Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cyberark

Identity security: The essential foundation for every CISO's 2026 cybersecurity strategy

Dec 16, 2025 By Omer Grossman In CyberArk
When I first joined CyberArk, it wasn’t just about the company or the technology, but a belief. A belief that identity security is the foundation of cybersecurity. Identity security is the unifying thread that ties together risk management, resilience, and trust in an era where identity—human, AI, and machine—has become the true perimeter of the enterprise. Every day, I see how this conviction plays out across industries and organizations.
Read Post
mend

NPM User Flooding Registry with Fake Font Packages

Dec 16, 2025 By Tom Abai In Mend
During routine monitoring of NPM registry activity, we identified a suspicious pattern involving user sdjkals who has published 10 packages containing what appear to be WOFF2 font files. Initial analysis reveals these are not legitimate font assets. The packages are scoped under @sdjkals/* with version numbers reaching 1.0.1594 and 1.0.1912, indicating extremely rapid republishing cycles, new versions are being pushed every few minutes.
Read Post
safeaeon

How the Social Engineering Toolkit Helps Red Teams

Dec 16, 2025 By SafeAeon Inc. In SafeAeon
The Social Engineering Toolkit, or SET, is a tool that security teams use to copy the tricks that attackers use. It helps them see how well a company reacts when a message or link does not look legitimate. It can also test how people respond when they land on a copied website. Most guides cover only basic SET features. This blog explains how experts use SET in real tests and how defenders notice SET activity before harm occurs.
Read Post

FAIK Everything: The Deepfake Training Playbook

Dec 16, 2025 By KnowBe4 | Human Risk Management In KnowBe4
Learn how to understand, combat, and even create synthetic media in this essential deepfake training session with Perry Carpenter, KnowBe4's Chief Human Risk Management Strategist. Deepfakes and synthetic media are no longer futuristic threats—they are here now, and organizations are already experiencing deepfake-related attacks. A May 2024 study showed that 25.9% of organizations have experienced deepfake-related attacks, with other indicators suggesting the number may be closer to 90%. It is high time to prepare people to deal with this evolving threat.
View Video
teleport

Secure AI Agent Infrastructure with Zero-Code MCP

Dec 16, 2025 By Boris Kurktchiev In Teleport
Learn how to secure AI and MCP infrastructure without writing authorization code, rewriting MCP servers, or limiting agent work with Teleport’s zero-code MCP integration. AI agents are becoming powerful participants in engineering workflows. But without meaningful authorization boundaries, they can quickly become an existential security risk. AI agents do not behave like traditional applications. Instead, they generate actions and chain together tools in unpredictable ways.
Read Post
Arctic Wolf

How To Reduce Risk This Holiday Season

Dec 16, 2025 By Adam Marrè In Arctic Wolf
The holiday season is traditionally a period of goodwill, gift giving, and time with loved ones, but if you are responsible for your enterprise’s cyber defenses it’s also a time when you should have a heightened awareness of cyber risk. Cybercriminals often treat this time of year as a prime opportunity to exploit the unprepared and unwary.
Read Post
Arctic Wolf

New Attack Technique "ConsentFix" Hijacks OAuth Consent Grants

Dec 16, 2025 By Andres Ramos In Arctic Wolf
On December 11, 2025, Push Security published research detailing a newly observed browser-based phishing technique called ConsentFix. The name ConsentFix is derived from its similarity to the previously documented ClickFix technique using fake CAPTCHA pages. ConsentFix, enables threat actors to gain cloud account access without capturing passwords, multifactor authentication (MFA) codes, or other credentials by abusing legitimate OAuth authentication and consent flows.
Read Post
knowbe4

Phishing Campaign Targets Executives With Phony Awards

Dec 16, 2025 By KnowBe4 Team In KnowBe4
A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their credentials, then use the ClickFix social engineering technique to trick them into installing malware. “The campaign uses a high-value executive recognition lure, ‘Cartier Recognition Program,’ to target executives,” the researchers write.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.