Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

CVE-2026-1281 and CVE-2026-1340: Unauthenticated RCE Zero-Day Vulnerabilities in Ivanti Endpoint Manager Mobile

Jan 30, 2026 By Andres Ramos In Arctic Wolf
On January 29, 2026, Ivanti released fixes for two critical zero-day code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, impact the In-House Application Distribution and Android File Transfer Configuration features and allow unauthenticated remote threat actors to achieve remote code execution.
Read Post
safeaeon

What Is Managed ITDR and How MSPs Use It for Identity Threat Detection

Jan 30, 2026 By SafeAeon Inc. In SafeAeon
There are numerous ways of carrying out cyberattacks. Identity is now one of the most common ways attackers gain access to systems. Instead of malware or exploits, attackers rely on stolen credentials or reused passwords. They abuse permissions to carry out sophisticated attacks that appear normal on the surface. Basic monitoring tools cannot detect these attacks. Identity misuse is becoming more common. Many organizations now work across cloud services and remote access.
Read Post
gitguardian

Agentic AI and NonHuman Identities Demand a Paradigm Shift In Security: Lessons from NHIcon 2026

Jan 30, 2026 By Dwayne McDaniel In GitGuardian
In the race to innovate, software has repeatedly reinvented how we define identity, trust, and access. In the 1990's, the web made every server a perimeter. In the 2010's, the cloud made every identity a workload. Here in 2026, agentic AI makes every action autonomous.
Read Post
levelblue

LevelBlue and Fortra Partner to Deliver Next-Generation Managed Detection and Response

Jan 30, 2026 By LevelBlue In LevelBlue
To counter sophisticated modern threats, LevelBlue is partnering with Fortra to integrate Fortra’s best-in-class solutions with LevelBlue’s elite managed services, delivering a comprehensive security offering. As part of this long-term partnership, LevelBlue will acquire the managed services of Fortra’s Alert Logic Managed Detection and Response (MDR), Extended Detection and Response (XDR), and Web Application Firewall (WAF) solutions.
Read Post
1Password

Security advisory for AI-assisted browsing interactions with the 1Password browser extension

Jan 30, 2026 By Andrew Hall and Drew Sen In 1Password
This advisory describes an ecosystem-level risk that emerges when AI agents are able to autonomously read and act on untrusted content while operating with user-level permissions in a web browser.
Read Post
trilio

Failover Testing: A Complete Guide for IT Teams

Jan 30, 2026 By Kevin Jackson In Trilio
Your disaster recovery plan might look bulletproof on paper, but there’s only one way to know if it works: Test it. Failover testing validates whether your backup systems can actually handle the load when production goes down. Most IT teams find gaps during their first test, like misconfigured settings, outdated documentation, or dependencies that nobody remembered to document.
Read Post
CrowdStrike

How Agentic Tool Chain Attacks Threaten AI Agent Security

Jan 30, 2026 By Vanessa Villa In CrowdStrike
AI agents are rapidly transforming enterprise operations. Unlike traditional software that follows fixed code paths, AI agents interpret prompts, form plans, select tools, and react to results in a continuous loop. At the heart of this capability is the agent's ability to actively select and execute capabilities based on natural language descriptions, schemas, and examples.
Read Post
nightfall

How to Build Custom Data Detectors Without Regex: DLP for Context-Aware Detection

Jan 30, 2026 By Chris Martinez In Nightfall
DLP systems have traditionally relied on regex pattern matching to identify sensitive information. While regex excels at finding patterns, it fundamentally can’t understand context. It’s a massive limitation that forces security teams into endless cycles of tuning expressions and triaging false positives. Nightfall AI built prompt-based entity detection to solve this problem.
Read Post
vanta

The best ISO 27001 compliance software for 2026

Jan 30, 2026 By Vanta In Vanta
For lean teams, ISO 27001 can feel like a lot to take on. You’re expected to set up a formal security program, assess risks, write and maintain a long list of policies, and have audit-ready proof on hand—often without a large security or compliance headcount. ‍ On top of that, manual work and outside consultants can get expensive fast, pulling founders, engineers, and operators away from building the product and growing the business.
Read Post
Why Performance-Based Questions Are the Real Security+ Challenge (and How to Beat Them)

Why Performance-Based Questions Are the Real Security+ Challenge (and How to Beat Them)

Jan 30, 2026 By SecuritySenses In SecuritySenses
If you've passed a multiple-choice certification exam before, you might assume the CompTIA Security+ will be more of the same. You read the question, eliminate two obviously wrong answers, pick the best remaining option, and move on. Then you hit your first performance-based question. Suddenly you're staring at a simulated firewall interface, asked to configure ACL rules for a production web server. There's no A, B, C, or D. Just a blinking cursor and a timer counting down. This is where most Security+ candidates panic, and it's exactly why PBQs exist.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.