Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

nucleus

Kenna Lit the Spark on the Exposure Management Fire and It's Time for the Next Generation

Dec 15, 2025 By Steve Carter In Nucleus
When Kenna launched more than a decade ago, it reshaped an industry that had grown numb to vulnerability overload. Back then, vulnerability management meant looking at mountains of CSV files, scanner reports, and a never-ending backlog of unprioritized issues. Kenna introduced the idea that risk instead of raw counts should determine what gets fixed first. For many security teams, it was the first time they realized they didn’t have a vulnerability problem.
Read Post

Intel Chat: React2Shell, GeminiJack vulnerability, proRussia hacktivist arrested & Warp Panda [276]

Dec 15, 2025 By LimaCharlie In LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Original CrowdStrike article. CISA BRICKSTORM Backdoor breakdown. Analysis report PDF. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
View Video
Pentest People

Introducing E-Learning

Dec 15, 2025 By Harry Alderton In Pentest People
At Pentest People, we’ve always said that technology alone cannot secure an organisation. Firewalls, patching programmes, penetration testing and vulnerability management are all crucial but the reality is that your people remain both your organisation’s greatest asset and one of its most exposed security controls. In fact, while organisations continue to mature their technical controls, awareness training is often where programmes fall behind.
Read Post
knowbe4

Deepfake Training: A Strategic Advantage Against Emerging Threats

Dec 15, 2025 By KnowBe4 Team In KnowBe4
Deepfake attacks have become more compelling and realistic than ever before. Attackers are impersonating trusted leaders with convincing videos and voice, making it harder for employees to know what is real. Traditional awareness training is a good start, but nothing replaces first-hand exposure to real and synthetic content when it comes to telling deepfake videos from authentic ones. That’s why today we’re introducing KnowBe4’s Deepfake Training Content.
Read Post
knowbe4

[Heads Up] Crafty New Phishing Attacks Abuse Free Cloudflare Pages

Dec 15, 2025 By KnowBe4 Team In KnowBe4
Malwarebytes warns that threat actors are abusing the free Cloudflare Pages service to host phishing portals, helping the phishing sites avoid detection by security scanners. The attackers are building fake login pages impersonating banking, insurance, and healthcare entities. The pages are designed to harvest credentials as well as security questions and multifactor authentication codes.
Read Post
cato networks

Cyberattack on the Sun: Threat Actors Manipulate Solar Panel Systems; Agentic AI Increases the Risk

Dec 15, 2025 By Dr. Guy Waizel In Cato Networks
Millions of homes, businesses, and hospitals depend on solar power, a clean and cost-effective source of renewable energy. Adoption has accelerated worldwide thanks to major government initiatives such as the Inflation Reduction Act (IRA) in the U.S., the Renewable Energy Directive (RED II) in the EU, the Smart Export Guarantee in the UK, and Australia’s Small-scale Renewable Energy Scheme (SRES). As clean energy infrastructure expands, a new vulnerability is emerging.
Read Post
trilio

OpenShift Operators Explained: The Basics You Need to Know

Dec 15, 2025 By Kevin Jackson In Trilio
Managing applications on Red Hat OpenShift gets complicated quickly. Updates break things, scaling requires constant attention, and recovery from failures eats up valuable time. OpenShift Operators eliminate these headaches by automating tasks that normally demand manual work from your team. These Kubernetes-native tools package, deploy, and manage services across your cluster.
Read Post
certkit

How the ACME protocol automates certificate issuance

Dec 15, 2025 By Todd H. Gardner In CertKit
In 2015, only about 40% of websites used HTTPS. Today HTTPS is used over 95% of the time. The ACME protocol made that shift possible. The Automatic Certificate Management Environment (ACME) protocol enables software to automatically prove domain control to a certificate authority without any human involvement. No more generating CSRs by hand. No more copy-pasting into web forms. No more waiting for validation emails. ACME largely solved certificate issuance.
Read Post
CrowdStrike

CrowdStrike Secures Growing AI Attack Surface with Falcon AI Detection and Response

Dec 15, 2025 By John Gamble In CrowdStrike
Artificial intelligence is transforming how organizations operate, innovate, and compete. From employees using GenAI tools to boost productivity to engineering teams building sophisticated AI agents and applications, AI has become central to modern business operations. AI now operates across every part of the enterprise, spanning endpoints, applications, identities, cloud services, data, and SaaS platforms.
Read Post

CrowdStrike Leads the Way in the 2025 MITRE ATT&CK Enterprise Evaluations

Dec 15, 2025 By CrowdStrike In CrowdStrike
The results of the 2025 MITRE ATT&CK Enterprise Evaluations are in and CrowdStrike excelled, achieving 100% detection, 100% protection, and zero false positives. The MITRE ATT&CK evaluation is an independent assessment that tests how cybersecurity products detect and stop real-world adversary behavior. The 2025 round was the most challenging cross-domain evaluation to date, a true platform test. For the first time, MITRE tested defenses across endpoint, identity, and cloud.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.