Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

armo

When Your Friend's House Burns Down Twice: The Trivy Supply Chain Attacks Explained

Mar 23, 2026 By Ben Hirschberg In ARMO
We’ve been going back and forth on whether to publish this post. As the maintainers of Kubescape, a fellow CNCF open-source security project, we feel the weight of what happened to Trivy not as distant observers, but as people who see their successes and failures as our own. The Trivy maintainers are our friends. We share the same CNCF community, attend the same KubeCon-s, and fight the same fights (and share the same flights ).
Read Post
certkit

Certificate distribution is the last mile nobody solved

Mar 23, 2026 By Todd H. Gardner In CertKit
Certbot is good software in the classic Linux tradition: it does one thing simply and expects you to chain it together with everything else. One server, one certificate, done. The trouble is that most environments are not simple. And the moment yours isn’t, you discover that renewing a certificate and getting it deployed are two different problems, and deployment is your problem.
Read Post
mend

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

Mar 21, 2026 By Tom Abai In Mend
On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden malicious code. What they had caught was CanisterWorm, a self-spreading npm worm deployed by the threat actor group TeamPCP. We track this incident as MSC-2026-3271.
Read Post
teleport

The Complicating Factors of Deploying MCP in the Enterprise

Mar 20, 2026 By Boris Kurktchiev In Teleport
Boris Kurktchiev is a Field CTO at Teleport, known for his expertise in Zero-Trust identity solutions for cloud and AI, and for his contributions to the CNCF's Cloud Native AI working group. Doyensec dropped a piece last week called The MCP AuthN/Z Nightmare, and I think anyone deploying MCP in production needs to read it.
Read Post
mend

Moonshot AI governance breakdown: Lessons from the Cursor/Kimi K2.5 incident

Mar 20, 2026 By Tiffany Jennings In Mend
What happens when a $29 billion company forgets to rename a model ID, and what it means for every organization using open-source AI. On March 19, 2025, Cursor, the AI-powered coding tool valued at $29 billion and generating an estimated $2 billion in annual recurring revenue, launched Composer 2, its newest and most powerful coding model.
Read Post

Server Hardening Tools Explained: Tools, Strategies & Best Practices in 2025 | CalCom Webinar

Mar 19, 2026 By CalCom Software In CalCom
Baseline server hardening is evolving rapidly. In this webinar, we break down the latest trends in server hardening and tools for 2025. Key Topics Covered Learn how CalCom Hardening Automation Suite (CHS) simplifies the process and saves IT teams hours of manual work.
View Video
The Digital Homestead: A Guide to Navigating the World of Virtual Private Servers

The Digital Homestead: A Guide to Navigating the World of Virtual Private Servers

Mar 19, 2026 By SecuritySenses In SecuritySenses
Imagine you've finally decided to move out of your crowded family home. You're tired of sharing the kitchen and waiting for the shower, but you aren't quite ready to buy a massive mansion with a ten-car garage. You find the perfect middle ground: a modern, sleek apartment in a high-rise. You have your own front door, your own kitchen, and total privacy, even though you share the building's foundation and plumbing with neighbors. This is exactly what happens when you decide to rent a virtual server.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.