Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cyberark

Chasing digital ghosts across modern IGA environments

Jan 29, 2026 By Bruce Spooner In CyberArk
In Pac-Man, ghosts seem pretty easy to dodge. You’re clearing the maze, racking up points, three more pellets away from leveling up. Then, out of nowhere, they close in and cut off all hope of escape. Womp womp. Game over. In today’s enterprise environments, “ghost” or orphaned accounts represent a similar hidden risk. They appear low-impact, lingering in forgotten corners of the IT maze.
Read Post
cyberark

CVE-2025-60021 (CVSS 9.8): Command injection in Apache bRPC heap profiler

Jan 28, 2026 By Simcha Kosman In CyberArk
This research is published following the public release of a fix and CVE, in accordance with coordinated vulnerability disclosure best practices. CVE‑2025‑60021, a critical command injection issue in Apache bRPC’s /pprof/heap profiler endpoint, was identified during broader analysis of diagnostic and debugging surfaces in the framework. The issue was discovered using Vulnhalla, CyberArk Labs’ AI tool that assists in triaging CodeQL results using an LLM.
Read Post
cyberark

Are we trusting AI too much?

Jan 27, 2026 By David Higgins In CyberArk
Gone are the days when attackers had to break down doors. Now, they just log in with what look like legitimate credentials. This shift in tactics has been underway for a while, but the rapid adoption of artificial intelligence is adding a new layer of complexity. AI is a powerful tool, but our growing reliance on it comes with a catch: it’s eroding our critical thinking skills.
Read Post
cyberark

ServiceNow and CyberArk: New REST API integration for enhanced credential management

Jan 27, 2026 By Paul Cleary and Ram Devanathan In CyberArk
ServiceNow’s External Credential Storage and Management Application is designed to help organizations securely retrieve and manage credentials from external vaults during IT operations, like discovery and orchestration, without storing sensitive data in ServiceNow. This helps ensure compliance, reduces risk, and strengthens privileged access security across hybrid environments.
Read Post
cyberark

EP 24 - FOMO, identity, and the realities of AI at scale

Jan 27, 2026 By CyberArk In CyberArk
In this episode of Security Matters, host David Puner sits down with Ariel Pisetzky, chief information officer at CyberArk, for a candid look at the fast‑evolving intersection of AI, cybersecurity, and IT innovation. As organizations race to adopt AI, the fear of missing out is driving rapid decisions—often without enough consideration for identity, security, or long‑term impact.
Read Post

EP 24 - FOMO, identity, and the realities of AI at scale

Jan 27, 2026 By CyberArk In CyberArk
In this episode of Security Matters, host David Puner sits down with Ariel Pisetzky, chief information officer at CyberArk, for a candid look at the fast‑evolving intersection of AI, cybersecurity, and IT innovation. As organizations race to adopt AI, the fear of missing out is driving rapid decisions—often without enough consideration for identity, security, or long‑term impact. Ariel shares practical insights on what it really takes to secure AI at scale, from combating AI‑enabled phishing attacks to managing agent identities and reducing growing risks in the software supply chain.
View Video

Automating User Access Reviews: How IGA Delivers Real Business Value

Jan 23, 2026 By CyberArk In CyberArk
Still managing user access reviews manually? You’re not alone — and it’s costing you. This teaser highlights how automated User Access Reviews (UARs can reduce effort, improve audit readiness, and deliver real business value. In the full webinar, CyberArk experts share real-world examples, ROI insights, and how automation can cut review effort by up to 80%. Watch the full webinar on our website to learn how automated IGA transforms access reviews from a burden into a business advantage.
View Video
cyberark

The hidden cost of PKI: Why certificate failures aren't just an IT problem

Jan 21, 2026 By Kevin Bocek In CyberArk
For years, businesses have treated public key infrastructure (PKI) as background plumbing, quietly securing access across enterprise systems and devices, and rarely drawing executive attention unless something failed. New research from the Ponemon Institute suggests that those assumptions no longer hold.
Read Post
cyberark

CyberArk named overall leader in 2025 KuppingerCole ITDR Leadership Compass

Jan 20, 2026 By Yev Koup In CyberArk
KuppingerCole has recognized CyberArk identity threat detection and response (ITDR) as a leader across all categories: overall, product, innovation, and market in its 2025 KuppingerCole Leadership Compass for Identity Threat Detection & Response.
Read Post
cyberark

How the future of privilege is reshaping compliance

Jan 20, 2026 By Yaarit Natan In CyberArk
If privilege has changed, compliance can’t stay static. As organizations accelerate digital transformation, the compliance landscape is shifting beneath their feet—especially when it comes to how privileged access is controlled and proven. Regulatory requirements are multiplying, audit cycles are tightening, and the definition of privileged access has quietly expanded beyond people to workloads, automation, and AI-driven systems.
Read Post

Elevating Access Reviews to Be a Business Enabler

Jan 19, 2026 By CyberArk In CyberArk
Is your organization treating access reviews as a checkbox exercise — or a business enabler? In the full video, CyberArk’s Deepak Taneja explains why access reviews are becoming a critical pillar of identity security and zero trust — and how automation is reshaping their value across the business. Watch the full interview to learn why a compliance-only mindset creates risk, how organizations are modernizing access reviews, and what it takes to shift from audit task to strategic advantage.
View Video
cyberark

What's shaping the AI agent security market in 2026

Jan 16, 2026 By Shay Saffer In CyberArk
For the past two years, AI agents have dominated boardroom conversations, product roadmaps, and investor decks. Companies made bold promises, tested early prototypes, and poured resources into innovation, with analysts projecting an economic impact of $2.6 trillion to $4.4 trillion. As 2026 begins, the experimentation phase ends and the production era starts as organizations roll out AI agents at scale across their enterprises.
Read Post
cyberark

UNO reverse card: stealing cookies from cookie stealers

Jan 15, 2026 By Ari Novick In CyberArk
Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. In the case of StealC, the thin line between attacker and victim turned out to be highly exploitable. StealC is an infostealer malware that has been circulating since early 2023, sold under a Malware-as-a-Service (MaaS) model and marketed to threat actors seeking to steal cookies, passwords, and other sensitive data from infected computers.
Read Post
cyberark

Beneath the AI iceberg: The forces reshaping work and security

Jan 14, 2026 By Omer Grossman In CyberArk
In conversations about AI, there’s a tendency to treat the future like a horizon we’re walking toward, always somewhere ahead, always a question of when. But if we look closely, the forces reshaping work, identity, and security beneath the surface are far more consequential than most people realize. More importantly, that reshaping is already happening.
Read Post

EP 23 - Red teaming AI governance: catching model risk early

Jan 14, 2026 By CyberArk In CyberArk
AI systems are moving fast, sometimes faster than the guardrails meant to contain them. In this episode of Security Matters, host David Puner digs into the hidden risks inside modern AI models with Pamela K. Isom, exploring the governance gaps that allow agents to make decisions, recommendations, and even commitments far beyond their intended authority.
View Video
cyberark

EP 23 - Red teaming AI governance: catching model risk early

Jan 14, 2026 By CyberArk In CyberArk
AI systems are moving fast, sometimes faster than the guardrails meant to contain them. In this episode of Security Matters, host David Puner digs into the hidden risks inside modern AI models with Pamela K. Isom, exploring the governance gaps that allow agents to make decisions, recommendations, and even commitments far beyond their intended authority. Isom, former director of AI and technology at the U.S.
Read Post
cyberark

Inside CyberArk Labs: the evolving risks in AI, browsers and OAuth

Jan 8, 2026 By Andy Thompson In CyberArk
In 2025, we saw attackers get bolder and smarter, using AI to amplify old tricks and invent new ones. The reality is, innovation cuts both ways. If you have tools, AI is going to make them even more dangerous. Last year proved that every leap forward in technology brings new risks right alongside the rewards. At CyberArk Labs, our mission is to uncover hidden vulnerabilities and provide actionable insights that help organizations fortify their defenses.
Read Post
cyberark

Will AI agents 'get real' in 2026?

Jan 6, 2026 By Kaitlin Harvey In CyberArk
In my house, we consume a lot of AI research. We also watch a lot—probably too much—TV. Late in 2025, those worlds collided when the AI giant Anthropic was featured on “60 Minutes.” My husband tried to scroll past it, but I snatched the controller away, unable to resist a headline calling out the first widely acknowledged case of an “agentic AI cyberattack.” The framing itself was irresistible, a milestone moment in the rapid acceleration of AI.
Read Post

Tame the Vault Sprawl: Bring All Your Secrets Under Control in 60 Seconds

Jan 6, 2026 By CyberArk In CyberArk
This 60-second video highlights the growing challenge of secret sprawl—developer-created vaults, duplicate credentials, and inconsistent security policies scattered across cloud environments. It shows how this fragmentation increases risk, complicates compliance, and opens the door to breaches. The video introduces CyberArk Secrets Hub as the solution: a centralized, policy-driven platform that unifies visibility, enforces standards, automates rotation, and preserves existing cloud-native and HashiCorp workflows. The result? Simplified oversight, stronger security, and audit-ready operations.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.