Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CrowdStrike

MURKY PANDA: A Trusted-Relationship Threat in the Cloud

Aug 21, 2025 By Counter Adversary Operations In CrowdStrike
Since 2023, CrowdStrike Services and CrowdStrike Counter Adversary Operations have investigated multiple intrusions conducted by MURKY PANDA, a sophisticated adversary leveraging advanced tradecraft to compromise high-profile targets. MURKY PANDA, active since at least 2023, is a cloud-conscious adversary with a broad targeting scope; the adversary’s operations have particularly focused on government, technology, academia, legal, and professional services entities in North America.
Read Post
cloudflare

How a volunteer-run wildfire site in Portugal stayed online during DDoS attacks

Aug 21, 2025 By João Tomé In Cloudflare
On July 31, 2025, just as Portugal entered the peak of another intense wildfire season, João Pina, also known as Tomahock, received an automated alert from Cloudflare. His volunteer-run project, fogos.pt, now a trusted source of real-time wildfire information for millions across Portugal, was under attack. One of the several alerts fogos.pt received related to the DDoS attack.
Read Post
armo

Runtime Security vs. Static Security in the Cloud

Aug 20, 2025 By Afek Berger In ARMO
Cloud security is often divided into two: Runtime Security and Static Security. While both are crucial to protecting cloud environments, they differ significantly in their objectives, methodologies, and effectiveness against different types of threats. Understanding these differences helps organizations build a robust security strategy by leveraging the strengths of both.
Read Post

JumpCloud vs. Kandji: Is Your IT Platform Built for a Diverse World?

Aug 20, 2025 By JumpCloud In JumpCloud
Don’t settle for an Apple-only approach when your IT environment is diverse. This video reveals the critical difference between a single-focus point solution like Kandji and a unified platform that brings together identity, access, and device management. Learn why a holistic solution is essential for true UEM, controlling the entire user lifecycle, and ensuring a single secure identity for every resource in your multi-platform business.
View Video
cyberark

How external attackers and malicious insiders exploit standing privileges in the cloud

Aug 18, 2025 By Brooke Jameson In CyberArk
For many of us, the term “cloud security breach” conjures meticulous attack plans executed by sophisticated criminal syndicates. But in reality, “attacks” can be far more mundane: maybe some forgotten credentials, a few default permissions, or a user whose cleanup to-do list never got done. At the center of these incidents are standing privileges: long-lived access rights originally granted for legitimate tasks.
Read Post

How to Hack a Cloud: Insider Threat

Aug 14, 2025 By CyberArk In CyberArk
In this episode of How to Hack a Cloud: Insider Threat, discover how standing administrative access in AWS can be exploited by a disgruntled employee. Follow Michael Scott’s story as he misuses his S3 admin privileges to silently delete critical data, leaving the company blindsided. Learn how CyberArk Secure Cloud Access enforces Zero Standing Privileges, ensuring time-bound, need-based access to prevent such malicious activity—all while maintaining seamless workflows for legitimate tasks. See how this solution strengthens identity security across multi-cloud environments.
View Video

Secure Cloud Access - CyberArk MCP Server

Aug 14, 2025 By CyberArk In CyberArk
Take control of cloud access for AI-driven workflows without slowing down your team. CyberArk SCA MCP Server is the latest innovation in identity security, purpose-built for the age of agentic AI. Now available in the AWS Marketplace, CyberArk SCA MCP Server empowers developers and AI agents to securely request elevated access directly from their IDE while enforcing Zero Standing Privileges across multi-cloud environments.
View Video
cloudflare

MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations

Aug 14, 2025 By Alex Forster In Cloudflare
On August 13, security researchers at Tel Aviv University disclosed a new HTTP/2 denial-of-service (DoS) vulnerability that they are calling MadeYouReset (CVE-2025-8671). This vulnerability exists in a limited number of unpatched HTTP/2 server implementations that do not sufficiently enforce restrictions on the number of times a client may send malformed frames. If you’re using Cloudflare for HTTP DDoS mitigation, you’re already protected from MadeYouReset.
Read Post

The Unified IT Imperative: Simplifying Complexity and Future-Proofing Your Organization

Aug 14, 2025 By JumpCloud In JumpCloud
In this episode of the Make Work Happen podcast, we explore the strategic imperative of unified IT and how it helps leaders shape the future of their organizations. We draw on key findings from JumpCloud’s latest IT trends report to understand why IT fragmentation is a critical challenge for leaders worldwide. Joining us is JumpCloud customer Ricky Jordan, who provides a real-world case study on how a unified platform can simplify complex IT environments, address security risks, and drive strategic conversations.
View Video

How to Hack a Cloud Access Mismanagement

Aug 14, 2025 By CyberArk In CyberArk
Protect Your Cloud: Prevent Access Mismanagement with CyberArk Secure Cloud Access Discover how to safeguard your cloud environment from access mismanagement in this eye-opening episode of How to Hack a Cloud: Access Mismanagement. The video demonstrates how attackers exploit standing AWS IAM access keys, turning a common oversight into a major security breach.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.