Latest from todaynewsAttackers probing backdoor flaw in popular Cisco Smart Licensing Utility, warns SANSInformation on the critical flaw was made public in September; patches should be applied ASAP, says SANS Technology Institute.By John E. Dunn21 Mar 20251 minNetwork SecurityVulnerabilities news CISA marks NAKIVO’s critical backup vulnerability as actively exploitedBy Shweta Sharma21 Mar 20253 minsSecurityVulnerabilitiesfeature 11 hottest IT security certs for higher pay todayBy Eric Frank21 Mar 202511 minsCertificationsIT SkillsIT Training newsDevelopers: apply these 10 mitigations first to prevent supply chain attacksBy Howard Solomon 20 Mar 20251 minDevopsSoftware DevelopmentThreat and Vulnerability Management news analysisCritical remote code execution flaw patched in Veeam backup serversBy Lucian Constantin 20 Mar 20254 minsData and Information SecurityRemote Access SecurityVulnerabilities newsSignal threatens to leave France if encryption backdoor requiredBy Evan Schuman 20 Mar 20251 minData PrivacyData and Information SecurityEncryption newsNew Windows zero-day feared abused in widespread espionage for yearsBy Shweta Sharma 20 Mar 20253 minsSecurityWindows SecurityZero-Day Vulnerabilities newsUK cyber agency suggests 2035 deadline to move to quantum-safe encryption, warns of threatsBy Prasanth Aby Thomas 20 Mar 20253 minsEncryptionSecurity featureHow CISOs are approaching staffing diversity with DEI initiatives under pressureBy Linda Rosencrance 20 Mar 20259 minsCSO and CISOHuman ResourcesIT Leadership CSO Executive Sessions videoCSO Executive Sessions: How AI and LLMs are affecting security in the financial services industryMandy Andress – CISO at Elastic – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about how large language models are offering a countermeasure against AI risks, how banks can integrate them with existing SIEM systems, and more. 20 Mar 2025 13 minsCSO and CISOFinancial Services IndustrySecurity Operations Center CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 2025 27 minsSecurity CSO Executive Sessions: How should software solution providers keep themselves and their enterprise clients safe? 26 Jan 2025 18 minsSecurity CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 2024 15 minsCritical InfrastructureIT GovernanceSupply ChainSee all videos More security newsnewsAbout 22k WAB customers impacted by a zero-day attack on a third-party vendorIn letters to the affected customers, Western Alliance Bank said sensitive information including their financial account and social security numbers may have been compromised.By Shweta Sharma 19 Mar 2025 4 minsData BreachSecurityZero-Day VulnerabilitiesnewsGitHub suffers a cascading supply chain attack compromising CI/CD secretsThe CISA has confirmed that the cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.By Gyana Swain 19 Mar 2025 1 minData BreachDeveloperSecuritynews analysisCritical vulnerability in AMI MegaRAC BMC allows server takeoverAMI MegaRAC baseband management controller vulnerability enables attackers to bypass authentication on the Redfish API and deploy malware implants or brick servers.By Lucian Constantin 18 Mar 2025 6 minsAuthenticationVulnerabilitiesnewsCloudflare expands security portfolio with network-powered posture managementCloudflare enters security posture management arena using network-based discovery.By Sean Michael Kerner 18 Mar 2025 1 minCloud SecuritynewsAlphabet agrees to buy Israel’s Wiz, expanding its cloud security reachWiz had rejected the previous proposal in July 2024 due to regulatory concerns.By Prasanth Aby Thomas 18 Mar 2025 3 minsCloud SecurityMergers and AcquisitionsTechnology IndustrynewsTomcat PUT to active abuse as Apache deals with critical RCE flawThe vulnerability affecting Apache Tomcat can be exploited with a simple PUT request to achieve full RCE.By Shweta Sharma 18 Mar 2025 3 minsVulnerabilitiesnewsAlphabet in advanced talks to buy Israel’s Wiz, expanding cloud security reachWiz had rejected the previous proposal in July 2024 due to regulatory concerns.By Prasanth Aby Thomas 18 Mar 2025 3 minsCloud SecurityMergers and AcquisitionsTechnology Industrynews analysisAttack time frames are shrinking rapidly. Here’s how cyber teams can copeWith attackers spending far less time hidden in systems, organizations must break down security silos and increase cross-tool integration to accelerate detection and response.By David Strom 18 Mar 2025 6 minsCyberattacksMalwareVulnerabilitiesnewsWhite House exempts cyber pros from mass layoffs; Judge reinstates CISA firingsEven as the Trump administration continues its campaign to fire government workers, a judge’s ruling and a White House plea offer a glimmer of hope that federally employed infosec professionals may be spared the worst of DOGE’s slash-and-burn strategy.By Cynthia Brumfield 17 Mar 2025 4 minsGovernment ITSecuritynewsThousands of open source projects at risk from hack of GitHub Actions toolResearchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.By Howard Solomon 17 Mar 2025 1 minData BreachGitHubOpen SourcenewsFCC creates national security council to counter cyber threats from ChinaThe new cross-agency initiative emerges months after the disbanding of previous cybersecurity advisory bodies.By Gyana Swain 17 Mar 2025 5 minsSecurityTechnology IndustrynewsGitHub accounts targeted with fake security alertsThe alerts trick users into authorizing a malicious OAuth application capable of a full account takeover.By Shweta Sharma 17 Mar 2025 2 minsPhishingSecurity Show more Show less Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy View all topics Spotlight: Managing Modern Risks Articles Buyer’s Guide Staying secure is of course critical, but there are many risks beyond security that enterprise IT must consider. We explore emerging risks that warrant your attention. View all Popular topicsCybercrime newsUS charges 12 Chinese hackers in major government-backed espionage campaignBy Gyana Swain 06 Mar 2025 5 minsCybercrimeSecurity newsMicrosoft files lawsuit against LLMjacking gang that bypassed AI safeguardsBy Lucian Constantin 28 Feb 2025 4 minsCybercrimeGenerative AIThreat and Vulnerability Management newsFake captcha attacks are increasing, say expertsBy Howard Solomon 20 Feb 2025 6 minsCyberattacksCybercrimeMalware View topic Careers feature8 obstacles women still face when seeking a leadership role in ITBy Christina Wood 07 Mar 2025 2 minsCareersIT Leadership news analysis60% of cybersecurity pros looking to change employersBy John Leyden 06 Mar 2025 5 minsCareersIT Leadership featureThe CSO guide to top security conferencesBy CSO Staff 28 Feb 2025 10 minsApplication SecurityEventsTechnology Industry View topic IT Leadership featureThat breach cost HOW MUCH? How CISOs can talk effectively about a cyber incident’s tollBy Cynthia Brumfield 19 Mar 2025 8 minsBusiness IT AlignmentC-SuiteCSO and CISO feature7 misconceptions about the CISO roleBy Esther Shein 17 Mar 2025 11 minsBusiness IT AlignmentCSO and CISORisk Management opinionThe cybersecurity product sales process is broken, but it doesn’t have to beBy Tyler Farrar 12 Mar 2025 6 minsBusiness IT AlignmentBusiness Process ManagementCSO and CISO View topic In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Fortinet Public-private partnerships: A catalyst for industry growth and maturity By Derek Manky 20 Mar 20255 mins Security opinion DOGE’s cost-cutting database dives offer cybersecurity pros vital lessons in cloud security By Susan Bradley 20 Mar 20255 mins Access ControlCloud SecurityIdentity and Access Management brandpost Sponsored by CyberNewsWire SpyCloud’s 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats By Cyber NewsWire – Paid Press Release 19 Mar 20256 mins CyberattacksSecurity podcast CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry 20 Mar 202513 mins CSO and CISOFinancial Services IndustrySecurity Operations Center podcast CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 1) 04 Nov 202419 mins Critical InfrastructureSecuritySupply Chain video CSO Executive Sessions: Standard Chartered’s Alvaro Garrido on cybersecurity in the financial services industry 23 Oct 202410 mins Financial Services IndustrySecurity video CSO Executive Sessions: New World Development’s Dicky Wong on securing critical infrastructure 16 Oct 202412 mins Critical InfrastructureSecurity