Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Security Incident and Event Management.

graylog

Detecting Notepad++ CVE-2025-49144 Using Sysmon Logs

Feb 12, 2026 By Jeff Darrington In Graylog
Text editors rarely show up in threat models. Installers show up even less. CVE-2025-49144 changes that. The issue is a local privilege escalation in the Notepad++ Windows installer that can allow a low-privileged user to gain SYSTEM-level execution by abusing insecure executable search behavior during installation. Affected versions include Notepad++ 8.8.1 and earlier, per the NVD record.
Read Post
safeaeon

Why Endpoint, SIEM, and EDR Fail Against Defense Evasion Without Context

Feb 11, 2026 By SafeAeon Inc. In SafeAeon
Defense evasion is one of the main reasons cyberattacks go undetected for days or weeks. Attackers avoid breaking systems now. They prefer to hide inside them. For that, they use defense evasion techniques that allow them to blend into normal activity and avoid alerts. Tools like EDR and SIEM can detect parts of an attack, but cannot provide the complete picture. This creates detection blind spots. Teams also face alert fatigue, which prevents them from recognizing real threats.
Read Post
exabeam

Exabeam Agent Behavior Analytics: First-of-Its-Kind Behavioral Detections for AI Agents

Feb 10, 2026 By Exabeam In Exabeam
AI agents are moving into real workflows faster than most teams expected. According to PwC’s 2025 AI Agent Survey, 79% of companies are already adopting AI agents, and 88% of executives expect to increase AI-related budgets in the next year. These agents are now handling research, summarization, customer engagement, and operational tasks at a scale humans can’t match.
Read Post
graylog

The Human-AI Alliance in Security Operations

Feb 10, 2026 By The Graylog Product Team In Graylog
Picture a SOC analyst starting an investigation. A suspicious spike in authentication activity appears on their dashboard, and they need to understand what’s happening quickly. To do that, they move through a familiar sequence of tools. What begins as a single investigation quickly turns into a chain of context switches: That’s nine steps to investigate one event. This isn’t accidental. Security tools have evolved to solve isolated problems, but together they have created fragmentation.
Read Post

Ep 29: From detection to post-mortem: The complete incident cycle

Feb 10, 2026 By Sumo Logic, Inc. In Sumo Logic
On this episode of Masters of Data, we break down incident response from detection through containment, forensics, recovery, and postmortem. The foundation? Comprehensive logging. Without it, you're blind. We explore building cross-functional teams and a blame-free culture where people actually report issues. Communication is key: what you tell engineering isn't what you tell executives or customers. AI is accelerating investigations, but the fundamentals still rule: proper tool access, the right people on call, and translating technical chaos into business-speak. The takeaway?
View Video
datadog

Enrich logs with ServiceNow CMDB context before routing to any SIEM or logging tool

Feb 9, 2026 By Micah Kim In Datadog
Many DevOps and security teams rely on ServiceNow CMDB (Configuration Management Database) as the system of record for metadata about infrastructure assets, application and service ownership, and dependencies. ServiceNow CMDB captures which team owns each service, what business unit the service supports, the environment where it runs, and how assets relate to each other.
Read Post
exabeam

AI Agents Are The New Detection Problem Nobody Designed For

Feb 9, 2026 By Exabeam In Exabeam
AI agents now operate as core identities in enterprise environments, authenticating, accessing data, and executing workflows at machine speed. Their flexibility and scale introduce a detection challenge traditional security models were never built to solve. Exabeam has seen this pattern before with insider threat and workload identities. AI agents accelerate the need for identity-centric detection.
Read Post
graylog

Anomaly Detection with Machine Learning to Improve Security

Feb 4, 2026 By Jeff Darrington In Graylog
Being a security analyst can feel like being trapped in a Where’s Waldo book. You can find yourself staring at a data stream looking for something that “isn’t like the others.” However, as your organization collects and correlates more data from the environment, finding the Waldo can feel overwhelming. In a modern IT environment, organizations have hundreds or thousands of devices, users, and data points that they need to correlate so they can identify normal network activity.
Read Post

Ep 28: Stop being the 'no' department: How modern GRC enables growth

Feb 3, 2026 By Sumo Logic, Inc. In Sumo Logic
On this episode of Masters of Data, we sit down with Cassandra Mooseberger, Manager of Security Compliance at Sumo Logic, to unpack governance, risk, and compliance (GRC). Cass breaks down her three-pillar framework: governance and compliance, risk management, and trust. She reveals how GRC teams can flip from cost center to sales enabler through trust pages, automated questionnaires, and proactive support. We explore practical strategies for working with engineering: listen first, understand before changing, and skip the "rip and replace" impulse.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.