Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

armo

Best threat detection & response solutions for cloud-native applications in 2026

Jan 4, 2026 By Jonathan Kaftzan In ARMO
What is the best Threat Detection & Response for cloud-native applications? Traditional EDR isn’t enough for Kubernetes enviorments. Security teams need CADR (Cloud Application Detection and Response), which unifies application, container, Kubernetes, and cloud detection into a single platform that builds complete attack stories instead of siloed alerts. Why doesn’t traditional EDR work for Cloud-Native Applications?
Read Post

Episode 5 - Detecting DNS Covert Channels in the Wild (Part 1)

Jan 1, 2026 By Corelight In Corelight
In Episode 5 of Corelight Defenders, I, Richard Bejtlich, engage with Corelight's co-founder and chief scientist, Vern Paxson, to delve into the intricate world of DNS covert channels. We explore how adversaries exploit DNS lookups to silently communicate within tightly controlled enterprise environments. Vern explains various methods attackers may use, from encoding data in seemingly benign domain names to manipulating the timing of requests. Our discussion highlights the challenges of detecting these covert channels, especially in the presence of network monitoring.
View Video
graylog

6 Steps for Using a SIEM to Detect Threats

Dec 31, 2025 By Jeff Darrington In Graylog
Most people know the old fairy tale of the boy who cried wolf. Every day, the little shepherd would scream from the top of his hill, “A wolf is chasing the sheep!” While villagers initially responded to the alarm, they soon realized that the boy was lying to them. In the end, when a wolf truly did chase the sheep, no one heeded the boy’s cry.
Read Post
Corelight

Inside the mind of a cybersecurity threat hunter part 3: hunting for adversaries moving inside your network

Dec 22, 2025 By Allen Marin In Corelight
Welcome back to our threat hunting series with Corelight and CrowdStrike. In our previous posts, we armed you with techniques to spot adversaries during Initial Access and how they establish Persistence to maintain their foothold. Now, we're diving into the shadowy dance of Defense Evasion and Lateral Movement.
Read Post
Corelight

Detecting CVE-2025-20393 exploitation: catching UAT-9686 on Cisco appliances

Dec 19, 2025 By David Burkett In Corelight
CVE-2025-20393 is a CVSS 10.0 Remote Code Execution (RCE) flaw in Cisco Secure Email Gateways currently being actively exploited by China-nexus groups. A recent advisory from Cisco Talos details how an actor dubbed “UAT-9686” is leveraging this vulnerability to target Cisco Secure Email Gateways (ESA) and Secure Email and Web Managers (SMA). The attack allows threat actors to execute arbitrary commands with root privileges and deploy persistence mechanisms.
Read Post

Episode 4 - Staying Curious: Lessons from 25 Years in Cybersecurity

Dec 18, 2025 By Corelight In Corelight
In Episode 4 of Corelight Defenders, I sit down with Angela Loomis, Corelight's Director of Technical Account Management, to explore her remarkable 25-year journey in cybersecurity. Angela shares her unconventional entry into the field, starting from a background in television production to becoming a leader in security strategy. We delve into the importance of curiosity in cybersecurity, discussing how diverse experiences enrich the profession, and whether formal education might dampen that curiosity.
View Video

How to detect React2Shell attacks using network-based threat hunting

Dec 16, 2025 By Corelight In Corelight
How do you find React2Shell vulnerabilities or detect React2Shell attacks in real environments? In this video, Corelight cloud security researcher David Burkett walks through how to threat hunt React2Shell by focusing on post-exploitation behavior at the network level. Instead of relying on exploit signatures, the approach uses application baselining and network traffic analysis to identify abnormal behavior.
View Video
Corelight

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Dec 6, 2025 By David Burkett In Corelight
Critical vulnerabilities in React Server Components (CVE-2025-55182) and Next.js (CVE-2025-66478) enable unauthenticated remote code execution in default configurations. The flaw resides in the "Flight" protocol used for server-side rendering, making it a sought after target for adversaries looking to bypass standard controls. While the public discourse is currently cluttered with unreliable exploits, we need to ground our defense in verifiable network evidence.
Read Post

Keeper 101: KeeperAI Threat Detection for Privileged Sessions

Dec 5, 2025 By Keeper Security In Keeper
In today's threat landscape, a single compromised privileged session can mean the difference between routine administration and a catastrophic breach. Organizations currently have no automated way to monitor user session recordings for security threats. Teams are forced to manually sift through enormous volumes of session data – including keystrokes, commands, and screenshots, which is slow, inefficient and error-prone.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.