Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

Detecting Identity Attacks at Scale with Herd Immunity

May 14, 2026 By Trevor Daher and Joshua Riccio In Arctic Wolf
Modern identity‑based attacks often rely on shared infrastructure and reusable attack frameworks, rather than bespoke tooling built for a single target. Phishing kits and phishing‑as‑a‑service (PhaaS) platforms are the clearest example of this model — and today they are the most prevalent sources of account compromise across organizations of all sizes. Device code phishing illustrates how quickly this model evolves.
Read Post
mend

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread

May 14, 2026 By Maciej Mensfeld In Mend
On May 11, 2026, Mend Defender flagged more than 120 malicious packages newly published to RubyGems — the standard package manager for the Ruby ecosystem. Within 24 hours, that initial cluster expanded into something far larger: tens of thousands of packages pushed by thousands of attacker-controlled accounts, forcing RubyGems to suspend new account registration entirely while the cleanup got underway.
Read Post
indusface

DDoS Protection for SaaS: Keeping Multi-Tenant Platforms Online

May 14, 2026 By Vinugayathri Chinnasamy In Indusface
SaaS companies face a 20% yearly likelihood of a significant DDoS attack, according to the Indusface State of Application Security H1 2025, underlining the risks to uninterrupted operations. Even brief downtime can have severe consequences. On average, a DDoS attack costs businesses$6,130 per minute in downtime losses. For SaaS platforms, one attack hits every tenant at once, multiplying the SLA breaches, churn risk, and reputational damage across the entire customer base simultaneously.
Read Post
indusface

13 Best DDoS Protection Software in the Market 2026

May 13, 2026 By Vivek Gopalan In Indusface
A DDoS attack costs businesses an average of $6,130 per minute. Beyond service disruption, these attacks often create operational pressure that exposes login systems, APIs, and payment workflows to additional threats such as credential stuffing and account takeover attempts while security teams work to restore availability.
Read Post

Session on How much of Mythos based attacks can you prevent using modern IDAM techniques?

May 13, 2026 By miniOrange In miniOrange
In this session at ETCISO IDAM Summit 2026, our Founder & CEO Mr. Anirban Mukherji discussed Identity Access Management (IAM), data protection challenges, and AI governance for modern organizations. He covers SSO, MFA, legacy system hurdles, DBT data flows, Shadow AI risks, and practical steps like patch automation, least privilege access, and AI agent controls. Drawing from the Abhimanyu Chakravyuh metaphor, he explains how strong IAM contains breaches. Learn about vendor sovereignty, geopolitical risks, and miniOrange's expertise in IAM, AI security, and privacy.
View Video
indusface

DDoS Protection for SMBs: Always-On Defense Without the Overhead

May 13, 2026 By Vinugayathri Chinnasamy In Indusface
SMBs absorbed approximately 894 million attacks in 2025, a 71% year-over-year increase — and DDoS drove 85% of that volume, nearly three times the enterprise rate. API DDoS on SMB platforms surged 1,122% in a single year, according to the Indusface State of Application Security 2026 report. With most SMB security operations run by teams of fewer than five people managing both infrastructure and security simultaneously, cybercriminals increasingly view smaller businesses as soft targets.
Read Post
indusface

DDoS Protection for Education: How Schools, Universities, and EdTech Stay Resilient

May 13, 2026 By Vinugayathri Chinnasamy In Indusface
Globally, schools and universities now face over 4,300 cyberattacks per week on average, marking a 40% year-over-year increase and making the education sector a prime target for disruptive DDoS attacks. Most educational institutions operate with lean IT teams responsible for infrastructure, user support, and security. This resource constraint makes it difficult to withstand prolonged or application-layer DDoS attacks that can quickly disrupt learning platforms and administrative systems.
Read Post
veracode

Mini Shai-Hulud: The Worm Turning CI/CD Into an Attack Surface

May 13, 2026 By Veracode Threat Research In Veracode
May 19, 2026 What the 2026 Verizon DBIR Reveals About the State of Application Security Read More Natalie Tischler May 14, 2026 How to Manage Risks Within Your Applications Read More Natalie Tischler May 12, 2026 AI Coding Tools Are Creating a Security Gap We Must Close Immediately Read More Natalie Tischler.
Read Post
sedara

Attackers Aren't Hacking In Anymore, They're Logging In

May 12, 2026 By Liz Sujka In Sedara
For years, cybersecurity strategy has been built around a simple idea: keep attackers out. Stronger perimeters. Better firewalls. More advanced endpoint protection. Smarter email filtering. But the latest insights from the Microsoft Digital Defense Report tell a very different story. Attackers aren’t breaking in. They’re logging in.
Read Post
fidelis security

How Fidelis Deception Helps Defend Against AI-Accelerated Intrusions

May 12, 2026 By Fidelis Security In Fidelis Security
AI-powered attackers are faster and more systematic than ever. But they still trust what they see. Deception technology controls what they see. 87% of security leaders say AI-related vulnerabilities grew faster than any other risk in 2025 44% year-over-year rise in exploitation of public-facing applications in 2025 300K+ AI platform credentials exposed via infostealer malware on dark web in 2025.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.