Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

fidelis security

Top Trends in Deception Technology: Predictions for 2026

Dec 9, 2025 By Fidelis Security In Fidelis Security
Attackers thrive on ambiguity. They blend into normal traffic, pivot between cloud and on-prem systems, and use valid credentials to move quietly. Your conventional controls—while essential—often fire only after risky actions are taken on real assets. Cyber deception flips that sequence: it places deception decoys, breadcrumbs, and fake assets in the attacker’s path so that any touch is a high-fidelity signal.
Read Post
foresiet

The Resurgence of Mirai: Jackskid Botnet and Escalating IoT Threats in November 2025

Dec 9, 2025 By Foresiet In Foresiet
The Mirai botnet, first unleashed in 2016, continues to evolve into increasingly sophisticated variants, posing severe risks to the Internet of Things(IoT) ecosystem. This report examines the Jackskid Botnet—a newly identified Mirai derivative—characterized by its aggressive propagation via zero-day exploits and brute-force attacks, resulting in daily active bot IPs surpassing 40,000 as of late November 2025.
Read Post
cyberark

How AI agent privileges are redefining cyber insurance expectations

Dec 9, 2025 By Yuval Moss In CyberArk
When ransomware drove record losses, insurers began scrutinizing basic controls like multi-factor authentication (MFA), backups, and endpoint detection. Now, AI-driven automation is introducing a new category of risk—AI agents—and insurers are responding with heightened attention to privilege management. AI agents are non-human identities that can approve payments, access sensitive data, and execute commands using powerful API keys.
Read Post
cato networks

Cato CTRL Threat Brief: "React2Shell" Vulnerability Targeting React Server Components

Dec 9, 2025 By Dr. Guy Waizel In Cato Networks
On Wednesday, December 3, a critical remote code execution (RCE) vulnerability in React Server Components (RSC), dubbed React2Shell (CVE-2025-55182), was disclosed. The CVE was discovered by security researcher Lachlan Davidson. It quickly gained traction with multiple third-party proof of concepts (PoCs) being published of varying quality and credibility.
Read Post

Ep 9 - Inside Volt Typhoon: Defending Against Chinese State-Sponsored Cyber Threats

Dec 9, 2025 By SafeBreach In SafeBreach
In this podcast, we uncover the tactics behind Volt Typhoon, a Chinese state-sponsored operation targeting critical national infrastructure. Learn how this group is moving from espionage to disruption, using stealthy, “living off the land” techniques and exploiting legitimate system tools to hide in plain sight.
View Video

The Real Remediation Bottleneck

Dec 9, 2025 By Seal Security In Seal Security
Most teams think vulnerability scanning equals progress. But scanning without effective remediation is just expensive noise. Two things block real fixes: Meanwhile, our own research shows as much as 30% of vulnerabilities in transitive dependencies remain unresolved, simply because upgrades break production. That means most organizations aren’t “secure”. They’re sitting on unfixed issues their scanners excluded.
View Video

What are you doing to stay safe from supply chain attacks?

Dec 9, 2025 By Seal Security In Seal Security
Automatic updates were supposed to make us safer. Instead, they’ve become one of the easiest entry points for supply-chain attacks. When a public repository is compromised, an attacker uploads a malicious version and waits, for 30 minutes to a few hours, before the community detects and removes it. During that window, automated tools like Dependabot can pull that version straight into production. That small window of time is enough to compromise thousands of systems.
View Video

Close the "Unfixable" Vulnerability Gap

Dec 9, 2025 By Seal Security In Seal Security
30% of open source vulnerabilities are marked “unfixable”. Not because they can’t be fixed but because traditional tools stop there. Your customers don’t care. They just see unresolved CVEs. And they won’t sign off on software that fails a scan. That’s where the real business risk lies. In mid-size software companies, “unfixable” means delayed deals, failed audits, and lost revenue. Seal Security was built to close that 30% gap.
View Video
miniorange

Privileged Entitlements Management (PEM): A Complete Guide

Dec 9, 2025 By Minal Purwar In miniOrange
Privileged Entitlements Management (PEM) is a specialized cybersecurity practice that focuses on securely managing high-risk entitlements, also known as permissions, access rights, or privileges, which grant access to sensitive data, critical resources, and essential services across an organization's IT infrastructure.
Read Post
WatchGuard

WatchGuard MITRE ER7 Insights: Full Visibility, Prevention & Zero Friction

Dec 9, 2025 By Iratxe Vazquez In WatchGuard
Every year, security teams and MSPs look to the MITRE ATT&CK Evaluations for one thing: clarity. Not marketing, but a transparent view of how endpoint products behave under real adversary tactics. MITRE ATT&CK Evaluations Enterprise Round 7 (MITRE ER7) is no exception. In the Windows “Hermes” scenario, modeled after Mustang Panda activity, the data shows how WatchGuard delivers strong, reliable protection with lower operational burden for security teams and MSPs.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.