Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CrowdStrike

Data Leakage: AI's Plumbing Problem

Dec 11, 2025 By Jim Hoagland - Vanessa Villa In CrowdStrike
Sensitive information disclosure ranks on the OWASP Top 10 for LLM Applications, and for good reason. When AI-powered applications inadvertently expose private data like personally identifiable information (PII), financial records, health information, API keys, or proprietary business intelligence, the consequences cascade quickly: regulatory violations, competitive disadvantage, and shattered user trust.
Read Post
indusface

CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Dec 11, 2025 By Bhargavi Pallati In Indusface
A newly disclosed vulnerability in Ivanti Endpoint Manager (EPM) tracked as CVE-2025-10573 allows unauthenticated attackers to inject persistent JavaScript into the EPM administrative dashboard. Assigned a CVSS score of 9.6, this vulnerability presents a critical security risk because it enables attackers to hijack administrator sessions and gain full control over managed endpoints.
Read Post
sentrium

Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

Dec 11, 2025 By James Drew In Sentrium
During our research into Microsoft 365 security, we discovered a flaw in Outlook on the web (OWA) that exposed information about users and their mailboxes. By manipulating certain request headers against the “/owa/service.svc” endpoint, an attacker could not only confirm whether a user account existed, but also determine if that account had a mailbox associated with it.
Read Post
splunk

When Your Fraud Detection Tool Doubles as a Wellness Check: The Unexpected Intersection of Security and HR

Dec 11, 2025 By Matthew J Joseff, CFE In Splunk
Let’s face it: humans are creatures of habit, and nothing rattles us quite like the prospect of change. (Just ask anyone who’s dared to swap out the office coffee brand—revolutions have started over less.) According to SHRM's research on change fatigue, today’s relentless pace of disruption is exhausting employees faster than a budget ergonomic chair. But here’s where it gets fascinating—where security, HR, and fraud analysis converge in ways you might not expect.
Read Post
miniorange

Why Choose Active Directory Management Over Manual Scripts

Dec 11, 2025 By Puja More In miniOrange
A mid-sized company once tried to handle all its AD updates with a set of PowerShell scripts. Things worked fine while the user count was small, but trouble showed up once they crossed a thousand accounts. A script missed a group update, a disabled user stayed active for two extra days, and a bulk change took almost an entire afternoon to fix. None of this was a technical failure. It was the natural limit of manual scripting.
Read Post
levelblue

Extortion-as-a-Service: The Latest Threat Actor Criminal Ecosystem

Dec 11, 2025 By Serhii Melnyk In LevelBlue
For centuries, threat actors, both cyber and physical, have understood the benefits of using extortion to further their criminal activities. This has led some cyber threat groups to create Extortion-as-a-Service (EaaS) businesses. These are a formalized way for cybercriminals to offer extortion services to others for a fee or profit share. And, as we shall see, it is just one of many newer -as-a-service models that threat actors are applying.
Read Post
Risk, Reward, and Reality: How to Decide the Right Amount to Invest in Crypto

Risk, Reward, and Reality: How to Decide the Right Amount to Invest in Crypto

Dec 11, 2025 By SecuritySenses In SecuritySenses
Entering the world of crypto can feel exhilarating. Stories of rapid gains and high-profile success can make even cautious investors consider dipping their toes into digital assets. Yet, alongside the potential for reward comes significant risk. Understanding how much to invest in crypto is less about chasing opportunity and more about aligning investments with your financial reality, goals, and tolerance for volatility.
Read Post
The Security Blind Spots Most Operators Miss - According to Igor Finkelshtein

The Security Blind Spots Most Operators Miss - According to Igor Finkelshtein

Dec 11, 2025 By SecuritySenses In SecuritySenses
In the cybersecurity world, it's easy to focus on the latest breach or high-profile vulnerability. But according to multi-industry operator Igor Finkelshtein, most security incidents don't begin with sophisticated attacks - they begin with overlooked operational weaknesses. From transportation to real estate to SaaS platforms, Finkelshtein's experience shows that cybersecurity is ultimately an operational discipline. The vulnerabilities that quietly accumulate inside a business often pose a greater risk than anything happening outside it.
Read Post
apono

Better Together: Apono and 1Password Join Forces to Deliver Secure, Just-in-Time Access to Secrets

Dec 10, 2025 By Ben Avner In Apono
We’re excited to announce Apono integration with 1Password to help organizations control, automate, and audit access to sensitive credentials and secrets bringing stronger security and smoother operations to teams everywhere. This new integration enables customers to enforce Zero Standing Privileges (ZSP) and provision Just-in-Time (JIT) and just-enough access (JEA) to secrets stored in 1Password Enterprise Password Manager through Apono’s automated access flows.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.