Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

vanta

ISO 27001 and NIS 2: Key differences explained

Apr 10, 2025 By Vanta In Vanta
ISO 27001 is a globally recognized standard for building robust information security management systems (ISMS). The standard is closely aligned with NIS 2—a mandatory EU directive designed to fortify the cybersecurity posture of critical infrastructure among Member States. ‍ These two frameworks form a unique symbiotic relationship due to the potential overlap in the requirements and controls.
Read Post
Trustwave

Tycoon2FA New Evasion Technique for 2025

Apr 10, 2025 By Phil Hay, Rodel Mendrez In Trustwave
The Tycoon 2FA phishing kit has adopted several new evasion techniques aimed at slipping past endpoints and detection systems. These include using a custom CAPTCHA rendered via HTML5 canvas, invisible Unicode characters in obfuscated JavaScript, and anti-debugging scripts to thwart inspection. This blog takes a closer look at these methods to better understand how this kit is evolving and what defenders should be aware of.
Read Post
aikido

The malware dating guide: Understanding the types of malware on NPM

Apr 10, 2025 By Madeline Lawrence In Aikido
The Node ecosystem is built on a foundation of trust — trust that the packages you npm install are doing what they say they do. But that trust is often misplaced. Over the past year, we’ve seen a disturbing trend: a rising number of malicious packages published to npm, often hiding in plain sight. Some are crude proof-of-concepts (PoCs) by researchers, others are carefully crafted backdoors.
Read Post

Keeper 101 - Secure File Storage and Sharing

Apr 10, 2025 By Keeper Security In Keeper
One of the core use cases of the Keeper platform is the capability to encrypt and protect confidential documents, photos and videos with end-to-end encryption. Files that are stored in the Keeper Vault are encrypted with zero knowledge AES 256 encryption, which means only the user has the ability to access their stored files. These files can also be shared with others, which are end-to-end encrypted from vault to vault using Elliptic Curve cryptography.
View Video

A Buyer's Journey for API Security

Apr 10, 2025 By Wallarm In Wallarm
Join us for a webinar that explores the challenges of securing APIs, which are increasingly critical to modern organizations. We will discuss the key issues facing API driven companies today, including hidden APIs and sophisticated attacks that can disrupt operations. We'll examine real-world examples of API vulnerabilities and the solutions to address them. We'll cover the essential criteria for selecting an API security product that fits your organization's needs.
View Video

Why WAFs and API Gateways Can't Stop API Attacks #APIsecurity #Cybersecurity #APIGateway

Apr 10, 2025 By Wallarm In Wallarm
You may have a WAF or an API Gateway in place — but your APIs are still vulnerable. Traditional tools weren’t built to detect or block API-specific threats in real time. Wallarm explains why modern API protection requires more than legacy security tools.
View Video
knowbe4

Shadow AI: A New Insider Risk for Cybersecurity Teams to Tackle Now

Apr 10, 2025 By James McQuiggan In KnowBe4
Disclaimer: Don't get me wrong, I love using generative AI daily for research and writing. This is about how other users could be using it when they don't know what they don't know and are accidental in their actions to hurt the organization where they work. Shadow IT has always lived in the background of organizations' environments with unapproved apps, rogue cloud services, and forgotten BYOD systems. Like all technology, the Shadow IT ecology is evolving.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.