Protection Rule (COPPA) took effect, ushering in more stringent duties for any operator collecting or using children’s data—whether via websites, services, or AI‑powered agents. Companies must achieve full compliance by April 22, 2026 (Finnegan | Leading IP+ Law Firm, Bass, Berry & Sims PLC).
Beyond the Prompt: Securing the "Brain" of Your AI Agents
Imagine an autonomous AI agent tasked with a simple job: generating a weekly sales report. It does this reliably every Monday. But one week, it doesn't just create the report. It also queries the customer database, exports every single record, and sends the file to an unknown external server. Your firewalls saw nothing wrong. Your API gateway logged a series of seemingly valid calls. So, what happened? The agent wasn't hacked. Its mind was changed.
MCP security is non-negotiable for AI-driven organizations
Model Context Protocol (MCP) is gaining traction because it enables LLMs to interact with live systems and enhance context by retrieving and managing relevant real-time information. LLMs can’t query Salesforce, trigger an Okta password reset, or fetch context from your SIEM, for example. MCP bridges that gap by connecting AI models to real-world APIs, powering AI applications like retrieval-augmented generation and multi-step agent workflows. They’re fast to deploy.
Beyond PCI and HIPAA: How Feroot Powers California Invasion of Privacy Act (CIPA) Compliance
Yes—if your website, app, or other online platform interacts with users located in California, CIPA may apply, even if your business is not physically based there. Enforced under California Penal Code §§ 631, 632, 632.7, and 637.2, CIPA was originally designed to stop wiretapping and unauthorized call recording. Courts are increasingly applying it to digital communications, including web chats, form submissions, and user behavior tracking. The challenge?
SOC 2 Type I vs Type II: Which One Does Your Business Need?
If you’ve been Googling things like “Do I need SOC 2 Type 1 or Type 2?” you’re not alone. It’s one of the most common questions we hear from businesses tackling SOC 2 for the first time. Whether you're a fast-growing SaaS start up, a fintech navigating due diligence, or a healthcare platform handling sensitive data, getting a clear handle on the difference between Type I and Type II can save you serious time, money, and frustration.
Falcon Next-Gen Identity Security Unifies Protection Across All Identities and Domains
CrowdStrike is excited to announce CrowdStrike Falcon Next-Gen Identity Security, a new solution built to protect every identity — human, non-human, and AI agent — across on-premises, cloud, and SaaS environments. This new offering addresses the growing need for comprehensive protection throughout the full identity lifecycle.
Defending Against SCATTERED SPIDER with Falcon Next-Gen SIEM
SCATTERED SPIDER is a prolific eCrime adversary that has conducted a range of financially motivated activities beginning in early 2022. Since surfacing, this adversary continues to compromise organizations around the world, deploying ransomware and exfiltrating sensitive files.
Secure Cloud Access - CyberArk MCP Server
Take control of cloud access for AI-driven workflows without slowing down your team. CyberArk SCA MCP Server is the latest innovation in identity security, purpose-built for the age of agentic AI. Now available in the AWS Marketplace, CyberArk SCA MCP Server empowers developers and AI agents to securely request elevated access directly from their IDE while enforcing Zero Standing Privileges across multi-cloud environments.
How to Hack a Cloud: Insider Threat
In this episode of How to Hack a Cloud: Insider Threat, discover how standing administrative access in AWS can be exploited by a disgruntled employee. Follow Michael Scott’s story as he misuses his S3 admin privileges to silently delete critical data, leaving the company blindsided. Learn how CyberArk Secure Cloud Access enforces Zero Standing Privileges, ensuring time-bound, need-based access to prevent such malicious activity—all while maintaining seamless workflows for legitimate tasks. See how this solution strengthens identity security across multi-cloud environments.
How to Hack a Cloud Access Mismanagement
Protect Your Cloud: Prevent Access Mismanagement with CyberArk Secure Cloud Access Discover how to safeguard your cloud environment from access mismanagement in this eye-opening episode of How to Hack a Cloud: Access Mismanagement. The video demonstrates how attackers exploit standing AWS IAM access keys, turning a common oversight into a major security breach.