Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

Half of Organizations Lack Protection Against Email Spoofing

Apr 24, 2025 By Stu Sjouwerman In KnowBe4
A new report from Valimail has found that 50% of organizations lack effective protection against email spoofing. Specifically, many organizations have lenient DMARC policies that don’t actually prevent spoofing. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that helps prevent attackers from spoofing organizations that have the protocol in place.
Read Post
knowbe4

How Organizational Culture Shapes Cyber Defenses

Apr 24, 2025 By Javvad Malik In KnowBe4
Recently, I received an email at work from a company with whom I've had previous interactions. The email lacked context and contained an attachment, immediately raising suspicion. I reported it to our infosec team using the Phish Alert Button (PAB). A short while later, our team confirmed it was indeed a malicious email. Subsequently, the sender organization informed us that they had been compromised, and phishing emails had been distributed from their account.
Read Post

DevSec Next AI: AI-First Coding Workshop: Transforming Development Workflows

Apr 24, 2025 By Jit In Jit
This workshop introduces experienced engineers to AI-first coding - a paradigm where AI tools generate most of the code while developers focus on direction and refinement. ​We'll explore how large language models work underneath the hood, revealing practical techniques to maximize their effectiveness in development workflows. ​Participants will learn the powerful "Plan-then-Act" methodology, discover how to leverage context windows effectively, and implement structured memory bank approaches to maintain project continuity.
View Video
cycognito

Black Box Discovery and DAST: CyCognito's Integration with Wiz

Apr 24, 2025 By Jason Pappalexis In CyCognito
Cloud-Native Application Protection Platforms (CNAPPs) combine tools that scan your code, check your open-source libraries, protect your cloud workloads, and monitor your cloud configurations. But CNAPPs aren’t a silver bullet. They lack external active testing and blackbox cloud asset discovery, two capabilities that can leave exploitable vulnerabilities undetected. CNAPPs depend on APIs and deployment hooks to see what’s running.
Read Post
detectify

Redefining AppSec Testing with Intelligent Scan Recommendations and Asset Classification

Apr 24, 2025 By Detectify In Detectify
As 9 out of 10 valuable web apps are missing testing, we’re launching new capabilities to help teams know what else, beyond core applications, is likely to require in-depth testing. The new features automatically classify discovered web assets based on attacker reconnaissance techniques and deliver recommendations on where to run DAST, bridging the gap between broad and deep testing across the entire attack surface.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.