Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

netwrix

How to Use Microsoft Copilot for Security: Complete eGuide to Generative AI for Cybersecurity

Mar 31, 2025 By Farrah Gamboa In Netwrix
In the constantly evolving world of cybersecurity, defense teams need all the resources they can get to keep up. Fortunately, the massive advances in generative AI present SOC teams with a powerful set of tools to optimize security practices and match even fully automated adversaries using natural language input. Microsoft Security Copilot is among the most advanced examples of these tools.
Read Post
armo

Enhancing Application Security with Container Runtime Security

Mar 31, 2025 By Oshrat Nir In ARMO
Containerization, a form of lightweight virtualization, lets applications inhabit their own self-contained environments. Each container packages everything an application needs to run – code, runtime, libraries – keeping it neatly separated from everything else. This isolation is a big deal because it means a problem in one container won’t bring down the whole environment.
Read Post

Ep 4: Naming and Shaming

Mar 31, 2025 By Rubrik In Rubrik
As Chinese hackers continue their raid of American companies, the threat reaches new levels of urgency, not so much for the sophistication of these hackers, but because of the sheer volume of attacks. And yet, victims continue to keep their breaches under wraps, and the government is hamstrung in what they can say because most everything they know about Chinese cyberespionage is classified.
View Video

Github Actions Supply Chain Attacks

Mar 31, 2025 By WatchGuard Technologies In WatchGuard
This week, we discuss a recent cascading supply chain attack involving multiple Github actions workflows that nearly succeeded in compromising a popular Coinbase application. Before that, we discuss a novel way to download malware onto an endpoint by abusing a web browser's caching feature. Additionally, we cover an FBI alert on file converter malware scams.
View Video
aikido

Launching Aikido Malware - Open Source Threat Feed

Mar 31, 2025 By Charlie Eriksen In Aikido
Our Aikido Intel team has been identifying undisclosed open-source vulnerabilities using LLM-driven analysis and human verification. Now, we’re expanding our supply chain security research to detect and track malware in open-source packages, cheaper, better, & faster than what exists today.
Read Post
aikido

Malware hiding in plain sight: Spying on North Korean Hackers

Mar 31, 2025 By Madeline Lawrence In Aikido
On March 13th 2025, our malware analysis engine alerted us to a potential malicious package that was added to NPM. First indications suggested this would be a clear-cut case, however, when we started peeling back the layers things weren’t quite as they seemed. Here is a story about how sophisticated nation state actors can hide malware within packages.
Read Post
indusface

CVE-2017-12637: Exploitation of SAP NetWeaver Directory Traversal Vulnerability

Mar 31, 2025 By Deepak Kumar Choudhary In Indusface
On March 19, 2025, the CISA issued a warning about the active exploitation of CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver AS Java. This vulnerability, originally patched in 2017, has resurfaced due to incomplete mitigations, leading to increased risks for organizations using outdated or misconfigured SAP environments.
Read Post
tripwire

Federal Desktop Core Configuration (FDCC/USGCB) Compliance

Mar 31, 2025 By Katrina Thompson In Tripwire
Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista. FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under lingering FDCC compliance obligations.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.