Latest from todayfeatureHow CISOs can rebuild trust after a security incidentCybersecurity leaders share insight on a crucial but overlooked task after any security incident: rebuilding trust with the stakeholders that matter the most. By Eric Frank18 Feb 202510 minsBusiness IT AlignmentCSO and CISOIncident Response feature How to evaluate and mitigate risks to the global supply chainBy Jaikumar Vijayan17 Feb 20257 minsCyberattacksRisk ManagementSupply Chainfeature What is anomaly detection? Behavior-based analysis for cyber threatsBy Cynthia Brumfield14 Feb 20258 minsIncident ResponseIntrusion Detection SoftwareThreat and Vulnerability Management news analysisPassword managers under increasing threat as infostealers triple and adaptBy John Leyden 18 Feb 20257 minsAuthenticationMalwarePassword Managers newsRansomware gangs extort victims 17 hours after intrusion on averageBy Lucian Constantin 17 Feb 20255 minsIncident ResponseRansomware newsPalo Alto Networks firewall bug being exploited by threat actors: ReportBy Howard Solomon 14 Feb 20251 minNetwork SecurityVulnerabilitiesZero-day vulnerability news analysisPostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacksBy Lucian Constantin 13 Feb 20255 minsData and Information SecurityVulnerabilitiesZero-day vulnerability how-toWhat security teams need to know about the coming demise of old Microsoft serversBy Susan Bradley 13 Feb 20256 minsCloud SecurityData and Information SecurityWindows Security featureBeyond the paycheck: What cybersecurity professionals really wantBy Aimee Chanthadavong 12 Feb 20259 minsCSO and CISOCareersIT Training More security newsopinionThink being CISO of a cybersecurity vendor is easy? Think againMaking the shift from a security product developer to the same role at an enterprise taught made one CISO more prepared, more aware, and more capable of tackling new challenges.By Tyler Farrar 19 Feb 2025 7 minsCSO and CISOHuman ResourcesIT Leadershipnews analysisOpenSSH fixes flaws that enable man-in-the-middle, DoS attacksResearchers from Qualys found two vulnerabilities that can be combined to bypass the server key verification in OpenSSH clients when the VerifyHostKeyDNS is used, allowing man-in-the-middle attackers to successfully impersonate servers.By Lucian Constantin 18 Feb 2025 5 minsData and Information SecurityHackingVulnerabilitiesnewsRussian malware discovered with Telegram hacks for C2 operationsStealthy C2 messages operated by the Golang backdoor could easily be mistaken for legitimate Telegram API communication. By Shweta Sharma 18 Feb 2025 3 minsAPIsMalwareSecuritynewsXCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarmThe updated malware, which spreads via infected Xcode projects, introduces advanced evasion tactics and persistence mechanisms to bypass security defenses.By Gyana Swain 18 Feb 2025 5 minsMacOS SecurityMalwareSecuritynewsNew family of data-stealing malware leverages Microsoft Outlook Elastic Security says an attack starts with stolen credentials, abuses Outlook and Microsoft’s Graph API.By Howard Solomon 17 Feb 2025 5 minsAPIsData and Information SecurityMalwarenewswhoAMI name confusion attacks can expose AWS accounts to malicious code executionDue to a misconfiguration, developers could be tricked into retrieving malicious Amazon Machine Images (AMI) while creating EC2 instances.By Shweta Sharma 14 Feb 2025 3 minsCloud SecurityCyberattacksSecuritynews analysisUnusual attack linked to Chinese APT group combines espionage and ransomwareThe attacker deployed a variant of the PlugX cyberespionage toolset previously associated with Chinese APT groups against a small company that they then infected with the RA World ransomware and extorted for money.By Lucian Constantin 13 Feb 2025 6 minsAdvanced Persistent ThreatsHacker GroupsRansomwarenewsRussian hacking group targets critical infrastructure in the US, the UK, and CanadaMicrosoft warns of expanding Russian cyberwarfare as attackers exploit IT management software to breach enterprises.By Gyana Swain 13 Feb 2025 4 minsCyberattacksSecurityVulnerabilitiesnewsCISA, FBI call software with buffer overflow issues ‘unforgivable’The federal directive forbids vendors from shipping software with such flaws, and flags recent Microsoft, and Ivanti zero-days as examples.By Shweta Sharma 13 Feb 2025 3 minsBugsSecurityVulnerabilitiesnews24% of vulnerabilities are abused before a patch is availableExploited CVEs increased by a fifth in 2024, according to analysis by VulnCheck, with increased transparency and improved monitoring playing a role. Still, proactive measures are vital.By John Leyden 13 Feb 2025 5 minsPatch Management SoftwareThreat and Vulnerability ManagementVulnerabilitiesnewsDon’t use public ASP.NET keys (duh), Microsoft warnsMicrosoft Threat Intelligence has identified 3,000 ASP.NET keys disclosed in code documentation and repos that could be used in code injection attacks.By Paul Krill 12 Feb 2025 1 minCyberattacksWindows SecuritynewsHacker allegedly puts massive OmniGPT breach data for sale on the dark webThe unconfirmed breach allegedly includes email, phone numbers, API and crypto keys, credentials, and billing information, from over 30,000 OmniGPT users.By Shweta Sharma 12 Feb 2025 3 minsData BreachGenerative AI Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics Spotlight: Prioritizing your AI investments Articles • Buyer’s Guide As AI continues to evolve and increase its presence in technology systems, IT teams must take a step back to understand which types of AI deserve the highest focus, resource allocation, and spend for their specific needs. View all Popular topicsGenerative AI news analysisNearly 10% of employee gen AI prompts include sensitive dataBy Evan Schuman 10 Feb 2025 6 minsData and Information SecurityGenerative AI newsHackers impersonate DeepSeek to distribute malwareBy Shweta Sharma 04 Feb 2025 3 minsGenerative AIMalwareSecurity featureDownload the Agentic AI Enterprise SpotlightBy CSO, InfoWorld, and CIO.com staff 02 Feb 2025 1 minGenerative AIIT StrategyRisk Management View topic Cybercrime newsAuthorities seize Phobos and 8Base ransomware servers, arrest 4 suspectsBy Lucian Constantin 11 Feb 2025 3 minsCybercrimeRansomware newsPolice arrest teenager suspected of hacking NATO and numerous Spanish institutionsBy Computerworld España 06 Feb 2025 2 minsCybercrimeSecurity featureHow law enforcement agents gain access to encrypted devicesBy John Leyden 31 Jan 2025 9 minsCybercrimeEncryptionSecurity View topic Careers events promotionSponsored by CSO EventsCSO Award and Hall of Fame Nominations Open NowBy CSO Events 11 Feb 2025 3 minsCareersIT LeadershipSecurity featureThe CSO guide to top security conferencesBy CSO Staff 31 Jan 2025 8 minsApplication SecurityEventsTechnology Industry featureCISOs embrace rise in prominence — with broader business authorityBy Esther Shein 13 Jan 2025 11 minsBusiness IT AlignmentCSO and CISOIT Strategy View topic IT Leadership featureWTF? Why the cybersecurity sector is overrun with acronymsBy Lee-Anne Goodman 11 Feb 2025 9 minsCSO and CISOHuman ResourcesIT Leadership news analysis39% of IT leaders fear major incident due to excessive workloadsBy Evan Schuman 03 Feb 2025 6 minsIT SkillsIncident ResponseSecurity Operations Center featureWant to be an effective cybersecurity leader? Learn to excel at change managementBy Mary K. Pratt 29 Jan 2025 11 minsBusiness IT AlignmentBusiness Process ManagementCSO and CISO View topic Upcoming Events12/Mar in-person event FutureIT Los Angeles12 Mar 2025The Biltmore Technology Industry 04/May-06/May in-person eventWork+ – The New Future of Work: AI, Emerging Tech & Where IT Can Lead04 May 2025Loews Vanderbilt Hotel Nashville Artificial Intelligence 25/Jun in-person event FutureIT Dallas25 Jun 2025Union Station Events View all events In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins CSO and CISOMulti-factor AuthenticationRemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Tanium CISO success story: How LA County trains (and retrains) workers to fight phishing By David Rand 14 Feb 20259 mins Security brandpost Sponsored by Fortinet DLP solutions vs today’s cyberthreats: The urgent need for modern solutions By David Lorti, Director of Product Marketing, Fortinet 13 Feb 20257 mins Security news analysis UK monitoring group to classify cyber incidents on earthquake-like scale By John Leyden 12 Feb 20255 mins Data BreachIT Governance FrameworksIncident Response podcast CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO video CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security video CSO Executive Sessions: How should software solution providers keep themselves and their enterprise clients safe? 26 Jan 202518 mins Security video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 202415 mins Critical InfrastructureIT GovernanceSupply Chain