Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

reflectiz

New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization

Jan 21, 2026 By Reflectiz
Reflectiz today announced the release of its 2026 State of Web Exposure Research, revealing a sharp escalation in clientside risk across global websites, driven primarily by thirdparty applications, marketing tools, and unmanaged digital integrations. According to the new analysis of 4,700 leading websites, 64% of thirdparty applications now access sensitive data without legitimate business justification, up from 51% last year - a 25% yearoveryear spike highlighting a widening governance gap.
Read Post
miniorange

11 Best Identity and Access Management (IAM) Tools in 2026

Jan 21, 2026 By Vipika Kotangale In miniOrange
As organizations scale across cloud, hybrid, and remote-first environments, identity has become the most critical security layer. Traditional perimeter-based security models are no longer effective against modern threats such as credential theft, phishing attacks, insider risks, and unauthorized access to SaaS applications. This shift has made Identity and Access Management (IAM) a foundational requirement for enterprises of all sizes.
Read Post
certkit

Certificate permissions with CertKit Applications

Jan 21, 2026 By Todd H. Gardner In CertKit
When you’re managing a handful of certificates, one big list works fine. Add a few dozen more and things get messy. Add multiple teams or projects and you’ve got a problem. Who should have access to the production certificates? What about staging? Does the contractor working on the marketing site really need to see your internal infrastructure? CertKit now supports multiple applications from our roadmap to help you sort this out.
Read Post
miniorange

How to Hide Prices on Shopify

Jan 21, 2026 By Saloni Walimbe In miniOrange
Pricing transparency works well for many direct-to-consumer stores, but for a growing number of Shopify merchants, especially those operating B2B, wholesale, or inclusive business models, displaying prices publicly can create more friction than value. This is where the need to hide prices on Shopify becomes a strategic and operational decision rather than just a cosmetic one. Shopify does not provide a native setting to control price visibility.
Read Post
astra

Guide on Securing Azure Blob Storage: Best Practices and Key Features

Jan 21, 2026 By Jinson Varghese In Astra
Azure Blob Storage is an object storage solution. It stores massive amounts of unstructured data, such as text files, images, videos, etc. It supports large-scale data for applications such as backup, data lakes, and media serving. Specifically, Azure Blob Storage security prevents unauthorized access, data leakage, and potential breaches.
Read Post
Arctic Wolf

Arctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts

Jan 21, 2026 By Arctic Wolf Labs In Arctic Wolf
Starting on January 15, 2026, Arctic Wolf began observing a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. This activity involved the creation of generic accounts intended for persistence, configuration changes granting VPN access to those accounts, as well as exfiltration of firewall configurations.
Read Post
sentrium

Duo Certificate Authority (CA) bundle update: Important changes coming February 2026

Jan 21, 2026 By James Drew In Sentrium
As technology evolves, so do the security foundations that underpin the systems we rely on every day. One such foundational change is coming soon from Cisco Duo, the widely‑used multi‑factor authentication (MFA) platform that many organisations deploy to secure access to critical systems. Although this change isn’t a vulnerability in the traditional sense, it could impact the availability of Duo authentication services for outdated software and integrations.
Read Post
foresiet

The Comprehensive Guide to Brand Protection in 2026

Jan 21, 2026 By foresiet In Foresiet
Let’s be honest: in 2026, the traditional “firewall” is a bit of a relic. Having spent years analyzing how threat actors operate, I can tell you they aren’t banging on your front door anymore. Why would they? It’s much easier to build a pixel-perfect replica of your front door down the street and trick your customers into handing over their keys there.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.