Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cyjax

Translating Threat Intelligence into Boardroom Value

May 20, 2025 By Shail Yadav In CYJAX
In fast-paced threat intelligence environments, day-to day focus is often on monitoring risks, responding to incidents, and staying ahead of evolving threats. In the middle of this operational intensity, structured board reporting can easily be overlooked. But as threat landscapes grow more complex and cyber risks gain board-level attention, the absence of clear, strategic reporting becomes a liability. Board reporting isn’t just a good practice, its a regulatory imperative.
Read Post
centripetal

Security Bulletin: OttoKit WordPress Plugin Vulnerability, CVE-2025-27007

May 20, 2025 By Danny Portal In Centripetal
CVE-2025-27007 is a critical unauthenticated privilege escalation vulnerability affecting the OttoKit WordPress plugin (formerly SureTriggers), which is used by over 100,000 websites for workflow automation and third-party integration. The vulnerability exists in the plugin’s create_wp_connection() function, which fails to properly verify user authentication when application passwords are not configured.
Read Post

May 19, 2025 Cyber Threat Intelligence Briefing

May 19, 2025 By Kroll In Kroll
This week’s briefing covers: Coinbase Insider Threat Leads to Theft of Customer Data Coinbase has released a blog post and filed an SEC Form 8-K reporting an incident whereby they received an email attempting to extort the company for $20m. According to the post, the threat actors approached customer support staff and “used cash offers to convince a small group of insiders to copy data in our customer support tools”. Stolen data includes personal details including identity documents and account data include balance and transaction history.
View Video
Featured Post
Improving Cyber and Mental Resilience with Threat Information Sharing

Improving Cyber and Mental Resilience with Threat Information Sharing

May 17, 2025 By Chris Jacob, VP, Global Field Operations In ThreatQuotient
In a world where data provides companies with a competitive advantage, sharing it amongst other businesses, especially in the same industry, may seem counterproductive. However, in cybersecurity, where every company is a potential target for threat actors and organizations are increasingly interconnected through supply chains, sharing information can significantly enhance a company's security posture and overall resilience.
Read Post
ThreatQuotient

The Value of Threat Intelligence in Ensuring DORA Compliance

May 15, 2025 By ThreatQuotient In ThreatQuotient
“Expect the unexpected” is a saying that holds particular weight in cybersecurity. In 2025, with continuing technological advancement, the divide between game-changing business opportunities and serious cyber threats has never been starker. With innovation and disruption unlikely to slow the pace any time soon, all sectors must build their operational resiliency to stay ahead and ensure stability.
Read Post
fidelis security

Top 5 Proactive Threat Intelligence Use Cases for Enhanced Cyber Defense

May 13, 2025 By Fidelis Security In Fidelis Security
In this fast-moving world where businesses operate completely through IT infrastructure, waiting for a threat to happen and finding a solution isn’t enough. There should be a proactive approach, where you spot and remove a threat even before it touches your systems.
Read Post

May 12, 2025 Cyber Threat Intelligence Briefing

May 12, 2025 By Kroll In Kroll
This week’s briefing covers: Software Supply Chain Attack on Golang Leads to Wiper Malware A supply-chain attack has been discovered that targeted Linux servers through malicious Golang modules, mimicking legitimate modules, that were posted on GitHub. Continued Exploitation of Critical SAP NetWeaver Critical Vulnerability Further to Kroll’s reporting in previous weeks regarding active exploitation of CVE-2025-31324, a critical vulnerability that allows a threat actor to execute code remotely.
View Video
cyjax

Building a Proactive Threat Intelligence Program: Exclusive Guide For A CISO

May 9, 2025 By Shail Yadav In CYJAX
As cyber threats grow more advanced and persistent, traditional reactive defences are no longer enough. Today’s security leaders must shift toward proactive threat intelligence, anticipating and neutralising risks before they evolve into serious breaches.
Read Post

How to Adopt DORA's Threat-Led Penetration Testing Requirements

May 8, 2025 By Kroll In Kroll
The new Digital Operational Resilience Act (DORA) requires significant financial entities in the EU to carry out Threat-Led Penetration Testing (TLPTs) on a regular basis. However, the skills required along with the planning for these types of exercises can prove difficult and time consuming. During this session, Kroll brings together our red teaming, threat intelligence and DORA regulatory compliance experts to provide practical guidance on how security, risk and resiliency leaders can adopt a sustainable threat-led penetration testing (TLPT) program as required by DORA.
View Video
centripetal

Security Bulletin: Magecart Skimming Campaign

May 8, 2025 By Anna Balabushko In Centripetal
Magecart is a long-running digital skimming threat attributed to multiple financially motivated cybercriminal groups specializing in the theft of payment card data from e-commerce websites. First identified in 2015, Magecart attacks have continuously evolved, leveraging compromised third-party services, supply chain vulnerabilities, and increasingly sophisticated obfuscation tactics to inject malicious JavaScript skimmers into checkout pages.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.