Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

EP 21 - When attackers log in: Pausing for perspective in the age of instant answers

Dec 16, 2025 By CyberArk In CyberArk
In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk’s Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today’s attackers aren’t breaking in—they’re logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.
View Video

Are LLMs becoming messengers for attackers? #ai #cybersecurity

Dec 16, 2025 By LimaCharlie In LimaCharlie
AI assistants with broad enterprise access are creating a new attack vector. Chris Luft and Matt Bromiley discuss the Gemini Jack vulnerability, where attackers used prompt injection to turn Google's AI assistant into an unwitting accomplice in data exfiltration. The attack embedded hidden instructions in documents or emails. When employees asked Gemini normal questions like "show me our budgets," the AI retrieved the poisoned document and executed the attacker's commands without anyone clicking anything.
View Video

If You Can't Block It, You Don't Secure It. #mitigation #cyberdefense #apisecurity #blocking

Dec 16, 2025 By Wallarm In Wallarm
Detection is information; Blocking is mitigation. For Business Logic Abuse, simple detection alerts are not enough. Your tools must be able to actively block those manipulative, stateful attacks in real-time. Furthermore: Stop "one-and-done" security testing! You must continuously tune your testing by adopting an adversary's perspective. Tune your defense as constantly as attackers tune their exploits.
View Video
egnyte

Building an Intelligent and Autonomous Search Agent at Egnyte

Dec 16, 2025 By Sameer Rastogi In Egnyte
Finding the right information quickly is a necessity for our customers—they rely on Egnyte to manage 100s of petabytes of data, from financial reports and legal contracts to marketing assets and engineering plans. Until now, we provided this capability through a powerful search engine equipped with keyword matching, boolean operators, and UI-based filters. But, as the volume and complexity of data grow, traditional search becomes a frustrating exercise in guesswork.
Read Post

Misconfigurations Are Still Owning Security Teams

Dec 16, 2025 By Reach Security In Reach Security
Garrett Hamilton sat down with Todd Graham, Managing Partner at Microsoft’s venture fund, M12, to talk about why M12 invested in Reach and why our mission was a no-brainer for him. Nation-state attacks make the headlines—but most people are getting owned by misconfigured servers, networks, and controls hiding in plain sight. Turns out the problem isn’t what teams don’t own. It’s what they do own that isn’t, in most cases, even turned on.
View Video

Why "We Thought It Was On" Keeps Leading to Breaches

Dec 16, 2025 By Reach Security In Reach Security
At UC Irvine’s Digital Leadership Agenda 2026, moderated by Nicole Perlroth, Garrett Hamilton illustrates what those blind spots can look like: “We believed it was deployed.”“It was turned on.”“It should have stopped this.” Except one exception, one policy gap, one control not applied at scale — and assumptions replace reality. The real problem isn’t visibility. It’s continuously validating intent against execution.
View Video
foresiet

The New Mandate: CISA CPG 2.0 and the Evolution of Critical Infrastructure Security

Dec 16, 2025 By Foresiet In Foresiet
The digital threats facing critical infrastructure—from energy grids and water treatment plants to hospitals and financial systems—are no longer theoretical. Nation-state actors and organized cybercrime are relentlessly targeting these essential services. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has responded with the updated Cybersecurity Performance Goals (CPG) 2.0, moving the industry beyond simple compliance toward verifiable cybersecurity resilience.
Read Post
Tines

5 reasons patch management stalls and what modern IT teams can do to fix it

Dec 16, 2025 By Megan Elsayed In Tines
Patch management is one of those responsibilities everyone agrees is essential, yet very few teams feel confident about. The organizations I speak with every week are not struggling because they lack urgency or awareness. They are struggling because the environment around patching has changed dramatically.
Read Post
sumologic

Platform enhancements strengthening security across every child org

Dec 16, 2025 By Margaret Selid In Sumo Logic
Multi-org environments introduce complexity that most tools simply weren’t built for. Analysts are often forced to jump between different orgs, duplicate configuration work, and maintain parallel dashboards, alerts, and content–inefficiencies that increase risk, overhead, and time-to-response. Every minute spent managing infrastructure is one you’re not spending serving your clients or responding to threats.
Read Post
sumologic

Questions to ask before vetting an AI agent for your SOC

Dec 16, 2025 By Margaret Selid In Sumo Logic
So you’re ready to “hire” an agent or two for security operations. While AI agents won’t replace your human analysts, they are quickly becoming indispensable team members. Choosing the right ones should resemble a typical hiring process: you need to determine if they possess the necessary skills to fill your team’s gaps, work effectively with others, and grow with your organization. Here are five questions worth asking before you bring an AI agent on board in your SOC.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.