Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Featured Post
Machines, the Silent Threat Lurking Inside the Enterprise

Machines, the Silent Threat Lurking Inside the Enterprise

Sep 9, 2025 By Brian Ramsey, VP Americas - Sales In Xalient
The digital enterprise is no longer primarily made up of individuals' identities. According to Gartner, over 60% of all identities in a typical organization are non-human. These Non-Human Identities (NHIs) are digital identities assigned to software, services, applications, containers, or devices that require access to systems and data. Unlike human identities, NHIs operate autonomously, at scale, and often with high privilege. This makes them essential for modern automation and uniquely vulnerable to misuse.
Read Post
cyberark

Why secret sprawl may be your biggest security threat (and how to help fix it)

Sep 9, 2025 By Matt Barker In CyberArk
Picture this: You’re having your morning coffee when your phone buzzes with the kind of alert that makes security professionals break into a cold sweat. A single API key, leaked on GitHub months ago, has just given attackers a VIP pass to your entire infrastructure. Sound familiar? It should. The 2024 U.S. Treasury breach started exactly this way. One compromised machine identity opened the floodgates.
Read Post
miniorange

Flexible Login Options for Shopify B2B - SSO, Social Login & More

Sep 9, 2025 By Saloni Walimbe In miniOrange
Struggling with login restrictions on Shopify B2B stores? Learn how to enable custom authentication for Shopify B2B customers and support multiple login methods (Email-Password, Phone-OTP Login, Social Login, Single Sign-On, etc.) for Shopify Customer Accounts with miniOrange solutions.
Read Post
Featured Post
Manufacturing's Hidden Cyber Threat: The Growing Danger of Unsecured Machine Identities

Manufacturing's Hidden Cyber Threat: The Growing Danger of Unsecured Machine Identities

Sep 7, 2025 By Dave McGrail, Head of Business Consultancy, Xalient and Jon Neal, EMEA Field CTO, Saviynt In Xalient
The wave of smart manufacturing is sweeping across the industry, bringing with it a seismic shift that is characterized by hyper-connectivity, relentless automation and unprecedented data-driven precision. However, manufacturing plants and factories are not just filled with machines; they're teeming with thousands of non-human identities (NHIs) from robotic arms and programmable logic controllers (PLCs) to IoT and IIoT sensors seamlessly integrated through the production lines. While they drive operational efficiency, they also represent a rapidly expanding and often invisible attack service.
Read Post
cyberark

Defeating Microsoft EPM in the Race to Admin: a Tale of a LPE vulnerability

Sep 4, 2025 By Rotem Salinas In CyberArk
Not too long ago I read an interesting blogpost by SpecterOps about Microsoft EPM that got my attention as I was not aware of this Microsoft product/feature. It was interesting to learn that Microsoft expanded into the realm of Endpoint Privilege Management and since this means that there must be some service/driver running with high privileges that elevates low-privileged processes, I thought there could be potential vulnerabilities and bugs.
Read Post
cyberark

Cheaters never win: large-scale campaign targets gamers who cheat with StealC and cryptojacking

Sep 4, 2025 By Ari Novick In CyberArk
A sprawling cyber campaign is turning gamers’ hunger to gain an edge into a massive payday for threat actors who are leveraging over 250 malware samples to steal credentials and cryptocurrencies. The operation has already netted wallets containing more than US$135,000. In this blog post, we will delve into a specific infection instance, explore its mechanisms. and share indicators of compromise (IoCs).
Read Post
Xalient appoints Andrew Critchley to accelerate Identity Strategy and Global Identity Managed Services

Xalient appoints Andrew Critchley to accelerate Identity Strategy and Global Identity Managed Services

Sep 3, 2025 By Xalient In Xalient
Xalient announces the appointment of Andrew Critchley as Head of UK Identity Practice and Global Identity Managed Services. Andrew is a recognized IAM Subject Matter Expert with a strong track record in developing and scaling identity services across global enterprises.
Read Post
cyberark

Salesloft Drift incident overview and CyberArk's response

Sep 3, 2025 By Dor Liniado In CyberArk
It was recently reported that Salesloft’s Drift application was breached, allowing unauthorized access to its customers’ Salesforce data and affecting hundreds of organizations, including CyberArk. Upon learning of this incident, we quickly deployed threat containment measures, including terminating our Salesforce–Drift connection; disabling the Drift application and revoking all related user credentials; and rotating all Salesforce integration credentials.
Read Post
cyberark

Securing cloud console and CLI access for agile software development

Sep 2, 2025 By Sunit Randhawa and Prashant Tyagi In CyberArk
Fast-moving cloud environments demand speed, but without the right access controls they invite risk. Resources such as virtual machines, containers, and services are created, modified, and terminated at a rapid pace. At the same time, workloads are becoming increasingly distributed, with data and applications spanning multiple regions, accounts, and even across different cloud service providers (CSPs).
Read Post
miniorange

SMS, Email, TOTP or Push? How to Choose the Right 2FA Method for Your Atlassian Users

Sep 2, 2025 By Akshay Kedari In miniOrange
Choosing the right multi-factor authentication (MFA) method can be a tricky decision for Atlassian admins. With options like SMS, Email, TOTP, and Push notifications, each comes with its own benefits and trade-offs. Let’s understand the strengths and weaknesses of different MFA methods.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.