Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Feroot

Why SAQ-A-EP Fails Without Client-Side Script Monitoring

Mar 10, 2026 By Feroot In Feroot
In 2024, Recorded Future’s Fraud Intelligence Report found over 11,000 e-commerce domains actively running payment page skimmers, a nearly 300% increase from the year before. The majority of those merchants had no client-side monitoring in place.Most of them were processing payments through legitimate, PCI-certified processors. Some of them were almost certainly SAQ-A-EP merchants who believed their processor’s compliance covered their risk. It doesn’t.
Read Post
Feroot

Third-Party BAA Checklist: HIPAA Requirements for Website Technology Vendors

Mar 10, 2026 By Feroot In Feroot
For most of HIPAA’s history, PHI moved through known systems, between known parties, for known reasons. You provisioned access and audited behavior. The data flows remained observable, and so did the vendor relationships built around them. EHR vendors, billing platforms, and transcription services, you knew what each one touched because you handed it to them. Then the website became part of the care journey. With it came appointment schedulers, symptom checkers, patient portals, and intake forms.
Read Post
veracode

The 36% Surge in High-Risk Vulnerabilities: What It Means for Your Business

Mar 10, 2026 By Natalie Tischler In Veracode
The concentration of dangerous software flaws is accelerating. The number of high-risk vulnerabilities – those with both high severity and high exploitability – has surged by 36% year-over-year, according to the 2026 State of Software Security Report. This trend indicates a critical problem: more risk is entering your codebase faster than ever before.
Read Post
salt security

The Economic Argument: The Real Cost of Insecure APIs in the AI Era

Mar 10, 2026 By Eric Schwake In Salt Security
When cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to a tangible line item on the balance sheet. It is no longer just about the cost of a data breach.
Read Post
1Password

How to wrangle SaaS contract renewals

Mar 10, 2026 By Dominic Garcia In 1Password
SaaS contract renewals have a way of sneaking up on IT and Finance teams. One day, everything is running fine. The next, a renewal notice hits your inbox, usually with little context, limited time, and no clear answer to the most important questions: Who’s using this? Do we still need it? And are we paying for more than we should?
Read Post
11:11 systems

When Disruption Becomes Risk: Why Law Firms Can't Afford to Go Dark

Mar 10, 2026 By Sean Tilley In 11:11 Systems
For generations, law firms have assessed risk through precedent, probability and professional judgement. These disciplines are still important, but on their own they no longer describe the reality law firms now face. A different category of risk has moved into the centre of senior decision making. It is not abstract, theoretical or easily deferred. It cuts across practice areas, firm size and seniority. When it materialises, it does not wait for alignment or deliberation.
Read Post
knowbe4

Yes, You Need AI to Defeat AI

Mar 10, 2026 By Roger Grimes In KnowBe4
Long-time followers of mine know that I am not an AI hype person. Some people might even call me an AI critic. I prefer to call myself an AI realist. I do not think AI will kill us all (despite our best efforts to bypass all guardrails and common sense). I do not think AI will replace all jobs. I do not think AI will replace all cybersecurity jobs. But I do think AI allows improvements in many areas, including cyber defenses, over traditional tools and techniques.
Read Post
knowbe4

Announcing the Custom SAPA Agent: Security Awareness Measurement Built for Your Environment

Mar 10, 2026 By KnowBe4 Team In KnowBe4
Security awareness programs are built on measurement. Before you can reduce human risk, you need a clear understanding of where knowledge gaps exist across your workforce. For many organizations, that process starts with a baseline assessment. For years, KnowBe4’s Security Awareness Proficiency Assessment (SAPA) has provided that foundation.
Read Post

The C-Suite's Biggest Mistake During a Cyber Crisis

Mar 10, 2026 By Razorthorn Security In Razorthorn
After a major breach, grand statements about taking security seriously ring hollow when customer data sits in fraudsters’ hands. The biggest mistake in a crisis is clinging to control instead of trusting security specialists, stepping back for a short period and letting the expert lead the technical response. ⸻ For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion..
View Video
netwrix

Best DLP solutions for enterprise data protection in 2026

Mar 10, 2026 By Netwrix Team In Netwrix
Enterprise DLP solutions in 2026 must cover far more than email and USB channels. With many employees pasting data into GenAI prompts and sensitive data flowing across cloud, SaaS, and browser-based AI tools, legacy DLP architectures leave critical gaps. Choosing the right platform requires mapping where sensitive data lives, identifying real exfiltration paths, and deciding whether a standalone, native, or converged DSPM-plus-DLP architecture fits your environment.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.