Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

halo security

Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform

May 22, 2025 By Halo Security
Halo Security, a leading provider of attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type 1 compliance following a comprehensive audit by Insight Assurance. This certification validates that Halo Security's security controls and practices are properly designed and implemented to meet the SOC 2 trust principles.
Read Post
ionix

Exploited! Grafana CVE-2025-4123 - Open Redirect & Stored XSS Give Attackers a Springboard Into Your Cloud

May 22, 2025 By Amit Sheps In IONIX
Grafana—the cloud-native observability dashboard almost every DevOps team relies on—rushed out Grafana 12.0.0-security-01 yesterday to squash CVE-2025-4123, a high-severity open-redirect and stored cross-site scripting (XSS) vulnerability. When chained with the popular Grafana Image Renderer plugin the bug escalates to a full-read server-side request forgery (SSRF), exposing cloud-metadata services and internal APIs.
Read Post
outpost 24

EASM top features: 7 capabilities your solution needs

May 21, 2025 By Marcus White In Outpost 24
External attack surfaces have never been more sprawling, or more vulnerable. As organizations increasingly rely on dynamic, cloud-based infrastructures, and third-party services, digital footprints are only going to carry on growing. So, it’s no surprise many are turning towards External Attack Surface Management (EASM) tools for more visibility into both known and unknown assets. But what should you be looking for in a solution?
Read Post
Bitdefender's ATS and MDR: Empowering MSPs to Secure Client IT Infrastructure

Bitdefender's ATS and MDR: Empowering MSPs to Secure Client IT Infrastructure

May 20, 2025 By SecuritySenses In SecuritySenses
Cybersecurity threats are growing in sophistication, targeting businesses of all sizes. For Managed Service Providers (MSPs), securing clients' IT infrastructure is a critical responsibility, yet resource constraints and evolving threats make it a daunting challenge. Bitdefender, a global cybersecurity leader, addresses these pain points with its cutting-edge Attack Surface Reduction (ATS) and Managed Detection and Response (MDR) technologies integrated into the GravityZone platform.
Read Post
cycognito

Faster Fixes: Solving the Security Testing Trade-off

May 19, 2025 By Jason Pappalexis In CyCognito
Pen testers use active testing technologies to probe and analyze systems dynamically, just as an attacker does. Active testing confirms whether a vulnerability is actually exploitable, which security teams use to determine which vulnerabilities to prioritize for remediation. Active security testing delivers confidence, sorely needed in today’s IT security world where noise and false positives have become a major part of an analyst’s day.
Read Post
ionix

Exploited! Ivanti EPMM Authentication Bypass & Remote Code Execution (CVE-2025-4427 & CVE-2025-4428)

May 18, 2025 By Amit Sheps In IONIX
Ivanti’s Endpoint Manager Mobile (EPMM, formerly MobileIron Core) just delivered an unpleasant one-two punch to defenders. Two fresh vulnerabilities—an authentication bypass (CVE-2025-4427) and an API-level remote-code-execution flaw (CVE-2025-4428)—can be chained to grant unauthenticated attackers full command execution on affected servers. Both issues are already being exploited in the wild, making rapid remediation essential. In this article.
Read Post
ionix

PCI DSS 4.0 Compliance Guide: From Confusion to Confidence

May 15, 2025 By Amit Sheps In IONIX
PCI DSS 4.0 introduces critical new payment security requirements that impact every business accepting card payments. With enforcement deadlines, organizations must now implement comprehensive monitoring of payment page code—something IONIX has specialized in for years. In this article.
Read Post
detectify

A practitioner's guide to classifying every asset in your attack surface

May 13, 2025 By Detectify In Detectify
“You can’t secure what you don’t know exists.” It’s a common refrain in cybersecurity (and for good reason!). But the reality is a bit more complex: it’s not enough to just know that something exists. To effectively secure your assets, you need to understand what each of them is. Without proper classification, applying the right security processes or tools becomes a guessing game.
Read Post
cycognito

External Attack Surface Management Promised Visibility - But Did It Deliver?

May 12, 2025 By Graham Rance In CyCognito
External Attack Surface Management (EASM) emerged with a bold promise: to illuminate the dark corners of an organization’s internet-facing infrastructure. It was sold as a panacea for “you don’t know what you don’t know,” offering security leaders the ability to see everything attackers could see. The expectation was straightforward—feed the EASM solution a few IP ranges or domains, and it would map your exposed assets, vulnerabilities, and risks.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.