Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cyberark

Declutter your crypto: Machine identity security for a post-quantum world

Aug 27, 2025 By Kevin Bocek In CyberArk
In a bad dream, you open the closet. You think you know exactly what’s in there: a few SSH keys, a bunch of TLS certificates, and some secrets like API keys locked in what you believe to be a safe place. But pull it all out and suddenly you find yourself face-to-face with stacks of forgotten ciphers, drawers stuffed with expired certificates, and algorithms in use you thought teams had left behind in 2011. And that’s just for one application.
Read Post

EP 14 - Beyond secrets: Securing the future of machine identity

Aug 27, 2025 By CyberArk In CyberArk
In this episode of Security Matters, host David Puner sits down with Matt Barker, CyberArk’s VP and Global Head of Workload Identity Architecture, for a deep dive into the exploding world of machine identities and the urgent need to rethink how to secure them. From his journey co-founding Jetstack and creating Cert Manager to leading CyberArk’s efforts in workload identity, Matt shares insights on why secrets-based security is no longer sustainable—and how open standards like SPIFFE are reshaping the future of cloud-native and AI-driven environments.
View Video
cyberark

A CISO's guide to post-quantum readiness: How to build crypto agility now

Aug 20, 2025 By Erez Waisbard In CyberArk
The quantum threat isn’t theoretical—it’s operational. Quantum computing is rapidly shifting from research to reality, forcing chief information security officers (CISOs) to rethink cryptography, risk management and long-term data protection. In a previous post, I explained the quantum challenge. Recently, we explored why quantum readiness is not optional. Now, it’s time for action.
Read Post
cyberark

How external attackers and malicious insiders exploit standing privileges in the cloud

Aug 18, 2025 By Brooke Jameson In CyberArk
For many of us, the term “cloud security breach” conjures meticulous attack plans executed by sophisticated criminal syndicates. But in reality, “attacks” can be far more mundane: maybe some forgotten credentials, a few default permissions, or a user whose cleanup to-do list never got done. At the center of these incidents are standing privileges: long-lived access rights originally granted for legitimate tasks.
Read Post
cyberark

Bridging runtime visibility and secrets management in Kubernetes with Sweet Security and CyberArk

Aug 14, 2025 By Niels van Bennekom In CyberArk
Secrets management is a foundational pillar of cloud security. It enables secure storage, rotation, and access control for application secrets. But in Kubernetes environments, secrets don’t just live in vaults; they move, execute, and often proliferate across clusters and containers. Without visibility into how secrets are used at runtime, organizations risk exposing sensitive data without realizing it.
Read Post
cyberark

Rethinking secondary accounts: How zero standing privileges (ZSP) reshape identity security

Aug 14, 2025 By Mark Szalkiewicz, Mike Bykat and Prashant Tyagi In CyberArk
For years, separating day-to-day user activity from administrative tasks through secondary accounts was considered a security best practice. But as identity threats grow more sophisticated and cloud environments become more dynamic, this static model is showing its age. Today, modern identity security demands a shift—one that zero standing privileges (ZSP) are designed to deliver.
Read Post

How to Hack a Cloud Access Mismanagement

Aug 14, 2025 By CyberArk In CyberArk
Protect Your Cloud: Prevent Access Mismanagement with CyberArk Secure Cloud Access Discover how to safeguard your cloud environment from access mismanagement in this eye-opening episode of How to Hack a Cloud: Access Mismanagement. The video demonstrates how attackers exploit standing AWS IAM access keys, turning a common oversight into a major security breach.
View Video

How to Hack a Cloud: Insider Threat

Aug 14, 2025 By CyberArk In CyberArk
In this episode of How to Hack a Cloud: Insider Threat, discover how standing administrative access in AWS can be exploited by a disgruntled employee. Follow Michael Scott’s story as he misuses his S3 admin privileges to silently delete critical data, leaving the company blindsided. Learn how CyberArk Secure Cloud Access enforces Zero Standing Privileges, ensuring time-bound, need-based access to prevent such malicious activity—all while maintaining seamless workflows for legitimate tasks. See how this solution strengthens identity security across multi-cloud environments.
View Video

Secure Cloud Access - CyberArk MCP Server

Aug 14, 2025 By CyberArk In CyberArk
Take control of cloud access for AI-driven workflows without slowing down your team. CyberArk SCA MCP Server is the latest innovation in identity security, purpose-built for the age of agentic AI. Now available in the AWS Marketplace, CyberArk SCA MCP Server empowers developers and AI agents to securely request elevated access directly from their IDE while enforcing Zero Standing Privileges across multi-cloud environments.
View Video

EP 13 - Pizza parties and profit margins: The business of cybercrime

Aug 12, 2025 By CyberArk In CyberArk
Cybercriminals today operate more like startups than stereotypes—complete with org charts, sprint cycles, and pizza parties to celebrate successful breaches. In this episode of Security Matters, host David Puner talks with former CISO and U.S. Air Force veteran Ian Schneller about the evolving sophistication of threat actors and what it takes to stay ahead.
View Video
cyberark

EP 13 - Pizza parties and profit margins: The business of cybercrime

Aug 12, 2025 By CyberArk In CyberArk
Cybercriminals today operate more like startups than stereotypes—complete with org charts, sprint cycles, and pizza parties to celebrate successful breaches. In this episode of Security Matters, host David Puner talks with former CISO and U.S. Air Force veteran Ian Schneller about the evolving sophistication of threat actors and what it takes to stay ahead.
Read Post
cyberark

CIO POV: What am I actually supposed to do with agentic AI?

Aug 11, 2025 By Omer Grossman In CyberArk
For every enterprise CISO in the world right now, the burning question isn’t about cloud, TPRM, or internal threats. It’s about how to securely and responsibly adopt AI—specifically, agentic AI, the buzziest of today’s AI buzzwords. There’s no shortage of stats on skyrocketing adoption trends. Consider EY’s recent Technology Pulse Poll, which found that half of tech leaders have at least begun deploying agentic AI within their organizations.
Read Post
cyberark

'Plague' malware exploits Pluggable Authentication Module to breach Linux systems

Aug 7, 2025 By Malware Research Team In CyberArk
‘Plague’ represents a newly identified Linux backdoor that has quietly evaded detection by traditional antivirus solutions for over a year. Its primary mechanism involves operating as a malicious PAM, allowing attackers to silently bypass system authentication and establish persistent SSH access to compromised Linux systems.
Read Post
cyberark

CyberArk empowers Australia's cyber resilience with IRAP assessment completion at the protected level

Aug 7, 2025 By Rahul Dubey In CyberArk
As ransomware strains hospital operations and supply‑chain attacks target energy grids, Australia’s public and regulated sectors need proven cyber resilience. At the heart of most breaches lie human error and weak identity controls, making the Infosec Registered Assessors Program (IRAP) assessment program the gold standard for moving sensitive workloads to the cloud.
Read Post
cyberark

The life and death of an AI agent: Identity security lessons from the human experience

Aug 6, 2025 By Yuval Moss In CyberArk
AI agents are on the rise. They can spin up, act independently, use tools, and make decisions—often without real-time human oversight. They promise incredible productivity but also introduce new risks and challenges that can’t be ignored. As these agents become more autonomous and integrated into enterprise operations, they blur the lines between human and machine responsibilities. This raises critical questions: How do we ensure they act ethically?
Read Post
cyberark

CyberArk Secure Cloud Access achieves CSA STAR Level 1 certification

Aug 4, 2025 By Rahul Dubey In CyberArk
When you hand over the keys to your cloud, you’d better know who’s holding them—and for how long. In a world where speed is everything and complexity is the norm, organizations need more than visibility. They need assurance. That’s why we’re proud to share that CyberArk achieved CSA STAR Level 1 certification for its Secure Cloud Access (SCA) solution.
Read Post
cyberark

Container security at scale: Strengthening software supply chains

Aug 1, 2025 By Florin Lazurca In CyberArk
Modern applications have undergone a paradigm shift, with containers becoming the default choice for deployment. While their flexibility and scalability are well-recognized, their adoption has also surfaced new and complex security challenges. Organizations are now grappling with how to embed trust across their software supply chains, maintain compliance, and mitigate risks—especially as they increasingly incorporate open-source components and AI-generated code into their workflows.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.