Cyber Security Headlines - Archive

Cyber leaders defend Anthropic's banned models FBI disrupts massive phishing service 1Password acquires Apono Get the show notes here: https://cisoseries.com/cybersecurity-news-anthropic-models-defended-massive-phishing-service-shuttered-1password-acquires-apono/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are

Feds require Anthropic to ban 'foreign national' access to Fable, Mythos Maine disables data breach notification portal after fake disclosures ShinyHunters extorts universities through exploiting an unpatched Oracle flaw Get the show notes here: Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over

This week's Department of Know is hosted by Rich Stroffolino, with guests Brett Conlon, CISO, American Century Investments, and Jason Thomas, senior director, technology security, governance, and risk, Cystic Fibrosis Foundation. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our episode sponsor, Doppel Cybercriminals don't respect your security silos. They use one connected attack chain to hit your brand externally, infiltrate your

Fortinet patches a new critical FortiSandbox flaw GitHub to disable npm install scripts by default to stop supply chain attacks Nottingham University announces data breach Get the show notes here: https://cisoseries.com/cybersecurity-news-fortinet-patches-fortisandbox-github-disables-npm-scripts-nottingham-university-breach/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing

Patch Tuesday for the books 'Nightmare Eclipse' drops Windows 0-day Claude Fable restricted at Microsoft Get the show notes here: https://cisoseries.com/cybersecurity-news-big-patch-tuesday-nightmare-eclipse-drops-windows-0-day-claude-fable-restricted-at-microsoft/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at doppel.com.

Anthropic releases Claude Fable 5 French government messaging service breached CISA rethinking risk evaluations Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-fable-5-tchap-hacked-cisa-priorities/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at doppel.com.

Microsoft malware hits Claude and Gemini users Mythos can exploit new flaws in hours AI tool abuse behind Instagram hacks Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-gemini-malware-mythos-sneaky-flaws-instagram-ai-abuse/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering.

Palantir executive considered for CISA leadership EU unveils tech sovereignty package to cut reliance on U.S., Chinese suppliers Hackers now exploit SolarWinds Serv-U flaw to crash servers Get the show notes here: https://cisoseries.com/cybersecurity-news-cisa-palantir-director-eu-tech-sovereignty-solarwinds-serv-u-flaw/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people.

This week's Department of Know is hosted by Rich Stroffolino, with guests Robb Dunewood, host, Daily Tech News Show, and David Cross, CISO, Atlassian. Get the show notes here. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta Agent works like a GRC engineer in

Chinese cybercrime group sets record pace Cisco warns of critical Unified CM flaw with PoC exploit code Hackers spied on a stock exchange executive's Outlook mailbox for five months Get the show notes here: https://cisoseries.com/cybersecurity-news-chinese-cybercrime-group-cisco-cm-flaw-cisa-faces-changes/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is

Law enforcement cracks down on illegal streamers The European Commission releases digital sovereignty plan The startup costs for US cyber force Get the show notes here: https://cisoseries.com/cybersecurity-news-illegal-streamers-eu-digital-sovereignty-cost-of-a-cyber-force/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is the platform used by over sixteen thousand fast-moving

Russia claims officials' surveillance Project Glasswing access expands CISA flags two-year-old Oracle flaw Get the show notes here: https://cisoseries.com/cybersecurity-news-russia-claims-officials-surveillance-project-glasswing-expands-cisa-flags-two-year-old-oracle-flaw/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are

Meta AI hands over Instagram account access Dutch police dismantle huge botnet RedHat packages get backdoored Get the show notes here: https://cisoseries.com/meta-ai-hands-over-instagram-access-dutch-police-dismantle-botnet-redhat-packages-backdoored/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks ChatGPT share links used to host fake outage pages to deliver malware Federal audit reveals NIST's NVD problems Get the show notes here: https://cisoseries.com/cybersecurity-news-globalprotect-vpn-exploited-chatgpt-share-links-exploits-feds-criticize-nist/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is

This week's Department of Know is hosted by Rich Stroffolino, with guests Bruce Schneier, chief of security architecture, Inrupt, and Chris Ray, field CTO, GigaOm. Missed the live show? Check it out on YouTube. Huge thanks to our sponsor, Guardsquare Mobile security incidents are no longer the exception—they are the norm. Last year, seventy-two percent of companies suffered a mobile app security incident. As the primary gateway to your APIs and data, your mobile app requires more than just basic encryption; it needs a multi-layered security strategy. Protect your brand and

Fraud gang steals from World Cup fans Pentagon says US military targeted by location IBM and Red Hat commit to "Project Lightwell" Check out your show notes here: https://cisoseries.com/cybersecurity-news-world-cup-fraud-us-military-location-targets-ibm-and-red-hat-go-project-lightwell/ Huge thanks to our sponsor, Guardsquare Attackers are treating your mobile app like an open book. Sixty-three percent of security leaders recently detected app tampering, cloning, or unauthorized modifications. When your code runs in an untrusted environment, you need runtime self-protection and code hardening to keep attackers out. Address tampering before it starts. Learn more at Guardsquare.com.

Glassworm botnet gets shattered China overhauls world's biggest surveillance network Charter confirms ShinyHunters data breach Check out your show notes here: https://cisoseries.com/cybersecurity-news-glassworm-botnet-shattered-china-overhauls-surveillance-charter-confirms-shinyhunters-breach/ Huge thanks to our sponsor, Guardsquare AI is speeding up development, but at what cost? While ninety-six percent of teams now use AI tools, eighty-one percent report that AI-generated code has introduced new vulnerabilities into their mobile apps. In a world with automated threats, you need multi-layered, polymorphic security to stay ahead of the curve. Learn more at Guardsquare.com.

Nimbus Manticore learning new tricks Phishing moves to real-time credential harvesting India wants 12-hour patches Check out your show notes here: https://cisoseries.com/cybersecurity-news-nimbus-manticore-real-time-credential-harvesting-12-hour-patches/ Huge thanks to our sponsor, Guardsquare Is your mobile app truly protected? Relying on the OS isn't enough. A global study of thirteen-hundred security and developer leaders found that ninety-six percent of teams using layered protection reported significantly fewer security incidents. Don't wait for a breach to harden your defenses. Get the protection needed for modern secuirty risks. Learn more at Guardsquare.com.

'Megalodon' infects GitHub repositories Netherlands seizes 800 servers over cyberattacks Ghost CMS exploited for ClickFix attacks Check out your show notes here: https://cisoseries.com/cybersecurity-news-megalodon-infects-github-netherlands-server-seize-ghost-cms-exploited-for-clickfix/ Huge thanks to our sponsor, Guardsquare Your backend is only as secure as your frontend. Research shows that client-side compromise is now a primary driver of API risk. With sixty-three percent of leaders detecting mobile app tampering or cloning last year, don't leave your mobile app security to chance. Get multilayered protection for your entire mobile app ecosystem from the outside in. Learn more at Guardsquare.com.

CISA adds Drupal Core flaw to KEV Underminr hides malicious connections behind trusted domains Canadian man charged with running KimWolf DDoS botnet Check out your show notes here: https://cisoseries.com/cybersecurity-news-drupal-kev-addition-underminr-revives-domain-fronting-canadian-kimwolf-arrest/ Huge thanks to our sponsor, Guardsquare Mobile app security isn't just a tech issue; it's a revenue issue. A recent global study found that seventy-two percent of organizations experienced a mobile app security incident last year. Even worse? Sixty-five percent saw customer churn or uninstalls as a result. Protect your brand and your bottom line with layered mobile app protection. Learn more

This week's Department of Know is hosted by Rich Stroffolino, with guests Kathleen Mullin, former CISO, MyCareGorithm, and Nick Espinosa, host, Deep Dive Radio Show. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials

Cisco issues 10.0 Secure Workload admin flaw warning Spammers abuse internal Microsoftonline account Google's surge in Chrome vulnerability announcements Get the show notes here: https://cisoseries.com/cybersecurity-news-ciscos-10-0-vulnerability-microsoft-email-spammed-chrome-vulnerability-surge/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With

GitHub breach via VS Code extension Shai-Hulud wave compromises 600 npm packages Huawei attack behind Luxembourg telecom crash Get the show notes here: https://cisoseries.com/cybersecurity-news-github-vs-code-extension-breach-shai-hulud-npm-package-compromise-huawei-luxembourg-telecom-link/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker,

Microsoft disrupts malware-signing-as-a-service Critical flaw found in industrial robot OS CISA admin leaks keys Get the show notes here: https://cisoseries.com/cybersecurity-news-microsoft-hits-fox-tempest-robotics-os-flaw-cisa-admins-leaks-keys/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and

Linus Torvalds not into AI bug hunters 7-Eleven hit with ransom demand MENA runs new cybercrime op Get the show notes here: https://cisoseries.com/cybersecurity-news-linus-torvalds-talks-ai-bug-hunters-7-eleven-ransom-demand-menas-new-cybercrime-op/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing

Grafana GitHub token breach leads to extortion attempt Microsoft rejects Azure vulnerability report, researcher disputes decision Funnel Builder flaw actively exploited to steal payment data Get the show notes here: https://cisoseries.com/cybersecurity-news-grafan-github-extortion-microsoft-rejects-azure-report-funnel-builder-flaw/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can

This week's Department of Know is hosted by Rich Stroffolino, with guests Gary Chan, CISO, SSM Health and Peter Liebert, CISO, Salesloft. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts

G7 countries release AI SBOM guidance Dell confirms its SupportAssist software causes Windows BSOD crashes Dirty Frag sequel arrives as Fragnesia Get the show notes here: https://cisoseries.com/cybersecurity-news-g7-releases-ai-sbom-dell-supportassist-bsod-dirty-frag-sequel/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in

Foxconn confirms North American factory attack BitLocker zero-day accesses protected drives MDASH patches 16 Windows flaws Get the show notes here: https://cisoseries.com/cybersecurity-news-foxconn-factory-attacks-bitlocker-zero-day-accesses-protected-drives-mdash-patches-windows-flaws/↗ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at

Instructure reaches an "agreement" with ShinyHunters Shai Hulud campaign is back OpenAI launches Daybreak Get the show notes here: https://cisoseries.com/cybersecurity-news-instructures-agreement-shai-hulud-campaign-openais-daybreak/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at doppel.com.

A.I. hackers find software flaw Xbox leaks 'Forza Horizon 6' Linux kernel hit by 2nd flaw Get the show notes here: https://cisoseries.com/cybersecurity-news-a-i-software-flaw-hackers-forza-horizon-6-leak-linux-kernel-hit-again/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at

CPanel, WHM release fixes for three new vulnerabilities Official JDownloader site serves malware to Windows and Linux users Sen. Schumer seeks DHS plan on AI cyber coordination Get the show notes here: https://cisoseries.com/cybersecurity-news-new-cpanel-vulnerabilities-jdownloader-delivers-malware-schumer-pushes-dhs/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and

Link to the episode This week's Department of Know is hosted by Rich Stroffolino, with guests Jonathan Waldrop, CISO, Acoustic, and Jason Elrod, CISO, MultiCare Health System. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one

PAN-OS RCE exploit under active use enabling root access and espionage Polish intelligence says hackers attacked water treatment control systems Ivanti warns of new EPMM flaw exploited in zero-day attacks Get the show notes here: https://cisoseries.com/cybersecurity-news-pan-os-rce-exploit-poland-water-hacks-ivanti-epmm-flaw/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving.

Google Chrome installs 4GB AI model on devices Daemon Tools disk app backdoored in supply-chain attack Crypto's 'decentralised finance' sector hit by investor exodus Get the show notes here: Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Video game platform hit by supply chain attack Bleeding Llama could expose your data US gets more early LLM access Get the show notes here: https://cisoseries.com/cybersecurity-news-video-game-supply-chain-attack-bleeding-llama-us-gets-early-llm-access/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Instructure discloses breach amid leak threats DigiCert revokes certificates Silver Fox targets Indian and Russian orgs Get the show notes here: https://cisoseries.com/cybersecurity-news-instructure-discloses-breach-digicert-revokes-certificates-silver-fox-targets-indian-and-russian-orgs/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Telegram Mini Apps deliver Android malware CISA orders Federal agencies to patch cPanel bug by Sunday British cyber agency warns of looming 'patch wave' due to speedy AI flaw discovery Get the show notes here: https://cisoseries.com/cybersecurity-news-telegram-mini-apps-malware-cpanel-is-sorry-patch-wave-warning/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving.

This week's Department of Know is hosted by Rich Stroffolino, with guests Janet Heins, CISO, ChenMed, and TC Niedzialkowski, Head of IT & Security, Opendoor. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Get the show notes here: https://cisoseries.com/cybersecurity-news-critical-cpanel-zero-day-swiss-black-axe-arrests-hhs-data-center-questions/ Thanks to our episode sponsor, Guardsqaure Attackers are treating your mobile app like an open book. Sixty-three percent of security leaders recently detected app tampering, cloning, or

Critical cPanel and WHM bug exploited as zero-day Swiss police arrest suspected members of Black Axe group HHS ponders government posture for protecting data centers Get the show notes here: https://cisoseries.com/cybersecurity-news-critical-cpanel-zero-day-swiss-black-axe-arrests-hhs-data-center-questions/ Thanks to our episode sponsor, Guardsqaure Attackers are treating your mobile app like an open book. Sixty-three percent of security leaders recently detected app tampering, cloning, or unauthorized modifications. When your code runs in an untrusted environment, you need runtime self-protection and code hardening to keep attackers out. Address tampering before it starts. Learn more at Guardsquare.com.

Hackers arrested for selling Roblox accounts Microsoft's patch for a 0-day falls short US & China partner on Dubai scam takedown Get the show notes here: https://cisoseries.com/cybersecurity-news-roblox-hackers-arrested-microsoft-0-day-falls-short-dubai-scam-takedown/ Thanks to our episode sponsor, Guardsqaure AI is speeding up development, but at what cost? While ninety-six percent of teams now use AI tools, eighty-one percent report that AI-generated code has introduced new vulnerabilities into their mobile apps. In a world with automated threats, you need multi-layered, polymorphic security to stay ahead of the curve. Learn more at Guardsquare.com.

FIDO Alliance working on securing AI agent payments Germany suspects Russia in Signal phishing RCE flaw in open-source robotics platform Get the show notes here: https://cisoseries.com/cybersecurity-news-agent-payments-russian-phishing-lerobot-rce-flaw/ Thanks to our episode sponsor, Guardsqaure Is your mobile app truly protected? Relying on the OS isn't enough. A global study of thirteen-hundred security and developer leaders found that ninety-six percent of teams using layered protection reported significantly fewer security incidents. Don't wait for a breach to harden your defenses. Get the protection needed for modern secuirty risks. Learn more at Guardsquare.com.

PhantomRPC flaw enables privilege escalation Checkmarx confirms GitHub data hit dark web PyPI package hacked to push infostealer Get the show notes here: https://cisoseries.com/cybersecurity-news-phantomrpc-flaw-checkmarx-github-dark-web-data-pypi-package-infostealer/ Thanks to our episode sponsor, Guardsqaure Your backend is only as secure as your frontend. Research shows that client-side compromise is now a primary driver of API risk. With sixty-three percent of leaders detecting mobile app tampering or cloning last year, don't leave your mobile app security to chance. Get multilayered protection for your entire mobile app ecosystem from the outside in. Learn more at Guardsquare.com.

ADT says customer data stolen in cyberattack SMS blasting comes to Toronto Researchers find pre-Stuxnet malware targeting engineering software Get the show notes here: https://cisoseries.com/cybersecurity-news-adt-data-breach-toronto-sms-blasting-pre-stuxnet-malware-discovery/ Thanks to our episode sponsor, Guardsquare Mobile app security isn't just a tech issue; it's a revenue issue. A recent global study found that seventy-two percent of organizations experienced a mobile app security incident last year. Even worse? Sixty-five percent saw customer churn or uninstalls as a result. Protect your brand and your bottom line with layered mobile app protection. Learn more at Guardsquare.com.

Link to episode This week's Department of Know is hosted by Rich Stroffolino, with guests Brett Conlon, CISO, American Century Investments, and Michael Bickford, former CISO, New York State Gaming Commission. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud

Cosmetics giant Rituals discloses data breach Apple fixes iOS flaw exploited by the FBI Microsoft Teams Helpdesk impersonation Get the show notes here: https://cisoseries.com/cybersecurity-news-rituals-cosmetics-breach-fbi-ios-flaw-fixed-teams-helpdesk-malware-impersonation/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing

OpenAI shares cyber product with government orgs Unauthorized Mythos access, Firebox bugs fixed by Mythos Insurers move to cap LLMjacking cyber payouts Get the show notes here: https://cisoseries.com/cybersecurity-news-new-openai-cyber-product-unauthorized-mythos-access-insurers-to-cap-llmjacking-payouts/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of

CISA lacks Mythos access Lovable denies data leak YouTube opens up deepfake detection tool Get the show notes here: https://cisoseries.com/cybersecurity-news-cisa-lacks-mythos-lovables-leak-by-design-youtubes-deepfake-detection/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access

Vercel confirms breach, stolen data for sale ZionSiphon targets water infrastructure Bluesky blames outage on DDoS Get the show notes here: https://cisoseries.com/cybersecurity-news-vercel-breach-zionsiphon-targets-water-infrastructure-bluesky-ddos/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed,

London hospitals continue to suffer from 2024 ransomware attack Four arrested in PowerOFF takedown Microsoft Defender "RedSun" zero-day Get the show notes here: https://cisoseries.com/cybersecurity-news-london-hospital-ransomware-legacy-poweroff-takedown-microsoft-redsun-zero-day/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing

Link to episode page This week's Department of Know is hosted by Rich Stroffolino, with guests Andrew Storms, security engineering, Kilo Code, and Eduardo Ortiz-Romeu, VP, global head of cybersecurity, Techtronic Industries. Missed the live show? Check it out on YouTube. Huge thanks to our sponsor, Conveyor Happy Friday. Hope there isn't a fresh security questionnaire sitting in your inbox right now. If there is, here's something worth knowing. The teams that have fully automated their customer security reviews didn't just get a better trust center. They switched to an AI

Cisco posts urgent Webex Services warning Splunk issues fixes for Enterprise vulnerability Git identity spoof tricks Claude into approving bad code Get the show notes here: https://cisoseries.com/cybersecurity-news-cisco-webex-warning-splunks-enterprise-fix-git-spoof-tricks-claude/ Huge thanks to our sponsor, Conveyor Happy Friday. Hope there isn't a fresh security questionnaire sitting in your inbox right now. If there is, here's something worth knowing. The teams that have fully automated their customer security reviews didn't just get a better trust center. They switched to an AI platform built for the whole workflow. Conveyor handles trust center, questionnaire automation, and self-serve

OpenAI rolls out GPT-5.4-Cyber McGraw Hill breach due to Salesforce misconfig Signed adware operation disables antivirus Get the show notes here: https://cisoseries.com/cybersecurity-news-openais-gpt-5-4-cyber-mcgraw-hill-blames-salesforce-for-breach-signed-adware-disables-antivirus/ Huge thanks to our sponsor, Conveyor At some point, every fast-growing SaaS team hits the same wall. The trust center is live. The SOC 2 is published. And somehow the security questionnaires just keep piling up. That's when teams realize a static trust center isn't the finish line. Conveyor is what comes next. AI that completes questionnaires automatically. A trust center customers can actually self-serve. And a knowledge base

Ransomware rivals turn on each other Fake Ledger app drains millions in crypto US Treasury wants access to Mythos Get the show notes here: https://cisoseries.com/cybersecurity-news-ransomware-drama-faked-ledger-app-treasury-wants-mythos/ Huge thanks to our sponsor, Conveyor Your trust center was a great start. But if your team is still manually answering questionnaires and fielding sales questions, it hasn't solved the problem. Conveyor goes beyond a trust center. You get a living knowledge library your AI keeps up to date, questionnaire automation that handles any format, and a self-serve experience so customers and sales teams get answers

Claude Mythos Preview's cyber capabilities Anodot hack leaves breached companies facing extortion wolfSSL library flaw enables forged certificate use Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-mythos-previews-capabilities-anodot-breached-companies-face-extortion-wolfssl-flaw-enables-forged-certificates/ Huge thanks to our sponsor, Conveyor Three tools to manage customer security reviews is two too many. Most teams start with a trust center, bolt on a questionnaire tool, and end up with a knowledge base nobody trusts and a Slack channel full of sales pings anyway. Conveyor replaces all of it. Trust center, questionnaire automation, self-serve for sales, AI-managed knowledge library, one platform. Companies like

A quick announcement: we're moving our Department of Know livestream to Fridays at 4pm ET/1 pm PT. The format will remain the same. We hope to see you there.

Adobe patches months-old Reader zero-day Critical Marimo flaw now under active exploitation Hackers claim control over Venice anti-flood pumps Get the show notes here: https://cisoseries.com/cybersecurity-news-adobe-patches-zero-day-marimo-flaw-exploited-venice-flood-threat/ Huge thanks to our sponsor, Conveyor Still manually filling out security questionnaires even though you have a trust center? A starter trust center is table stakes and the best security teams have moved way past that. Conveyor gives you an agentic trust center, AI questionnaire automation, and a self-serve layer so sales can move deals forward without pinging you every five minutes. Companies like Atlassian and

Google API keys in Android apps expose Gemini endpoints Acrobat Reader zero-day flaw exploited since December Cryptocurrency ATM company Bitcoin Depot reports cyberattack Check out our show notes here: https://cisoseries.com/cybersecurity-news-android-api-exposure-acrobat-reader-zero-day-bitcoin-depot-cyberattack/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Ransomware knocks Dutch healthcare vendor offline APT28 is keeping busy CIA quietly elevated its cyber espionage division Check out our show notes here: https://cisoseries.com/cybersecurity-news-chipsoft-popped-apt28-updates-cia-cyber-espionage-elevation/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Anthropic announces Project Glasswing U.S. seeks to slash CISA funding Russia-linked hackers hijack routers for passwords Check out our show notes here: https://cisoseries.com/cybersecurity-news-anthropics-project-glasswing-cisa-funding-in-doubt-routers-hijacked-for-passwords/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Drift says exploit was North Korean intelligence operation GitHub used in multi-stage attacks targeting South Korea Data leak threatened after Die Linke attack Check out our show notes here: https://cisoseries.com/cybersecurity-news-drift-blames-exploit-on-north-korea-github-attacks-target-south-korea-die-linke-breach-threatens-data-leak/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Link to episode page This week's Department of Know is hosted by Sarah Lane, with guests Jack Kufahl, CISO, Michigan Medicine, and Adam Palmer, CISO, First Hawaiian Bank. Missed the live show? Check it out on YouTube. Huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals

36 Malicious npm packages exploited to deploy persistent implants Hundreds of millions to be cut from CISA in proposed budget Hackers exploit React2Shell in automated credential theft campaign Check out our show notes here: https://cisoseries.com/cybersecurity-news-malicious-npm-packages-cisa-budget-cuts-hackers-exploit-react2shell/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving.

250,000 affected by data Breach at Texas hospital CISA says, "patch Citrix NetScaler bug by Thursday" Researchers uncover mining operation using ISO lures Get the show notes here: https://cisoseries.com/cybersecurity-news-texas-hospital-breach-cisa-orders-netscaler-patch-iso-file-rat-warning/ Huge thanks to our sponsor, ThreatLocker Security controls fail when they break the business. Successful teams phase in protections gradually — starting with visibility, then moving to enforcement. That approach allows organizations to reduce risk without overwhelming IT teams or disrupting critical workflows. Learn more at ThreatLocker.com

Apple pushes new patches over DarkSword FBI: US surveillance hack is major incident Cisco code stolen in Trivy-linked breach Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-pushes-new-patches-over-darksword-fbi-us-surveillance-hack-is-major-incident-cisco-code-stolen-in-trivy-linked-breach/ Huge thanks to our sponsor, ThreatLocker Detection-based security assumes you'll catch an attack in time. Control-based security assumes you won't. That mindset shift is driving more organizations to focus on preventative controls — stopping unknown execution and unauthorized privilege elevation instead of relying solely on alerts after the fact. Learn more at ThreatLocker.com

HTTP client introduces malicious dependency TeamPCP testing the open source supply chain Claude source code leaked Get the show notes here: https://cisoseries.com/cybersecurity-news-axios-poisoned-teampcp-details-claude-code-leaked/ Huge thanks to our sponsor, ThreatLocker Least privilege isn't about distrusting users — it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more at ThreatLocker.com

macOS Terminal gets ClickFix attacks Russian court sentences 'Flint' over card fraud CareCloud probes data breach Get the show notes here: https://cisoseries.com/cybersecurity-news-macos-terminal-clickfix-attacks-russian-court-sentences-flint-carecloud-probes-data-breach/ Huge thanks to our sponsor, ThreatLocker Ransomware doesn't need to be sophisticated if it's allowed to execute. A growing number of security teams are shifting focus from detecting ransomware to preventing execution in the first place — controlling applications, scripts, and installers so unauthorized code never gets the chance to run. Learn more at ThreatLocker.com

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Dennis Pickett, vp, CISO, RTI International, and Jacob Combs, CISO, Tandem Diabetes Care Thanks to our show sponsor, ThreatLocker Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security — shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com All links and the video of this episode can be found on

FBI confirms theft of director's personal emails Lloyds customer data exposed in IT glitch Hundreds of valid API keys discovered on the Web Get the show notes here: https://cisoseries.com/cybersecurity-news-fbi-email-theft-lloyds-bank-glitch-api-keys-running-loose/ Huge thanks to our sponsor, ThreatLocker Most breaches don't start with a zero-day — they start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface: deciding what software should be allowed to execute and blocking everything else by default. Fewer unknowns means fewer opportunities for attackers. Learn more at ThreatLocker.com

Alleged RedLine dev extradited to US Red Menshen uses BPFDoor to spy Former NSA chiefs worry US cybersecurity is slipping Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-alleged-redline-dev-extradited-red-menshen-spies-with-bpfdoor-is-us-cybersecurity-slipping/ Huge thanks to our sponsor, ThreatLocker Security controls fail when they break the business. Successful teams phase in protections gradually — starting with visibility, then moving to enforcement. That approach allows organizations to reduce risk without overwhelming IT teams or disrupting critical workflows. Learn more at ThreatLocker.com

Torg Grabber targets crypto wallets TeamPCP backdoors LiteLLM GitHub adds AI security bug detection Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-torg-grabber-targets-crypto-teampcp-backdoors-litellm-github-ai-bug-detection/ Huge thanks to our sponsor, ThreatLocker Detection-based security assumes you'll catch an attack in time. Control-based security assumes you won't. That mindset shift is driving more organizations to focus on preventative controls — stopping unknown execution and unauthorized privilege elevation instead of relying solely on alerts after the fact. Learn more at ThreatLocker.com

FCC bans foreign routers Drone activity disrupts AWS region Crunchyroll confirmed data leak Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-fcc-router-ban-drone-hit-aws-crunchroll-leak/ Huge thanks to our sponsor, ThreatLocker Least privilege isn't about distrusting users — it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more at ThreatLocker.com

New DarkSword exploit hits GitHub Gemini AI agents scour the dark web Trivy supply chain attack expands Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-darksword-exploit-hits-github-gemini-ai-agents-scour-dark-web-trivy-supply-chain-attack-expands/ Huge thanks to our sponsor, ThreatLocker Ransomware doesn't need to be sophisticated if it's allowed to execute. A growing number of security teams are shifting focus from detecting ransomware to preventing execution in the first place — controlling applications, scripts, and installers so unauthorized code never gets the chance to run. Learn more at ThreatLocker.com

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Bil Harmer, CISO, Supabase, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security — shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com All links and the video of this episode can be found on CISO Series.com

Law enforcement seizes botnet infrastructure California city and LA transit agency report cybersecurity issues Microsoft Azure Monitor alerts used for callback phishing attacks Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-cybersecurity-news-international-botnet-takedown-california-city-ransomed-azure-monitor-phishing/ Huge thanks to our sponsor, ThreatLocker Most breaches don't start with a zero-day — they start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface: deciding what software should be allowed to execute and blocking everything else by default. Fewer unknowns means fewer opportunities for attackers. Learn more at

Critical Microsoft SharePoint flaw now exploited in attacks 1stProtect reveals endpoint security platform intended to prevent cyberattacks in real time CISA urges U.S. organizations to secure Microsoft Intune systems following Stryker breach Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-critical-sharepoint-flaw-real-time-cyberattack-prevention-cisas-intune-warning/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they

DarkSword emerges from suspected Russian hackers "ShieldGuard" dismantled after malware discovery North Korea's fake IT worker army rakes in $500M/year Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-darksword-emerges-shieldguard-dismantled-nk-it-worker-army-rakes-in-money/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the

Energy Department to release first cyber strategy Tech giants sign on to fight scammers Font-rendering hides malicious commands from AI in plain sight Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-energy-strategy-scammer-accord-font-rendering-attack/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery – especially within finance teams and

Stryker hospital tools safe, digital ordering services down Models apply to be the face of AI scams Cybercrime up 245% since Iran conflict Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-stryker-hospital-tools-safe-models-apply-to-power-ai-scams-cybercrime-up-245/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Today's phishing doesn't just hit inboxes — it can sound like your CFO or look like your CEO on Zoom. AI voices, video, and deepfakes are turning trust into

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jonathan Waldrop, CISO, Acoustic, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive

Payload Ransomware group claims breached of Royal Bahrain Hospital Canadian food retailer Loblaw confirms data breach New York cyber regulations for water organizations launch in 2027 Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-royal-bahrain-hospital-breach-canadas-loblaw-breached-new-york-water-laws/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice.

Iran boosts cyberattacks VENON targets Brazilian banks England Hockey investigates breach Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-iran-boosts-cyberattacks-venon-targets-brazilian-banks-england-hockey-investigates-breach/ Huge thanks to our sponsor, Dropzone AI If you are heading to RSAC next week, here are three things worth seeing at the Dropzone AI Diner. Booth 455, South Expo Hall. One: watch their AI SOC agents investigate real alerts live, with every reasoning step exposed. Two: meet the AI Threat Hunter, the newest agent joining the team. Three: enter the investigation competition and go head to head against

Meta apps offer new scam protection Google's Wiz acquisition finalized China curbs state-run OpenClaw use Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-meta-offers-scam-protection-googles-wiz-acquisition-finalized-china-curbs-openclaw-use/ Huge thanks to our sponsor, Dropzone AI Here is something worth asking any AI security vendor you meet at RSAC. Can you show me exactly what your AI did? Not just the verdict. The reasoning. Every tool it queried, every piece of evidence, every step it took to get there. Most cannot. Dropzone AI can. Every investigation is fully transparent. You do not have to

NSA and Cyber Command head confirmed Russians targeting encrypted messaging app users OpenAI rolls out vulnerability scanner Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-march-11-2026/ Huge thanks to our sponsor, Dropzone AI Remember yesterday's 3 AM threat intel? Here is how it plays out with Dropzone AI. The intelligence drops. Dropzone picks it up, turns it into a threat hunt, and runs it across your SIEM, EDR, and cloud data while your team sleeps. By morning, your analysts have answers, not a backlog. That is the AI Threat

InstallFix attacks spread fake Claude code sites UNC4899 breaches crypto firm via trojanized file UK launches cyber-fraud crackdown unit Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-installfix-spreads-fake-claude-sites-unc4899-breaches-crypto-uk-cyber-fraud-crackdown/ Huge thanks to our sponsor, Dropzone AI It is 3 AM. New threat intelligence drops. An attack pattern targeting your industry. Your threat hunting team is four people, all on day shift, and already behind on last week's hunts. By the time someone gets to it, the window for early detection has closed. The attacker is already inside. Tomorrow, I will

Link to episode page This week's Department of Know is hosted by Sarah Lane with guests John Barrow, CISO, JB Poindexter & Co., and Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University Thanks to our show sponsor, Dropzone AI Here is a number worth knowing before RSAC. The average enterprise SOC sees tens of thousands of alerts a day. Most get triaged. A fraction get thoroughly investigated. The rest sit in the queue or get auto-closed. Dropzone AI puts AI SOC agents on every one of

FBI investigates suspicious activities on agency network Over 100 GitHub repositories distributing BoryptGrab stealer Hackers abuse .arpa DNS and ipv6 to evade phishing defenses Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-fbi-network-breach-github-distributes-stealer-hackers-abuse-arpa/ Huge thanks to our sponsor, Dropzone AI Here is a number worth knowing before RSAC. The average enterprise SOC sees tens of thousands of alerts a day. Most get triaged. A fraction get thoroughly investigated. The rest sit in the queue or get auto-closed. Dropzone AI puts AI SOC agents on every one of those alerts.

Apple blocks ByteDance Chinese apps Google says 90 zero-days were exploited in attacks last year Iran intelligence backdoored U.S. bank, airport, software outfit networks Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-blocks-bytedance-googles-90-zero-days-iran-backdoors-u-s-organizations/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or

Possible iPhone-hacking toolkit used by spies Hacker mass-mails HungerRush extortion emails Tycoon 2FA phishing platform dismantled Get the show notes here: https://cisoseries.com/cybersecurity-news-iphone-hacking-toolkit-used-by-spies-hungerrush-extortion-emails-tycoon-phishing-platform-dismantled/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic

Quantum decryption gets theoretically easier OpenAI alters the deal with the Pentagon South Korea leaks crypto keys for all to see Get the show notes here: https://cisoseries.com/cybersecurity-news-quantum-decryption-openais-deal-south-korea-leaks-crypto-keys/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery – especially within finance teams and families. If the caller can't answer it, pause

Chrome unveils quantum-safe certificates Vulnerability allowed hijacking Gemini Live UK warns of Iranian cyberattack risks Get the show notes here: https://cisoseries.com/cybersecurity-news-chrome-quantum-safe-certificates-gemini-live-vulnerability-uk-warns-of-iranian-cyberattacks/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Today's phishing doesn't just hit inboxes — it can sound like your CFO or look like your CEO on Zoom. AI voices, video, and deepfakes are turning trust into the attack surface. Adaptive fights back with AI-driven risk scoring, deepfake simulations featuring your

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Dan Holden, CISO, Commerce, and Mark Eggleston, CISO, CSC Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. AI is rewriting the cybersecurity rulebook, because attackers can now scale persuasion as easily as they scale code. The real target isn't just your systems anymore; it's human trust. If you aren't actively testing your organization against AI-driven phishing,

Gottumukkala ousted as CISA Director Ron Wyden blocks Rudd confirmation to lead Cyber Command, NSA Hackers Weaponize Claude Code in Mexican government cyberattack Get the show notes here: https://cisoseries.com/cybersecurity-news-gottumukkala-ousted-wyden-blocks-rudd-hackers-weaponize-claude/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to

iPhone and iPad cleared for classified NATO work U.S. Education and Healthcare targeted with Dohdoor backdoor Trend Micro warns of critical Apex One code execution flaws Get links to all of today's news in our show notes here: https://cisoseries.com/cybersecurity-news-nato-adopts-apple-education-and-healthcare-backdoor-apex-one-flaws/ Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content

Google disrupts UNC2814 3M+ impacted by TriZetto breach Cisco bug exploited since 2023 Get links to all of today's news in our show notes here: Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights

Threat actors break out in under 30 minutes Claude allegedly hit with distillation attacks DeFi platform shutting down after crypto theft Get links to all of today's news in our show notes here: https://cisoseries.com/cybersecurity-news-hacked-in-30-minutes-claude-distillation-defi-shutdown-after-attack/ Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery – especially within finance teams and families.

140k affected by US healthcare breach Data advocates warn against replicating humans Shai-Hulud-like worm targets developers Get links to all of today's news in our show notes here: https://cisoseries.com/cybersecurity-news-us-healthcare-breach-affects-140k-experts-warn-against-replicating-humans-shai-hulud-like-worm-targets-devs/ Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Today's phishing doesn't just hit inboxes — it can sound like your CFO or look like your CEO on Zoom. AI voices, video, and deepfakes are turning trust into the attack surface. Adaptive fights back

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Montez Fitzpatrick, CISO, Navvis, and Peter Gregory, author. Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. AI is changing phishing, because persuasion now scales like code. And it's not just email anymore; attackers hit SMS, voice calls, and multi-step scams that jump channels. Adaptive runs AI-powered phishing simulations across email, SMS, and voice, including OSINT-based spearphishing

Arkanix Stealer – the new AI info-stealer experiment AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks Russia stepping up hybrid attacks, preparing for confrontation with West Get links to all of today's news in our show notes here: https://cisoseries.com/cybersecurity-news-arkanix-was-poc-600-fortinet-firewalls-breach-russia-heightens-tension/ Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default

CISA orders urgent patch of Dell flaw Android malware uses Gemini to navigate infected devices Half of all cyberattacks start in the browser, says Palo Alto Networks Get the full show notes here: https://cisoseries.com/cybersecurity-news-cisas-dell-order-android-ai-malware-browsers-as-weak-link/ Huge thanks to our sponsor, Conveyor Most of what Conveyor automates is boring. Like really boring. Security questionnaires. Customer requests for things like your SOC 2. All of their follow-up questions. Answering tickets from your sales team. You know what's not boring? Alteryx using Conveyor to support over half a billion dollars in enterprise deals with a