Latest from todayNews AnalysisCritical infrastructure under attack: Flaws becoming weapon of choiceWhile phishing and stolen credentials remain frequent points of entry, overexposure and poor patch management of critical systems are increasingly fueling attackers’ appetites for disruption.By John LeydenMay 23, 20257 minsCritical InfrastructureCyberattacksVulnerabilities Feature Top 12 US cities for cybersecurity job and salary growthBy Eric FrankMay 22, 202517 minsCareersIT JobsSalariesFeature Threat intelligence platform buyer’s guide: Top vendors, selection adviceBy David StromMay 21, 202510 minsEnterprise Buyer’s GuidesRisk ManagementThreat and Vulnerability Management News AnalysisPrompt injection flaws in GitLab Duo highlights risks in AI assistantsBy Lucian Constantin May 22, 20255 minsCode EditorsGenerative AISecurity NewsRussian APT28 compromised Western logistics and IT firms to track aid to UkraineBy Lucian Constantin May 22, 20255 minsIdentity and Access ManagementPhishingVulnerabilities NewsBadSuccessor: Unpatched Microsoft Active Directory attack enables domain takeoverBy Lucian Constantin May 21, 20257 minsActive DirectoryIdentity and Access ManagementVulnerabilities Feature4 ways to safeguard CISO communications from legal liabilitiesBy Cynthia Brumfield May 20, 20259 minsCSO and CISOLegalRegulation Feature8 security risks overlooked in the rush to implement AIBy John Leyden May 19, 20257 minsApplication SecurityData and Information SecurityRisk Management How-ToHow phones get hacked: 7 common attack methods explainedBy Josh Fruhlinger May 15, 202515 minsDLP SoftwareIdentity Management SolutionsiPhone More security newsnewsOver 91% of companies sacrifice hybrid cloud security in the AI adoption rushNew data shows that a surge in AI and hybrid cloud architectures is creating dangerous gaps, and security teams can’t keep up.By Mastufa Ahmed May 23, 2025 4 minsCloud SecuritySecuritynewsBeijing may have breached US government systems before Cityworks plugged a critical flawTalos' research revealed that Chinese hackers are actively exploiting the flaw to execute code and attempt persistence on vulnerable systems.By Shweta Sharma May 23, 2025 4 minsSecurityVulnerabilitiesnewsFeds and Microsoft crush Lumma Stealer that stole millions of passwordsLumma Stealer operation hit 400,000 computers worldwide before coordinated takedown shut down Russian cybercrime kingpin.By Gyana Swain May 22, 2025 4 minsCybercrimeSecuritynewsSamlify bug lets attackers bypass single sign-on The critical flaw can let an attacker authenticate as an admin with maximum system privileges.By Shweta Sharma May 22, 2025 3 minsIdentity and Access ManagementSecurityVulnerabilitiesnewsM&S says it will respond to April cyberattack by accelerating digital transformation plansAs the profit hit from the incident reaches $400 million, company says it will compress a two-year upgrade project into six months.By John E. Dunn May 21, 2025 2 minsCyberattacksDigital TransformationSecuritynewsCritical flaw in OpenPGP.js raises alarms for encrypted email servicesIt could pose a serious risk to services like Proton Mail that use OpenPGP.js for client-side encryption.By Prasanth Aby Thomas May 21, 2025 4 minsEncryptionVulnerabilitiesnewsTrust becomes an attack vector in the new campaign using trojanized KeePassThe attack’s success hinged on exploiting the assumed safety of open-source tools and the ease of impersonating legitimate software online.By Shweta Sharma May 21, 2025 4 minsMalwareSecuritynews analysisGitHub package limit put law firm in security bindA cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and respond.By Evan Schuman May 21, 2025 5 minsGitHubIdentity and Access ManagementSoftware DevelopmentnewsPoor DNS hygiene is leading to domain hijackingInfoblox says crooks are finding and taking over ‘dangling’ CNAME records for scams.By Howard Solomon May 20, 2025 7 minsCybercrimeMalwareSecuritynewsSkitnet malware: The new ransomware favoriteThe modular malware is tailor-made for ransomware as it features dedicated plugins for theft, encryption, and persistence. By Shweta Sharma May 20, 2025 3 minsMalwareRansomwareSecuritynewsEthical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworksDuring Pwn2Own hacking contest, participants were asked to compromise Microsoft Windows 11, Mozilla Firefox, VMware Workstation, NVIDIA Container Toolkit among other well-known systems.By Lucian Constantin May 19, 2025 7 minsHackingVulnerabilitiesZero-Day VulnerabilitiesnewsA spoof antivirus makes Windows Defender disable security scansIn a proof-of-concept, a security researcher demonstrated how the Windows Security Center API can be used to block the scans by Microsoft’s built-in antivirus tool. By Shweta Sharma May 19, 2025 3 minsAnti MalwareVulnerabilitiesWindows Security Show more Show less Explore a topicGenerative AIApplication SecurityBusiness ContinuityBusiness OperationsCareersCloud SecurityComplianceCritical InfrastructureCybercrimeIdentity and Access ManagementIndustryIT LeadershipNetwork SecurityPhysical SecurityView all topics Spotlight: Advancing IT Leadership Articles Buyer’s Guide Managing IT is very complex and requires great skill. Leading IT requires even more, as it goes beyond technology into business strategy and inspiring people. Get the latest insights here on effective IT leadership. View all Popular topicsGenerative AI newsAI in incident response: from smoke alarms to predictive intelligenceBy Shweta Sharma Apr 21, 2025 5 minsGenerative AIIncident ResponseSecurity featureTwo ways AI hype is worsening the cybersecurity skills crisisBy Aimee Chanthadavong Apr 21, 2025 9 minsArtificial IntelligenceCareersGenerative AI opinionWhen AI moves beyond human oversight: The cybersecurity risks of self-sustaining systemsBy Christopher Whyte Apr 18, 2025 7 minsCSO and CISOGenerative AISecurity Practices View topic Cybercrime brandpostSponsored by Action 1You’ve already been targeted: Why patch management is mission-critical May 20, 2025 4 minsCyberattacksCybercrimeEndpoint Protection news analysisCybercriminals switch up their top initial access vectors of choiceBy John Leyden Apr 25, 2025 6 minsCyberattacksIncident ResponsePhishing opinionWhy DEI is key for a cyber safe futureBy Bridget Chan, Camille Stewart Gloster and Katelyn Ringrose Apr 8, 2025 5 minsCybercrimeDiversity and InclusionHuman Resources View topic Careers featureThe rise of vCISO as a viable cybersecurity career pathBy Ericka Chickowski May 12, 2025 16 minsCSO and CISOCareersIT Leadership newsCrowdStrike cuts 500 jobs in AI pivot, but flags risksBy Mastufa Ahmed May 8, 2025 4 minsArtificial IntelligenceCareersIT Jobs featureNeurohacks to outsmart stress and make better cybersecurity decisionsBy Aimee Chanthadavong May 2, 2025 7 minsCSO and CISOCareersData Breach View topic IT Leadership opinionIndia-Pakistan conflict underscores your C-suite’s need to prepare for warBy Christopher Burgess May 8, 2025 7 minsBusiness ContinuityIT LeadershipRisk Management featureDownload the ‘AI-Savvy IT Leadership Strategies’ Enterprise SpotlightBy CIO staff May 1, 2025 1 minIT LeadershipIT Strategy featureReporting lines: Could separating from IT help CISOs?By Rosalyn Page Apr 28, 2025 8 minsCSO and CISOIT LeadershipSecurity View topic In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model Jun 28, 202315 mins CSO and CISOMultifactor AuthenticationRemote Work Ep. 04 Episode 4: Reduce SOC burnout Jun 28, 202315 mins CSO and CISOPhishingRemote Work Upcoming Events25/Jun in-person event FutureIT DallasJun 25, 2025Union Station Application SecurityArtificial IntelligenceEvents 17/Jul in-person event FutureIT New YorkJul 17, 2025Convene-New York, NY Data and Information SecurityEvents 11/Aug-13/Aug in-person event CIO 100 Symposium & AwardsAug 11, 2025Fairmont Princess, Scottsdale AZ Business ContinuityEventsIT Leadership View all events Show me moreLatestArticlesPodcastsVideos news CSO30 Australia Awards 2025: Nominations now open By Cathy O'SullivanMay 20, 20253 mins IT LeadershipSecurity news ‘Would rather pay bounty than ransom’: Coinbase on $20M extortion attempt By Shweta SharmaMay 16, 20253 mins RansomwareSecurity feature How to establish an effective AI GRC framework By Bob ViolinoMay 16, 202510 mins ComplianceIT GovernanceRisk Management podcast CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry Mar 20, 202513 mins CSO and CISOFinancial Services IndustrySecurity Operations Center podcast CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers Feb 12, 202527 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe Aug 7, 202417 mins CSO and CISO video Standard Chartered’s Alvaro Garrido on AI threats and what CIOs/CISOs must know in their AI journey Apr 10, 202514 mins CIOCSO and CISOFinancial Services Industry video CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry Mar 20, 202513 mins CSO and CISOFinancial Services IndustrySecurity Operations Center video CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers Feb 12, 202527 mins Security