Latest from todayOpinionWhen AI moves beyond human oversight: The cybersecurity risks of self-sustaining systemsWhat happens when AI cybersecurity systems start to rewrite themselves as they adapt over time? Keeping an eye on what they’re doing will be mission-critical.By Christopher WhyteApr 18, 20257 minsCSO and CISOGenerative AISecurity Practices Feature CISOs no closer to containing shadow AI’s skyrocketing data risksBy John LeydenApr 17, 20258 minsData and Information SecurityGenerative AIIT GovernanceFeature CISOs rethink hiring to emphasize skills over degrees and experienceBy Mary K. PrattApr 16, 20258 minsHiringIT SkillsIT Training NewsWill politicization of security clearances make US cybersecurity firms radioactive?By Evan Schuman Apr 17, 20258 minsRegulationSecurity NewsHackers target Apple users in an ‘extremely sophisticated attack’By Shweta Sharma Apr 17, 20253 minsSecurityVulnerabilities News AnalysisRussia-linked APT29 targets European diplomats with new malwareBy Lucian Constantin Apr 16, 20254 minsCyberattacksMalwarePhishing NewsMITRE funding still in up in the air, say expertsBy Howard Solomon Apr 16, 20255 minsGovernmentSecurityThreat and Vulnerability Management News AnalysisCVE program averts swift end after CISA executes 11-month contract extensionBy Cynthia Brumfield Apr 16, 20257 minsGovernmentThreat and Vulnerability Management NewsAI hallucinations lead to a new cyber threat: SlopsquattingBy Shweta Sharma Apr 14, 20253 minsCyberattacksGenerative AI More security newsnewsUpdate these two servers from Gladinet immediately, CISOs toldHard-coded key vulnerability has been exploited since March, says report; analyst says programmers aren’t trained to prevent this kind of issue.By Howard Solomon Apr 16, 2025 5 minsVulnerabilitiesnewsWhistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts This and other DOGE actions inside National Labor Relations Board systems constituted a “significant cybersecurity breach”, says affidavit sent to Senate Intelligence Committee members.By John E. Dunn Apr 16, 2025 5 minsData and Information SecurityGovernmentnewsCato Networks augments CASB with genAI securityThe SASE provider adds generative AI security controls to its Cloud Access Security Broker application to track the use of genAI.By Denise Dubie Apr 16, 2025 1 minCloud SecuritynewsThe most dangerous time for enterprise security? One month after an acquisitionThe awkward period after an acquisition closes and before the acquired firm is fully integrated into the acquiring enterprise is now a top cyberthief target, say experts.By Evan Schuman Apr 15, 2025 6 minsCSO and CISOMergers and AcquisitionsSecuritynewsNew ResolverRAT malware targets healthcare and pharma orgs worldwideDistributed via phishing emails, the DLL side-loaded malware’s payload is executed only in memory and uses sophisticated detection evasion and anti-analysis techniques.By Lucian Constantin Apr 15, 2025 4 minsHealthcare IndustryMalwarePhishingnewsChina alleges US cyber espionage during the Asian Winter Games, names 3 NSA agentsChinese authorities claim US intelligence targeted Microsoft Windows systems and critical infrastructure in a coordinated campaign.By Gyana Swain Apr 15, 2025 5 minsCyberattacksSecuritynewsIncomplete patching leaves Nvidia, Docker exposed to DOS attacksAn optional feature issued with the fix can cause a bug rollback, making a secondary DOS issue possible on top of root-level privilege exploitation. By Shweta Sharma Apr 15, 2025 3 minsSecurityVulnerabilitiesnews analysisAgentic AI is both boon and bane for security prosAI agents are predicted to reduce time to exploit by half in two years, here is what you need to know to figure out if your business need agentic AI and how to find the right one.By David Strom Apr 15, 2025 8 minsArtificial IntelligenceGenerative AIMalwarefeatureHow not to hire a North Korean IT spyCISOs are urged to carry out tighter vetting of new hires to ward off potential ‘moles’ — who are increasingly finding their way onto company payrolls and into their IT systems.By John Leyden Apr 14, 2025 9 minsIT LeadershipfeatureWhat boards want and don’t want to hear from cybersecurity leadersTo get through to board members, cybersecurity leaders need to not only learn the language of business but how to translate cyber risk in a way board members can make sense of.By Rosalyn Page Apr 14, 2025 7 minsBudgetCSO and CISORisk ManagementnewsOpenAI slammed for putting speed over safetyTesters allege newer models are being pushed for launch with much-reduced testing time.By Shweta Sharma Apr 11, 2025 4 minsGenerative AISecurityopinionYou’re always a target, so it pays to review your cybersecurity insurance Not only does an annual insurance review ensure compliance with policy requirements, it can kick off a more thorough review of your security posture that goes far beyond requirements for coverage.By Susan Bradley Apr 11, 2025 7 minsCSO and CISOInsurance IndustrySecurity Practices Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics Spotlight: Solving Data Analytics Challenges Articles Buyer’s Guide Data is everywhere, and increasing art exponential rates. But data is useless unless properly analyzed to provide critical insights, enable automation, and fulfil oter business needs. We explore the latest issues in data analytics for the enterprise. View all Popular topicsGenerative AI feature10 things you should include in your AI policyBy Maria Korolov Apr 8, 2025 13 minsGenerative AIIT Governance FrameworksIT Training featureThe risks of entry-level developers over relying on AIBy Andrada Fiscutean Apr 7, 2025 9 minsDevelopment ToolsGenerative AIIT Skills featureAI programming copilots are worsening code security and leaking more secretsBy John Leyden Apr 4, 2025 7 minsApplication SecurityDevSecOpsGenerative AI View topic Cybercrime opinionWhy DEI is key for a cyber safe futureBy Bridget Chan, Camille Stewart Gloster and Katelyn Ringrose Apr 8, 2025 5 minsCybercrimeDiversity and InclusionHuman Resources news analysisMalicious actors increasingly put privileged identity access to work across attack chainsBy Lucian Constantin Apr 2, 2025 9 minsCyberattacksCybercrimeMultifactor Authentication feature11 ways cybercriminals are making phishing more potent than everBy John Leyden Mar 25, 2025 12 minsEmail SecurityPhishingSocial Engineering View topic Careers featureTop 16 OffSec, pen-testing, and ethical hacking certificationsBy Eric Frank Apr 10, 2025 16 minsCertificationsIT TrainingPenetration Testing featureThe CSO guide to top security conferencesBy CSO Staff Mar 31, 2025 8 minsApplication SecurityEventsTechnology Industry feature11 hottest IT security certs for higher pay todayBy Eric Frank Mar 21, 2025 11 minsCertificationsIT SkillsIT Training View topic IT Leadership featureIs HR running your employee security training? Here’s why that’s not always the best ideaBy Linda Rosencrance Apr 9, 2025 9 minsCSO and CISOHuman ResourcesIT Training opinionLessons learned about cyber resilience from a visit to UkraineBy Christopher Burgess Apr 9, 2025 5 minsCSO and CISOMilitarySecurity Practices opinionAI disinformation didn’t upend 2024 elections, but the threat is very realBy Christopher Whyte Apr 3, 2025 9 minsCSO and CISOGenerative AISecurity Practices View topic In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model Jun 28, 202315 mins CSO and CISOMultifactor AuthenticationRemote Work Ep. 04 Episode 4: Reduce SOC burnout Jun 28, 202315 mins CSO and CISOPhishingRemote Work Upcoming Events15/May in-person event FutureIT Los AngelesMay 15, 2025The Biltmore Data and Information SecurityEvents 25/Jun in-person event FutureIT DallasJun 25, 2025Union Station Application SecurityArtificial IntelligenceEvents 17/Jul in-person event FutureIT New YorkJul 17, 2025Convene-New York, NY Data and Information SecurityEvents View all events Show me moreLatestArticlesPodcastsVideos news Russian Shuckworm APT is back with updated GammaSteel malware By Lucian ConstantinApr 10, 20255 mins Advanced Persistent ThreatsCyberattacksMalware news Oracle admits breach of ‘obsolete servers,’ denies main cloud platform affected By John E. DunnApr 10, 20255 mins Cloud SecurityData BreachSecurity news Hackers target SSRF flaws to steal AWS credentials By Shweta SharmaApr 10, 20253 mins SecurityVulnerabilities podcast CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry Mar 20, 202513 mins CSO and CISOFinancial Services IndustrySecurity Operations Center podcast CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers Feb 12, 202527 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe Aug 7, 202417 mins CSO and CISO video Standard Chartered’s Alvaro Garrido on AI threats and what CIOs/CISOs must know in their AI journey Apr 10, 202514 mins CIOCSO and CISOFinancial Services Industry video CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry Mar 20, 202513 mins CSO and CISOFinancial Services IndustrySecurity Operations Center video CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers Feb 12, 202527 mins Security