Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

miniorange

Why Choose Active Directory Management Over Manual Scripts

Dec 11, 2025 By Puja More In miniOrange
A mid-sized company once tried to handle all its AD updates with a set of PowerShell scripts. Things worked fine while the user count was small, but trouble showed up once they crossed a thousand accounts. A script missed a group update, a disabled user stayed active for two extra days, and a bulk change took almost an entire afternoon to fix. None of this was a technical failure. It was the natural limit of manual scripting.
Read Post
splunk

When Your Fraud Detection Tool Doubles as a Wellness Check: The Unexpected Intersection of Security and HR

Dec 11, 2025 By Matthew J Joseff, CFE In Splunk
Let’s face it: humans are creatures of habit, and nothing rattles us quite like the prospect of change. (Just ask anyone who’s dared to swap out the office coffee brand—revolutions have started over less.) According to SHRM's research on change fatigue, today’s relentless pace of disruption is exhausting employees faster than a budget ergonomic chair. But here’s where it gets fascinating—where security, HR, and fraud analysis converge in ways you might not expect.
Read Post
sentrium

Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

Dec 11, 2025 By James Drew In Sentrium
During our research into Microsoft 365 security, we discovered a flaw in Outlook on the web (OWA) that exposed information about users and their mailboxes. By manipulating certain request headers against the “/owa/service.svc” endpoint, an attacker could not only confirm whether a user account existed, but also determine if that account had a mailbox associated with it.
Read Post
indusface

CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Dec 11, 2025 By Bhargavi Pallati In Indusface
A newly disclosed vulnerability in Ivanti Endpoint Manager (EPM) tracked as CVE-2025-10573 allows unauthenticated attackers to inject persistent JavaScript into the EPM administrative dashboard. Assigned a CVSS score of 9.6, this vulnerability presents a critical security risk because it enables attackers to hijack administrator sessions and gain full control over managed endpoints.
Read Post
CrowdStrike

Data Leakage: AI's Plumbing Problem

Dec 11, 2025 By Jim Hoagland - Vanessa Villa In CrowdStrike
Sensitive information disclosure ranks on the OWASP Top 10 for LLM Applications, and for good reason. When AI-powered applications inadvertently expose private data like personally identifiable information (PII), financial records, health information, API keys, or proprietary business intelligence, the consequences cascade quickly: regulatory violations, competitive disadvantage, and shattered user trust.
Read Post

GRC Engineering for Revenue Acceleration | TrustCloud

Dec 11, 2025 By TrustCloud In TrustCloud
How to build a Customer Assurance and Continuous Control Monitoring Program that earns customer trust. Join us for a practical and insightful conversation on how transparent security and compliance posture sharing , high-confidence AI-assisted security questionnaire completion, and continuous control monitoring (CCM) translate directly into customer assurance, revenue acceleration, faster sales cycles, and higher buyer confidence.
View Video

Is CTEM a framework or a solution?

Dec 11, 2025 By Cyberint In Cyberint
CTEM, introduced by Gartner, was designed to address a critical gap in traditional vulnerability management: the broken flow between detection and remediation. While reports and alerts pile up, exposures often remain unresolved, leaving organizations at risk. CTEM organizes this process into five stages—Scoping, Discovery, Prioritization, Validation, and Mobilization—bringing structure to chaos. Technically, it’s a framework because Gartner never mandated a single solution to deliver all stages. Most vendors only cover one or two.
View Video

A Mental Health Community For Cyber Professionals

Dec 11, 2025 By Razorthorn Security In Razorthorn
The Mental Health in Cyber Security Foundation is a home for support, shared best practice and real stories about mental health in cybersecurity. The long-term vision is an organisation where people in the industry know they can go for advice, guidance and practical help with the pressures of their work.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.