Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

From Phishing to SQL Injection: How Breaches Actually Happen

Critical vulnerabilities are critical because they're easy to exploit — but most breaches don't even need them. Tony explains why phishing remains the dominant attack vector, why strong instrumentation matters for forensics (tracing an API call through a database to see exactly what was leaked), and how observability data becomes security data when something goes wrong. The system is harder to breach than the human. And that's the whole game.

Encryption Key Management: The Cloud Migration Bottleneck

Cloud migration projects stall for plenty of reasons, legacy dependencies, network latency, data residency rules. But one blocker that doesn't get enough attention is encryption key management. More specifically, the question of who controls the keys once data moves off-premises. For security teams, that question can hold up a migration for months.

Tips and Tricks for Handling Secrets in Icinga 2

Today, we are going to look at a few things related to handling secrets. While Icinga 2 has no dedicated mechanisms for secret handling, there are a few tricks you can do with standard features. This is not meant as a step-by-step tutorial, but rather as an inspiration where you can adopt the ideas that make sense in your setup.

Lovable, Bolt, and Replit Are Wonderful - Until Your CISO Finds Out

Non-technical teams are building apps on Lovable, Bolt.new, and Replit with company data and zero governance. Here's why that's a compliance nightmare - and what enterprise platform teams should deploy instead. Romaric founded Qovery to make Kubernetes accessible to every engineering team. He writes about platform strategy, developer experience, and the future of cloud infrastructure.

What's New in Calico v3.32

We’re excited to announce the release of Calico Open Source v3.32! This release corresponds with Kubernetes v1.36 (Codename Haru) and it goes beyond just sharing a cat as the mascot of the release, it actually extends capabilities and features of Kubernetes to keep you up to date with the latest innovations of the cloud. This release brings some of the most significant architectural changes in Calico, from live-migrating KubeVirt VMs to eBPF based Maglev load balancer.

Rethinking BYOD security: protecting data without trusting devices

BYOD (bring your own device) has always looked better on paper than it does in real life. The promise is clear: let people use the gadgets they already own. Less friction, lower costs, and more freedom. But when security and privacy are non-negotiable, the conversation around BYOD usually ends quickly. Not because BYOD is a bad idea, but because the model behind it doesn’t quite work. With BYOD, you’d be trying to secure something that isn’t meant to be trusted.

What Compliance Training Software Should Do for Your Business

Compliance training software has become crucial for every business today. The main goal of this software is to ensure organizations remain compliant with various laws and regulations. This practice helps safeguard an organization from threats and consequences. At the same time, these software solutions should do more than just cover the regulatory requirements. They should also help employees, minimize mistakes, and promote team integrity.

How Travelers Accidentally Expose Their Personal Data Abroad

In all the excitement surrounding that long-awaited trip, few people stop to think about the dangers to their personal data. Some occur due to negligence, while others result from shady practices that exploit both the travel industry and its customers. Either way, here are the most prescient dangers to look out for and how to deal with each.

Why SMS Verification Still Matters for Modern Digital Platforms

As online platforms continue to expand across industries, account security and user verification have become critical operational priorities. Whether it is a SaaS platform onboarding new users, an e-commerce business reducing fraud, or a global application protecting customer accounts, verification systems are now a standard part of modern digital infrastructure.

How Home-Based Networks Shape Internet Trust Signals

Every website visit triggers a silent background check. Servers don't just see a visitor; they see an IP address, and that address carries a reputation built over years of behavior. Some IPs walk in trusted by default. Others get pulled aside for extra screening before the page even finishes loading. The reason comes down to where the connection originates. Traffic from a home broadband line in Manchester reads differently than traffic from a server farm in Virginia, even when the request itself looks identical. That gap drives billions in fraud prevention spend.