Latest from todayNewsIBM X-Force: Stealthy attacks on the rise, toolkits targeting AI emergeThe 2025 X-Force Threat Intelligence Index tracks new and existing trends and attack patterns, including a spike in lower-profile credential theft and overall decline in ransomware attacks on enterprises.By Michael Cooney21 Apr 20251 minCyberattacks News Microsoft SFI update: Five of 28 security objectives nearly completeBy Howard Solomon21 Apr 20255 minsApplication SecuritySecurityNews ASUS patches critical router flaw that allows remote attacksBy Shweta Sharma21 Apr 20253 minsSecurityVulnerabilities NewsAI in incident response: from smoke alarms to predictive intelligenceBy Shweta Sharma 21 Apr 20255 minsGenerative AIIncident ResponseSecurity FeatureTwo ways AI hype is worsening the cybersecurity skills crisisBy Aimee Chanthadavong 21 Apr 20259 minsArtificial IntelligenceCareersGenerative AI OpinionWhen AI moves beyond human oversight: The cybersecurity risks of self-sustaining systemsBy Christopher Whyte 18 Apr 20257 minsCSO and CISOGenerative AISecurity Practices NewsWill politicization of security clearances make US cybersecurity firms radioactive?By Evan Schuman 18 Apr 20258 minsRegulationSecurity NewsHackers target Apple users in an ‘extremely sophisticated attack’By Shweta Sharma 17 Apr 20253 minsSecurityVulnerabilities FeatureCISOs no closer to containing shadow AI’s skyrocketing data risksBy John Leyden 17 Apr 20258 minsData and Information SecurityGenerative AIIT Governance More security newsnewsUpdate these two servers from Gladinet immediately, CISOs toldHard-coded key vulnerability has been exploited since March, says report; analyst says programmers aren’t trained to prevent this kind of issue.By Howard Solomon 17 Apr 2025 5 minsVulnerabilitiesnews analysisRussia-linked APT29 targets European diplomats with new malwareThe phishing campaign impersonates ambassadors by sending out invitations to wine tastings.By Lucian Constantin 17 Apr 2025 4 minsCyberattacksMalwarePhishingnewsMITRE funding still in up in the air, say expertsThe US is “not a reliable partner” in supporting the CVE database, says one analyst; CVE board members establish the CVE Foundation in response.By Howard Solomon 17 Apr 2025 5 minsGovernmentSecurityThreat and Vulnerability ManagementnewsWhistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts This and other DOGE actions inside National Labor Relations Board systems constituted a “significant cybersecurity breach”, says affidavit sent to Senate Intelligence Committee members.By John E. Dunn 17 Apr 2025 5 minsData and Information SecurityGovernmentnews analysisCVE program averts swift end after CISA executes 11-month contract extensionAfter DHS did not renew its funding contract for reasons unspecified, MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge.By Cynthia Brumfield 16 Apr 2025 7 minsGovernmentThreat and Vulnerability ManagementnewsCato Networks augments CASB with genAI securityThe SASE provider adds generative AI security controls to its Cloud Access Security Broker application to track the use of genAI.By Denise Dubie 16 Apr 2025 1 minCloud SecuritynewsThe most dangerous time for enterprise security? One month after an acquisitionThe awkward period after an acquisition closes and before the acquired firm is fully integrated into the acquiring enterprise is now a top cyberthief target, say experts.By Evan Schuman 16 Apr 2025 6 minsCSO and CISOMergers and AcquisitionsSecuritynewsNew ResolverRAT malware targets healthcare and pharma orgs worldwideDistributed via phishing emails, the DLL side-loaded malware’s payload is executed only in memory and uses sophisticated detection evasion and anti-analysis techniques.By Lucian Constantin 15 Apr 2025 4 minsHealthcare IndustryMalwarePhishingnewsChina alleges US cyber espionage during the Asian Winter Games, names 3 NSA agentsChinese authorities claim US intelligence targeted Microsoft Windows systems and critical infrastructure in a coordinated campaign.By Gyana Swain 15 Apr 2025 5 minsCyberattacksSecuritynewsIncomplete patching leaves Nvidia, Docker exposed to DOS attacksAn optional feature issued with the fix can cause a bug rollback, making a secondary DOS issue possible on top of root-level privilege exploitation. By Shweta Sharma 15 Apr 2025 3 minsSecurityVulnerabilitiesnews analysisAgentic AI is both boon and bane for security prosAI agents are predicted to reduce time to exploit by half in two years, here is what you need to know to figure out if your business need agentic AI and how to find the right one.By David Strom 15 Apr 2025 8 minsArtificial IntelligenceGenerative AIMalwarenewsAI hallucinations lead to a new cyber threat: SlopsquattingAttackers can weaponize and distribute a large number of packages recommended by AI models that don’t really exist. By Shweta Sharma 14 Apr 2025 3 minsCyberattacksGenerative AI Show more Show less Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy View all topics Spotlight: Solving Data Analytics Challenges Articles Buyer’s Guide Data is everywhere, and increasing art exponential rates. But data is useless unless properly analyzed to provide critical insights, enable automation, and fulfil oter business needs. We explore the latest issues in data analytics for the enterprise. View all Popular topicsCybercrime opinionWhy DEI is key for a cyber safe futureBy Bridget Chan, Camille Stewart Gloster and Katelyn Ringrose 8 Apr 2025 5 minsCybercrimeDiversity and InclusionHuman Resources news analysisMalicious actors increasingly put privileged identity access to work across attack chainsBy Lucian Constantin 2 Apr 2025 9 minsCyberattacksCybercrimeMultifactor Authentication feature11 ways cybercriminals are making phishing more potent than everBy John Leyden 25 Mar 2025 12 minsEmail SecurityPhishingSocial Engineering View topic Careers featureCISOs rethink hiring to emphasize skills over degrees and experienceBy Mary K. Pratt 16 Apr 2025 8 minsHiringIT SkillsIT Training featureTop 16 OffSec, pen-testing, and ethical hacking certificationsBy Eric Frank 10 Apr 2025 16 minsCertificationsIT TrainingPenetration Testing featureThe CSO guide to top security conferencesBy CSO Staff 31 Mar 2025 8 minsApplication SecurityEventsTechnology Industry View topic IT Leadership featureHow not to hire a North Korean IT spyBy John Leyden 14 Apr 2025 13 minsIT Leadership featureIs HR running your employee security training? Here’s why that’s not always the best ideaBy Linda Rosencrance 9 Apr 2025 9 minsCSO and CISOHuman ResourcesIT Training opinionLessons learned about cyber resilience from a visit to UkraineBy Christopher Burgess 9 Apr 2025 5 minsCSO and CISOMilitarySecurity Practices View topic In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model 20 Jun 202315 mins CSO and CISOMultifactor AuthenticationRemote Work Ep. 04 Episode 4: Reduce SOC burnout 20 Jun 202315 mins CSO and CISOPhishingRemote Work Upcoming EventsMay/15 in-person event CIO Digital Enterprise Summit UK15 May 20259:30 am – 18:30Sofitel London St James Events View all events Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Fortinet Addressing the gaps in modern cloud protection: Using CNAPP to unify cloud security By Vince Hwang21 Apr 20256 mins Security feature What boards want and don’t want to hear from cybersecurity leaders By Rosalyn Page14 Apr 20257 mins BudgetCSO and CISORisk Management news OpenAI slammed for putting speed over safety By Shweta Sharma11 Apr 20254 mins Generative AISecurity podcast CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry 20 Mar 202513 mins CSO and CISOFinancial Services IndustrySecurity Operations Center podcast CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 13 Feb 202527 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 7 Aug 202417 mins CSO and CISO video Standard Chartered’s Alvaro Garrido on AI threats and what CIOs/CISOs must know in their AI journey 10 Apr 202514 mins CIOCSO and CISOFinancial Services Industry video CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry 20 Mar 202513 mins CSO and CISOFinancial Services IndustrySecurity Operations Center video CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 13 Feb 202527 mins Security