Latest from todayfeature11 hottest IT security certs for higher pay todayCybersecurity certifications can pave a path to lucrative career advancement. But timing the job market with the right credentials can be challenging. Here are the certs providing the largest pay boosts right now.By Eric Frank21 Mar 202511 minsCertificationsIT SkillsIT Training feature How CISOs are approaching staffing diversity with DEI initiatives under pressureBy Linda Rosencrance20 Mar 20259 minsCSO and CISOHuman ResourcesIT Leadershipfeature That breach cost HOW MUCH? How CISOs can talk effectively about a cyber incident’s tollBy Cynthia Brumfield19 Mar 20258 minsBusiness IT AlignmentC-SuiteCSO and CISO news analysisCritical remote code execution flaw patched in Veeam backup serversBy Lucian Constantin 20 Mar 20254 minsData and Information SecurityRemote Access SecurityVulnerabilities newsNew Windows zero-day feared abused in widespread espionage for yearsBy Shweta Sharma 20 Mar 20253 minsSecurityWindows SecurityZero-Day Vulnerabilities opinionDOGE’s cost-cutting database dives offer cybersecurity pros vital lessons in cloud securityBy Susan Bradley 20 Mar 20255 minsAccess ControlCloud SecurityIdentity and Access Management news analysisAttack time frames are shrinking rapidly. Here’s how cyber teams can copeBy David Strom 18 Mar 20256 minsCyberattacksMalwareVulnerabilities featureNot all cuts are equal: Security budget choices disproportionately impact riskBy John Leyden 18 Mar 20258 minsBudgetData BreachIT Strategy feature7 misconceptions about the CISO roleBy Esther Shein 17 Mar 202511 minsBusiness IT AlignmentCSO and CISORisk Management More security newsnewsAttackers probing backdoor flaw in popular Cisco Smart Licensing Utility, warns SANSInformation on the critical flaw was made public in September; patches should be applied ASAP, says SANS Technology Institute.By John E. Dunn 21 Mar 2025 1 minNetwork SecurityVulnerabilitiesnewsCISA marks NAKIVO’s critical backup vulnerability as actively exploitedIt took NAKIVO over a month to acknowledge the vulnerability and “silently” patch it.By Shweta Sharma 21 Mar 2025 3 minsSecurityVulnerabilitiesnewsDevelopers: apply these 10 mitigations first to prevent supply chain attacksCurrent cybersecurity development risk frameworks don’t cover all of the tactics hackers used to compromise SolarWinds, log4j, or XZ Utils, says report, which offers a 'starter kit' of critical tasks. By Howard Solomon 20 Mar 2025 1 minDevopsSoftware DevelopmentThreat and Vulnerability ManagementnewsSignal threatens to leave France if encryption backdoor requiredJust as it did with Sweden, Signal is refusing to stay in a territory that undermines its encryption strategy arguing that a backdoor in France would undermine protections for users worldwide.By Evan Schuman 20 Mar 2025 1 minData PrivacyData and Information SecurityEncryptionnewsUK cyber agency suggests 2035 deadline to move to quantum-safe encryption, warns of threatsThe total cost of migration could be substantial, making early budgeting essential for enterprises.By Prasanth Aby Thomas 20 Mar 2025 3 minsEncryptionSecuritynewsAbout 22k WAB customers impacted by a zero-day attack on a third-party vendorIn letters to the affected customers, Western Alliance Bank said sensitive information including their financial account and social security numbers may have been compromised.By Shweta Sharma 19 Mar 2025 4 minsData BreachSecurityZero-Day VulnerabilitiesnewsGitHub suffers a cascading supply chain attack compromising CI/CD secretsThe CISA has confirmed that the cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.By Gyana Swain 19 Mar 2025 1 minData BreachDeveloperSecuritynews analysisCritical vulnerability in AMI MegaRAC BMC allows server takeoverAMI MegaRAC baseband management controller vulnerability enables attackers to bypass authentication on the Redfish API and deploy malware implants or brick servers.By Lucian Constantin 18 Mar 2025 6 minsAuthenticationVulnerabilitiesnewsCloudflare expands security portfolio with network-powered posture managementCloudflare enters security posture management arena using network-based discovery.By Sean Michael Kerner 18 Mar 2025 1 minCloud SecuritynewsAlphabet agrees to buy Israel’s Wiz, expanding its cloud security reachWiz had rejected the previous proposal in July 2024 due to regulatory concerns.By Prasanth Aby Thomas 18 Mar 2025 3 minsCloud SecurityMergers and AcquisitionsTechnology IndustrynewsTomcat PUT to active abuse as Apache deals with critical RCE flawThe vulnerability affecting Apache Tomcat can be exploited with a simple PUT request to achieve full RCE.By Shweta Sharma 18 Mar 2025 3 minsVulnerabilitiesnewsAlphabet in advanced talks to buy Israel’s Wiz, expanding cloud security reachWiz had rejected the previous proposal in July 2024 due to regulatory concerns.By Prasanth Aby Thomas 18 Mar 2025 3 minsCloud SecurityMergers and AcquisitionsTechnology Industry Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics Spotlight: Managing Modern Risks Articles Buyer’s Guide Staying secure is of course critical, but there are many risks beyond security that enterprise IT must consider. We explore emerging risks that warrant your attention. View all Popular topicsGenerative AI how-toGenerative AI red teaming: Tips and techniques for putting LLMs to the testBy Chris Hughes 13 Mar 2025 8 minsGenerative AIHackingPenetration Testing newsMicrosoft files lawsuit against LLMjacking gang that bypassed AI safeguardsBy Lucian Constantin 28 Feb 2025 4 minsCybercrimeGenerative AIThreat and Vulnerability Management feature5 things to know about ransomware threats in 2025By Rosalyn Page 27 Feb 2025 9 minsData and Information SecurityGenerative AIRansomware View topic Cybercrime newsUS charges 12 Chinese hackers in major government-backed espionage campaignBy Gyana Swain 06 Mar 2025 5 minsCybercrimeSecurity newsFake captcha attacks are increasing, say expertsBy Howard Solomon 20 Feb 2025 6 minsCyberattacksCybercrimeMalware newsAuthorities seize Phobos and 8Base ransomware servers, arrest 4 suspectsBy Lucian Constantin 11 Feb 2025 3 minsCybercrimeRansomware View topic Careers feature8 obstacles women still face when seeking a leadership role in ITBy Christina Wood 07 Mar 2025 2 minsCareersIT Leadership news analysis60% of cybersecurity pros looking to change employersBy John Leyden 06 Mar 2025 5 minsCareersIT Leadership featureThe CSO guide to top security conferencesBy CSO Staff 28 Feb 2025 10 minsApplication SecurityEventsTechnology Industry View topic IT Leadership opinionThe cybersecurity product sales process is broken, but it doesn’t have to beBy Tyler Farrar 12 Mar 2025 6 minsBusiness IT AlignmentBusiness Process ManagementCSO and CISO featureCISOs and CIOs forge vital partnerships for business successBy Beth Stackpole 10 Mar 2025 10 minsBusiness IT AlignmentCSO and CISOIT Strategy featureWhat is risk management? Quantifying and mitigating uncertaintyBy Josh Fruhlinger 07 Mar 2025 10 minsIT Governance FrameworksIT LeadershipRisk Management View topic Upcoming Events15/May in-person event FutureIT Los Angeles15 May 2025The Biltmore Data and Information SecurityEvents 25/Jun in-person event FutureIT Dallas25 Jun 2025Union Station Application SecurityArtificial IntelligenceEvents 17/Jul in-person event FutureIT New York17 Jul 2025Convene-New York, NY Data and Information SecurityEvents View all events In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins CSO and CISOMultifactor AuthenticationRemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Fortinet Public-private partnerships: A catalyst for industry growth and maturity By Derek Manky 20 Mar 20255 mins Security brandpost Sponsored by CyberNewsWire SpyCloud’s 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats By Cyber NewsWire – Paid Press Release 19 Mar 20256 mins CyberattacksSecurity brandpost Sponsored by Tines New research reveals security's biggest AI challenges – and two potential solutions By Tines 18 Mar 20255 mins Security podcast CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry 20 Mar 202513 mins CSO and CISOFinancial Services IndustrySecurity Operations Center podcast CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO video CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry 20 Mar 202513 mins CSO and CISOFinancial Services IndustrySecurity Operations Center video CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security video CSO Executive Sessions: How should software solution providers keep themselves and their enterprise clients safe? 26 Jan 202518 mins Security