Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

salt security

Why Your WAF Missed It: The Danger of Double-Encoding and Evasion Techniques in Healthcare Security

Feb 2, 2026 By Eric Schwake In Salt Security
If you ask most organizations how they protect their APIs, they point to their WAF (Web Application Firewall). They have the OWASP Top 10 rules enabled. The dashboard is green. They feel safe. But attackers know exactly how your WAF works, and, more importantly, how to trick it. We recently worked with a major enterprise customer, a global leader in healthcare technology, who experienced this firsthand.
Read Post
ionix

Deep Active Browser-Based Crawling: A Must-Have in Determining External Exposure

Feb 2, 2026 By Marc Gaffan In IONIX
The modern internet-facing attack surface is dynamic, JavaScript-driven, and deeply interconnected with third-party services and identity providers. Accurately securing this environment requires more than passive discovery or lightweight crawling—it requires deep, active crawling that fully simulates real-world browser behavior.
Read Post
certkit

Your servers shouldn't need to know ACME

Feb 2, 2026 By Todd H. Gardner In CertKit
CertBot assumes every server that needs a certificate should also know how to request one, validate domain ownership, handle renewals, and manage failures. This makes sense with a handful of servers. One server, one cert, done. But infrastructures grow. Now you’ve got web farms sharing wildcards, load balancers, mail servers, VPN appliances. The “every server for itself” model doesn’t scale and isn’t sustainable. Even the Let’s Encrypt community knows it.
Read Post
CrowdStrike

Secure AI with CrowdStrike: Real-World Stories of Protecting AI Workloads and Data

Feb 2, 2026 By Scott Wotring In CrowdStrike
AI is reshaping business at machine speed. From automating claims to improving customer engagement, organizations are embedding AI into core workflows faster than most security teams can track. As AI systems expand, they introduce a new class of security considerations. AI no longer lives in a single layer of the stack. It runs on cloud infrastructure, processes sensitive data, and operates through a growing network of human and non-human identities.
Read Post
What Can the Cybersecurity Industry Learn from Financial Market Signals

What Can the Cybersecurity Industry Learn from Financial Market Signals

Feb 2, 2026 By SecuritySenses In SecuritySenses
You know that feeling when your bank flags a fraudulent transaction before you even notice it? That's decades of sophisticated threat detection at work. Meanwhile, most companies don't discover data breaches until months after attackers have already stolen everything valuable. Financial markets and cybersecurity face identical challenges. Both fight invisible threats that evolve daily. Both need split-second responses to prevent catastrophic losses. Both get destroyed when they miss emerging attacks.
Read Post
Commuserv IT Services Powering Hybrid Infrastructure and Digital transformation

Commuserv IT Services Powering Hybrid Infrastructure and Digital transformation

Feb 2, 2026 By SecuritySenses In SecuritySenses
In today's fast-paced digital world, leveraging technology is crucial for success. For over two decades, Commuserv has been a trusted partner for businesses across Australia, helping them navigate the complexities of modern technology. We provide expert IT services designed to fuel your growth and push the boundaries of what's possible. Our authentic, transparent approach builds strong relationships, ensuring your IT infrastructure becomes a powerful asset that propels your organisation forward. We are committed to helping you thrive.
Read Post
When Software Starts Making Decisions Without You

When Software Starts Making Decisions Without You

Feb 2, 2026 By SecuritySenses In SecuritySenses
Picture waking up to find that software has already handled your most tedious work tasks while you slept. It responded to routine emails, scheduled meetings based on everyone's availability, compiled the weekly report, and flagged three issues that need your personal attention. This isn't a fantasy from a tech enthusiast's wishlist. Autonomous AI agents are already performing these functions for thousands of businesses, making decisions and taking actions with minimal human oversight.
Read Post
Best ngrok Alternatives for Securely Exposing Localhost to the Internet

Best ngrok Alternatives for Securely Exposing Localhost to the Internet

Feb 2, 2026 By SecuritySenses In SecuritySenses
Exposing your localhost to the internet is convenient for webhook testing, client demos, and remote debugging. But every tunnel you create is a potential entry point into your development environment. This guide examines three localhost tunneling options through a security lens: LocalXpose, Serveo, and LocalTunnel. We'll cover what risks you're actually taking when you expose localhost and how to minimize them.
Read Post
signmycode

460 Day Code Signing Certificate Validity: A New Era of Trust and Automation

Feb 1, 2026 By SignMyCode In SignMyCode
Code signing certificates changed from being stored in the form of plain files to being stored on hardware solutions such as USB tokens and HSMs. The shift was initiated by some industry giants and the CA/Browser Forum (CA/B Forum), which eventually led to stronger protection for private keys. This was done by ensuring that the certificates do not get easily extracted or misused. Three years after this event happened, there is going to be another major change.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.