Latest from todayopinionThe risks of standing down: Why halting US cyber ops against Russia erodes deterrenceThe threat from Russian bad actors is real; if the US government is halting offensive operations, it may fall to the private sector to take up the cause of disruption, argues Christopher Whyte.By Christopher Whyte06 Mar 20258 minsAdvanced Persistent ThreatsCSO and CISOThreat and Vulnerability Management feature The dirty dozen: 12 worst ransomware groups active todayBy John Leyden05 Mar 202511 minsRansomwarefeature 7 key trends defining the cybersecurity market todayBy Neal Weinberg04 Mar 20259 minsIntrusion Detection SoftwareSecurity Information and Event Management SoftwareVenture Capital news analysis60% of cybersecurity pros looking to change employersBy John Leyden 06 Mar 20255 minsCareersIT Leadership news analysisChinese APT Silk Typhoon exploits IT supply chain weaknesses for initial accessBy Lucian Constantin 06 Mar 20256 minsAdvanced Persistent ThreatsGovernmentHacker Groups opinionMicrosoft pushes a lot of products on users, but here’s one cybersecurity can embraceBy Susan Bradley 05 Mar 20256 minsAccess ControlData and Information SecurityWindows Security newsManufacturers still poorly prepared for cyberattacks as IT/OT convergeBy Julia Mutzbauer 04 Mar 20253 minsManufacturing IndustrySecurity newsVMware ESXi gets critical patches for in-the-wild virtual machine escape attackBy Lucian Constantin 04 Mar 20254 minsSecurityZero-Day Vulnerabilities featureWhy cyber attackers are targeting your solar energy systems — and how to stop themBy Michael Nadeau 03 Mar 202513 minsCritical InfrastructureSecurityUtilities Industry More security newsnewsUS charges 12 Chinese hackers in major government-backed espionage campaignJustice Department unveils indictments against Silk Typhoon group members, seizes domains in escalating cybersecurity standoff.By Gyana Swain 06 Mar 2025 5 minsCybercrimeSecuritynewsBadbox Android botnet disrupted through coordinated threat huntingHuman Security, in collaboration with Google, Shadowserver and others, has sinkholed C2 operations affecting 500,000 infected machines.By Shweta Sharma 06 Mar 2025 4 minsAndroid SecuritySecuritynewsRansomware goes postal: US healthcare firms receive fake extortion lettersFraudsters reportedly demanded up to $350,000 to cover up a fictitious data breach — but how can CSOs tell fake attacks from real ones in cybercrime’s hall of mirrors?By John E. Dunn 05 Mar 2025 6 minsRansomwareSecuritynewsCritical vulnerabilities expose network security risks in Keysight's infrastructureMultiple security flaws in network packet broker devices could lead to code execution and data compromise.By Gyana Swain 05 Mar 2025 4 minsSecurityVulnerabilitiesnewsChinese cyber espionage growing across all industry sectorsNew and expanding China-backed threat groups are pushing a broader cyber strategy, likely with eventual reunification with Taiwan in mind, CrowdStrike security researchers say.By Lucian Constantin 05 Mar 2025 6 minsAdvanced Persistent ThreatsCyberattacksThreat and Vulnerability ManagementnewsPolyglot files used to spread new backdoorProofpoint reports that a threat actor has used the tactic against critical infrastructure firms in the UAE, warns CISOs to watch for it elsewhere.By Howard Solomon 04 Mar 2025 5 minsMalwarePhishingnewsMisconfigured access management systems expose global enterprises to security risksWidespread AMS vulnerabilities threaten physical and data security across key industries.By Gyana Swain 04 Mar 2025 4 minsAccess ControlIdentity and Access ManagementSecuritynewsCISOs should address identity management 'as fast as they can’ says CrowdStrike execThreat actors increasingly using stolen credentials to compromise cloud assets, warns the company's annual threat report.By Howard Solomon 03 Mar 2025 5 minsCyberattacksSecuritynewsUS Cybercom, CISA retreat in fight against Russian cyber threats: reportsPress reports suggest that US Cybercom is standing down from tracking Russia’s offensive cyber operations, and CISA may no longer consider Russia a priority. Officials say Cybercom’s action is a gambit to get Russia to negotiate, and CISA says the press reports are wrong.By Cynthia Brumfield 03 Mar 2025 6 minsCyberattacksGovernment ITRansomwarefeatureDownload the AI Risk Management Enterprise Spotlight We explore the risks to both IT and the business from the use of AI. The goal of your risk management efforts should be to gain the most value from AI as a result.By CSOonline.com and CIO.com staff 03 Mar 2025 1 minRisk Managementnews analysisRansomware access playbook: What Black Basta’s leaked logs revealAnalyzing leaked internal communication logs, security researchers are piecing together how one of the most notorious ransomware groups infiltrates its victims.By Lucian Constantin 03 Mar 2025 6 minsRansomwarenewsMicrosoft files lawsuit against LLMjacking gang that bypassed AI safeguardsThe civil suit against four members of Storm-2139 underscores an emerging trend that blends stolen LLM credentials and AI jailbreaking to reap financial gains for cybercriminals and losses for companies they exploit.By Lucian Constantin 28 Feb 2025 4 minsCybercrimeGenerative AIThreat and Vulnerability Management Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics Spotlight: Managing Modern Risks Articles Buyer’s Guide Staying secure is of course critical, but there are many risks beyond security that enterprise IT must consider. We explore emerging risks that warrant your attention. View all Popular topicsGenerative AI feature5 things to know about ransomware threats in 2025By Rosalyn Page 27 Feb 2025 9 minsData and Information SecurityGenerative AIRansomware newsAI can kill banks: Cybersecurity’s disinformation gapBy Florian Maier 24 Feb 2025 2 minsFinancial Services IndustryGenerative AISecurity opinionHow to prevent AI-based data incidentsBy Volker Sommer 19 Feb 2025 4 minsData BreachGenerative AISecurity View topic Cybercrime newsFake captcha attacks are increasing, say expertsBy Howard Solomon 20 Feb 2025 6 minsCyberattacksCybercrimeMalware newsAuthorities seize Phobos and 8Base ransomware servers, arrest 4 suspectsBy Lucian Constantin 11 Feb 2025 3 minsCybercrimeRansomware newsPolice arrest teenager suspected of hacking NATO and numerous Spanish institutionsBy Computerworld España 06 Feb 2025 2 minsCybercrimeSecurity View topic Careers featureThe CSO guide to top security conferencesBy CSO Staff 28 Feb 2025 10 minsApplication SecurityEventsTechnology Industry featureBeyond the paycheck: What cybersecurity professionals really wantBy Aimee Chanthadavong 12 Feb 2025 9 minsCSO and CISOCareersIT Training events promotionSponsored by CSO EventsCSO Award and Hall of Fame Nominations Open NowBy CSO Events 11 Feb 2025 3 minsCareersIT LeadershipSecurity View topic IT Leadership opinionWhat CISOs need from the board: Mutual respect on expectationsBy David Gee 26 Feb 2025 6 minsBusiness IT AlignmentCSO and CISOCompliance featureHow to create an effective incident response planBy Bob Violino 25 Feb 2025 11 minsIT LeadershipIncident ResponseSecurity featureStrategic? Functional? Tactical? Which type of CISO are you?By Mary K. Pratt 24 Feb 2025 9 minsCSO and CISOHuman ResourcesSecurity Practices View topic Upcoming Events04/May-06/May in-person eventWork+ – The New Future of Work: AI, Emerging Tech & Where IT Can Lead04 May 2025Loews Vanderbilt Hotel Nashville EventsHuman Resources 15/May in-person event FutureIT Los Angeles15 May 2025The Biltmore Data and Information SecurityEvents 25/Jun in-person event FutureIT Dallas25 Jun 2025Union Station Application SecurityArtificial IntelligenceEvents View all events In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins CSO and CISOMultifactor AuthenticationRemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by CyberNewsWire Hunters Announces New AI Capabilities with Pathfinder AI for Smarter SOC Automation By Cyber NewsWire – Paid Press Release 05 Mar 20255 mins CyberattacksSecurity brandpost Sponsored by CyberNewsWire Bubba AI, Inc. is launching Comp AI to help 100,000 startups get SOC 2 compliant by 2032 By Cyber NewsWire – Paid Press Release 03 Mar 20254 mins CyberattacksSecurity how-to Download the UEM vendor comparison chart, 2025 edition By Bob Violino and vpotter 03 Mar 20251 min Endpoint ProtectionEnterprise Buyer’s GuidesMobile Security podcast CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO video CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security video CSO Executive Sessions: How should software solution providers keep themselves and their enterprise clients safe? 26 Jan 202518 mins Security video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 202415 mins Critical InfrastructureIT GovernanceSupply Chain