Latest from todayfeatureSEC rule confusion continues to put CISOs in a bind a year after a major revisionDespite a spate of recent actions exemplifying how the US Securities and Exchange Commission is enforcing disclosure and compliance, companies are still unsure how and what to report.By John Leyden10 Jan 20256 minsBusiness IT AlignmentCSO and CISORegulation feature SOAR buyer’s guide: 11 security orchestration, automation, and response products — and how to chooseBy David Strom09 Jan 202516 minsEnterprise Buyer’s GuidesIncident ResponseUnified Threat Managementfeature How CISOs can forge the best relationships for cybersecurity investmentBy Rosalyn Page08 Jan 20259 minsCSO and CISOIT Leadership newsIvanti zero-day exploited by APT group that previously targeted Connect Secure appliances By Lucian Constantin 09 Jan 20255 minsMalwareVulnerabilitiesZero-day vulnerability news analysisDNA sequencer vulnerabilities signal firmware issues across medical device industryBy Lucian Constantin 08 Jan 20257 minsMedical DevicesSupply ChainVulnerabilities featureThe biggest data breach fines, penalties, and settlements so farBy Michael Hill and Shweta Sharma 08 Jan 202517 minsData BreachSecurity news analysisUS military allocated about $30 billion to spend on cybersecurity in 2025By Cynthia Brumfield 07 Jan 20258 minsGovernment ITMilitarySecurity Infrastructure featureGen AI is transforming the cyber threat landscape by democratizing vulnerability huntingBy Lucian Constantin 07 Jan 202515 minsGenerative AIPenetration TestingThreat and Vulnerability Management feature12 cybersecurity resolutions for 2025By Aimee Chanthadavong 06 Jan 20259 minsIdentity and Access ManagementSupply Chain More security newsopinion2025 Cybersecurity and AI PredictionsThe cybersecurity and AI landscape continues to evolve at a breathtaking pace, and with it, the associated risks.By Jason Lau 10 Jan 2025 11 minsSecuritynewsMalware targets Mac users by using Apple’s security toolUsing Apple’s proprietary string encryption, the malware evaded detection for months.By Shweta Sharma 10 Jan 2025 3 minsEncryptionMalwarePhishingnewsLegitimate PoC exploited to spread information stealerIt’s another example of how openly-posted proofs of concepts are being abused to sucker security researchers.By Howard Solomon 09 Jan 2025 4 minsCyberattacksMalwarenewsNew Mirai botnet targets industrial routersSecurity researchers warn of a new variant of the Mirai botnet. Attackers used it for zero-day exploits on industrial routers.By Julia Mutzbauer 09 Jan 2025 3 minsBotnetsDDoSnewsSonicWall firewall hit with critical authentication bypass vulnerability The company urged admins to immediately patch their firewalls to fend off threats of easy exploitation.By Shweta Sharma 09 Jan 2025 3 minsNetwork SecurityVulnerabilitiesnewsChina-linked hackers target Japan’s national security and high-tech industriesAuthorities reveal advanced cyber tactics exploiting tools such as Windows Sandbox and Visual Studio Code, urging immediate defensive measures.By Gyana Swain 09 Jan 2025 6 minsCyberattacksSecurityVulnerabilitiesnewsIvanti warns critical RCE flaw in Connect Secure exploited as zero-dayThe software maker announced that a stack-based buffer overflow flaw in its SSL VPN appliance has been exploited in the wild. Ivanti Policy Secure and Ivanti Neurons for ZTA gateways are also impacted.By Lucian Constantin 08 Jan 2025 4 minsNetwork SecurityThreat and Vulnerability ManagementZero-day vulnerabilitynewsUN agency’s job application database breached, 42,000 records stolenThe agency, which supports the operation of international civil aviation, said air traffic is safe, but one analyst raised doubts about that.By Evan Schuman 08 Jan 2025 5 minsCyberattacksData BreachnewsCritical Mitel, Oracle flaws find active exploitation, CISA urges patching CISA added the flaws to its known vulnerability catalog, recommending swift patching pursuant to Binding Operational Directive (BOD) 22-01.By Shweta Sharma 08 Jan 2025 3 minsCommunications SecurityVulnerabilitiesnewsThe deepfake threat just got a little more personalResearchers at Google DeepMind and Stanford University have created highly effective AI replicas of more than 1,000 people based on simple interviews.By Manfred Bremmer and CSO Staff 07 Jan 2025 3 minsGenerative AInewsRussian hackers turn trusted online stores into phishing pagesThe PhishWP WordPress plugin is well-equipped to turn legitimate shopping sites into phishing pages that capture sensitive payment and browser details.By Shweta Sharma 07 Jan 2025 3 minsPhishingSecuritynewsMore telecom firms were breached by Chinese hackers than previously reportedSalt Typhoon’s latest victims include Charter, Consolidated, and Windstream, underscoring the widening scope of China's cyberespionage campaign against critical US infrastructure.By Gyana Swain 06 Jan 2025 4 minsCyberattacksData BreachSecurity Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics Spotlight: Building a winning team Articles • Buyer’s Guide IT is nothing without its people. Technology teams are challenged with a highly complex set of tasks in an ever-changing environment. That requires smart efforts by IT leaders in adapting skills, recruiting, workflows, and management of their teams. View all Popular topicsGenerative AI feature7 biggest cybersecurity stories of 2024By John Leyden 24 Dec 2024 10 minsData BreachRansomwareRegulation newsThis new cipher tech could break you out of your Gen AI woesBy Shweta Sharma 17 Dec 2024 7 minsEncryptionGenerative AISecurity brandpostSponsored by Microsoft SecurityThe imperative for governments to leverage genAI in cyber defenseBy Alvaro Vitta, Microsoft Global CyberSecurity Lead, Public Sector 11 Dec 2024 5 minsGenerative AISecurity View topic Cybercrime newsEuropol shutters 27 DDoS sites in major crackdownBy Mikael Markander 12 Dec 2024 2 minsCybercrimeDDoS newsEuropean law enforcement breaks high-end encryption app used by suspectsBy Evan Schuman 04 Dec 2024 7 minsCSO and CISOCybercrimeEncryption newsAustralia’s first Cyber Security Act passes both housesBy Samira Sarraf 25 Nov 2024 4 minsCybercrimeRansomwareRegulation View topic Careers how-toDownload the Hot IT Certifications Enterprise SpotlightBy CSO, CIO.com, and Network World staffand Network World staff 02 Jan 2025 1 minCertificationsIT JobsIT Skills feature12 best entry-level cybersecurity certificationsBy Eric Frank 02 Jan 2025 17 minsCareersCertificationsIT Skills featureThe CSO guide to top security conferencesBy CSO Staff 31 Dec 2024 6 minsApplication SecurityEventsTechnology Industry View topic IT Leadership newsPersonal liability sours 70% of CISOs on their roleBy Evan Schuman 06 Jan 2025 5 minsCSO and CISOIT StrategyRegulation featureBlown the cybersecurity budget? Here are 7 ways cyber pros can save moneyBy Mary K. Pratt 30 Dec 2024 11 minsBudgetCSO and CISOIT Leadership opinionCISOs should stop freaking out about attackers getting a boost from LLMsBy Christopher Whyte 18 Dec 2024 8 minsCSO and CISOHacker GroupsHacking View topic Upcoming Events12/Mar in-person event FutureIT Los Angeles12 Mar 2025The Biltmore Technology Industry 04/May-06/May in-person eventWork+ – The New Future of Work: AI, Emerging Tech & Where IT Can Lead04 May 2025Loews Vanderbilt Hotel Nashville Artificial Intelligence 25/Jun in-person event FutureIT Dallas25 Jun 2025Union Station Events View all events In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins CSO and CISOMulti-factor AuthenticationRemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by CyberNewsWire CyTwist Launches Advanced Security Solution to identify AI-Driven Cyber Threats in minutes By Cyber NewsWire – Paid Press Release 07 Jan 20255 mins CyberattacksSecurity news Open source vulnerability scanner found with a serious vulnerability in its own code By Shweta Sharma 06 Jan 20253 mins SecurityVulnerabilities news Critical Windows LDAP flaw could lead to crashed servers, RCE attacks By Lynn Greiner 03 Jan 20253 mins Active DirectoryVulnerabilitiesWindows Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands 08 Jul 202418 mins CSO and CISO video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 202415 mins Critical InfrastructureIT GovernanceSupply Chain video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 1) 04 Nov 202419 mins Critical InfrastructureSecuritySupply Chain video CSO Executive Sessions: Standard Chartered’s Alvaro Garrido on cybersecurity in the financial services industry 23 Oct 202410 mins Financial Services IndustrySecurity