Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Data Security including privacy, protection, and encryption.

Your SaaS Integrations are Leaking Sensitive Data - Salesloft /Salesforce incident #aws #apisecurity

Dec 2, 2025 By Wallarm In Wallarm
The Salesloft/Salesforce incident revealed the danger of BLA 5: Artifact Lifetime Exploitation. The flaw is simple: the application fails to expire tokens and sessions properly. Stolen OAuth tokens that should have been short-lived were used to steal AWS keys, Snowflake tokens, and passwords. Key Takeaway: If an artifact is meant to be short-lived (a token, a session, a temporary file), it must be retired immediately upon expiration. Rotate your keys aggressively!
View Video
Remote Work Security Mistakes That Put Your Data at Risk Today

Remote Work Security Mistakes That Put Your Data at Risk Today

Dec 2, 2025 By SecuritySenses In SecuritySenses
The number of employees working at least one day outside the office has grown fivefold since 2019, making remote work security a critical concern for 42% of the workforce. Many organizations remain vulnerable to security threats despite this rapid change. Recent data shows that 57% of IT leaders worry that their remote workers could expose their organizations to data breaches.
Read Post
Cybersecurity in Healthcare: Protecting Patient Data in the Age of AI, IoMT, and Ransomware

Cybersecurity in Healthcare: Protecting Patient Data in the Age of AI, IoMT, and Ransomware

Nov 28, 2025 By SecuritySenses In SecuritySenses
Over the past decade, the global healthcare sector has undergone a sweeping digital transformation. Electronic Health Records (EHRs) moved to the cloud, hospitals adopted remote telemetry systems, pharmacies automated workflows, and AI-powered diagnostics entered day-to-day clinical practice. The result is a faster, more connected, and more data-rich healthcare ecosystem. But this connectivity has a cost.
Read Post
nightfall

Why Reg S-P Compliance Is Becoming a Critical Risk for Financial Firms - and How Nightfall Can Help

Nov 26, 2025 By Chris Martinez In Nightfall
In finance, protecting customer data isn’t just good practice. It’s a regulatory mandate. The SEC’s Regulation S-P (Privacy of Consumer Financial Information) requires financial firms to guard against unauthorized access, maintain robust data-disposal practices, and have a formal incident response program. As the threat landscape has evolved, so has the regulation. This all means one thing: complacency is no longer an option.
Read Post
archTIS

Maximizing Microsoft Sensitivity Labels in Purview, SharePoint and other Microsoft 365 apps

Nov 24, 2025 By Rod Bernabe In archTIS
Data governance and protection are crucial in safeguarding sensitive information. Proper classification and data labeling are essential to ensure that the right people access the right information. Failure to implement these practices can result in data breaches, financial losses, and reputational harm. To help with this, Microsoft offers sensitivity labels that classify and protect data as part of the compliance and security capabilities of Microsoft Purview Information Protection in Microsoft 365.
Read Post
Enhancing Protection with Data Security Posture Management Tools

Enhancing Protection with Data Security Posture Management Tools

Nov 22, 2025 By SecuritySenses In SecuritySenses
In the digital age, businesses face increasing pressures to safeguard their sensitive information. Leveraging effective data security posture management tools is crucial for mitigating risks and enhancing the overall security framework of an organisation.
Read Post
archTIS

CMMC and CUI Compliance Glossary: Key Terms and Phrases

Nov 21, 2025 By Irena Mroz In archTIS
Starting November 10, Phase 1 of the US Department of Defense’s CMMC 2.0 program went into effect, marking the start of a phased three-year rollout. Phase 1 begins with Level 1 and 2 self-assessments and culminates with the full implementation of program requirements in Phase 4. Organizations that fail to demonstrate compliance will not be eligible to bid on U.S. Defense contracts.
Read Post
nightfall

Shadow AI: From Hidden Threat to Organizational Challenge

Nov 21, 2025 By Chris Martinez In Nightfall
This blog post is adapted from a recent episode of The Cloudcast podcast featuring Rohan Sathe, CEO and co-founder of Nightfall AI. Listen to the full conversation here. Your employees are uploading company documents to ChatGPT. Your healthcare teams are transcribing sensitive call recordings and feeding them into LLMs. Your finance department is pasting confidential spreadsheets into publicly accessible AI tools. And unless you have visibility into these workflows, you have no idea it's happening.
Read Post
Why Removing Document Metadata Matters

Why Removing Document Metadata Matters

Nov 20, 2025 By SecuritySenses In SecuritySenses
Most people consider a document only as words, numbers, and images that are presented on their screen. They think that when they export a file to PDF or attach it to an email, what is visible is all that exists. However, digital documents have a lot more information beneath the surface that are not visible to the casual eye but can be easily accessed by anyone who knows how to find them. The hidden layer of a document is called metadata, and it is much more important in data security than a lot of organizations acknowledging.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.