Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Direct vs. Indirect AI Risks: What Security Teams Need to Know #AIsecurity #AppSec #AInative

Nov 6, 2025 By Mend In Mend
AI coding assistants don’t just speed up development — they introduce two kinds of risks you can’t afford to ignore. Direct risks: vulnerabilities added straight into generated code. Indirect risks: exposure through how AI tools shape workflows, dependencies, and external connections. Both can create blind spots — and both demand visibility. Watch to learn how recognizing these layers helps secure your AI-driven workflows.
View Video

SaaS intrusion trends and logging visibility with Julie Agnes Sparks

Nov 6, 2025 By LimaCharlie In LimaCharlie
Join us for this week's Defender Fridays as we explore the critical challenges of SaaS security logging and detection engineering with Julie Agnes Sparks, Security Engineer at Datadog. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
View Video

It's time to rethink shadow AI.

Nov 6, 2025 By UpGuard In UpGuard
It's time to rethink shadow AI. We've been told it's a fringe activity. A risk from rogue employees. Our new research proves that wrong. This is, ironically, no longer a "shadow" problem. It's a universal workflow hiding in plain sight. The question is no longer "how do we stop it?" It's "how do we manage it?" Our new report lands next week with the date you need to start answering that important question.
View Video
foresiet

APT-C-60 Exploits Zero-Day Vulnerabilities: Inside the SpyGlace Loader, COM Hijacking, and C2 Infrastructure

Nov 6, 2025 By Foresiet In Foresiet
The cyber espionage landscape continues to evolve in sophistication and stealth—and among the more notable actors is APT-C-60. In recent months, this adversary has significantly escalated its tactics by leveraging zero-day vulnerabilities and orchestrating multi-stage campaigns to deploy the SpyGlace back-door.
Read Post
knowbe4

Microsoft Help Desk Phishing Attempt

Nov 6, 2025 By Roger Grimes In KnowBe4
I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my! Not only is Microsoft holding five emails headed to me, but my “subscription” is expiring on the same day. The “Unsubscribe” link was just a graphic, no URL. The URL to the main button, “Review All Held Messages results” was linked to the following path (shown below): That is clearly not Microsoft or microsoft.com.
Read Post
knowbe4

LastPass Phishing Campaign Informs Users of Phony Death Notifications

Nov 6, 2025 By KnowBe4 Team In KnowBe4
A phishing campaign is targeting LastPass users with phony notifications informing users that someone has notified the company of the user’s death and is trying to gain access to their account. The emails have the subject line, “Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED).” LastPass describes the following attack flow: Notably, the attackers are also calling recipients of the emails and posing as LastPass representatives, adding another layer of legitimacy to the campaign.
Read Post
bitsight

3 Truths About the Financial Sector's Digital Supply Chain Uncovered by Bitsight TRACE

Nov 6, 2025 By Joe Lyons In BitSight
When it comes to managing cyber risk, the financial sector is squarely at the top of the food chain. It’s simple economics (and the plot of many movies): financial institutions have the money, and cybercriminals are always looking for ways to take it. As a result, institutions have invested heavily in strengthening their internal systems and cybersecurity controls. Those investments have paid off.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.