
Cybersecurity Headlines
Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Episodes
The Department of Know: PeopleSoft exploit, Ford brings back gray beards, LLM vetting
This week's Department of Know is hosted by Rich Stroffolino, with guests David Cross, CISO, Atlassian; Kathleen Mullin, Director, SABSA Institute; Montez Fitzpatrick, CISO, Navvis; and Howard Holton, former CEO, GigaOm. Get the show notes here: https://cisoseries.com/the-department-of-know-peoplesoft-exploit-ford-brings-back-gray-beards-llm-vetting/ Huge thanks to our sponsor, Silent Push Mo
Consumer security worries, Vought supervises spy budgets, Fortibleed exposes Fortinet
Card data theft remains top concern for U.S. consumers OMB chief to oversee spy agency budgets Fortibleed leads to ransomware attacks and 430,000 Fortinet firewalls exposed Get the show notes here: https://cisoseries.com/cybersecurity-news-consumer-security-worries-vought-supervises-spy-budgets-fortibleed-exposes-fortinet/ Huge thanks to our sponsor, Silent Push Most cybersecurity approaches are
Hide My Email bug shows real addresses, Fable 5 gets the greenlight, Microsoft Teams hits back on AI bots
Hide My Email bug shows real addresses Fable 5 gets the greenlight DHS confirms hackers breached HSIN Get the show notes here: https://cisoseries.com/cybersecurity-news-hide-my-email-shows-real-addresses-fable-5-gets-greenlight-microsoft-teams-hits-back-on-bots/ Huge thanks to our sponsor, Silent Push Most cybersecurity approaches are completely reactive. Victim organizations are hit with an att
Bash hits AI, DHS announces ANCHOR-CI, Aikido buys Root
Bash can spell trouble GNU for AI agents DHS to unveil critical infrastructure council Aikido buys Root Get the show notes here: https://cisoseries.com/cybersecurity-news-bash-hits-ai-dhs-announces-anchor-ci-aikido-buys-root/ Huge thanks to our sponsor, Silent Push Most cybersecurity approaches are completely reactive. Victim organizations are hit with an attack and the chase ensues. Silen
US seizes illegal World Cup domains, WhatsApp offers usernames for phone privacy, $10M reward for Russia-based cyber campaign
US seizes illegal World Cup domains WhatsApp offers usernames for phone number privacy $10M reward for Russia-based cyber campaign Get the show notes here: https://cisoseries.com/cybersecurity-news-us-seizes-illegal-world-cup-domains-whatsapp-offers-usernames-for-phone-privacy-10m-reward-for-cyber-campaign/ Huge thanks to our sponsor, Silent Push Most cybersecurity approaches are completely reac
CISA's Cisco deadline, China's Mythos competitor, Amazon Q flaw
CISA sets urgent deadline to fix exploited Cisco flaw Chinese cybersecurity company claims it has a better-than-Mythos bug finder Amazon Q flaw enables cloud credential theft Get the show notes here: https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/ Huge thanks to our sponsor, Silent Push Most cybersecurity approaches are completely reactive.
ShinyHunters hits MSG, Cal Water confirms no damage, CISA SASE guide
ShinyHunters hits Madison Square Garden Cal Water finds no evidence of OT activity New CISA guide helps agencies adopt SASE for Zero Trust Get the show notes here: https://cisoseries.com/cybersecurity-news-shinyhunters-hits-msg-cal-water-confirms-no-damage-cisa-sase-guide/ Huge thanks to our episode sponsor, Guardsquare Attackers are treating your mobile app like an open book. Sixty-three percent
Copilot AI attacks cybercrime tools, hackers exploit Cisco zero-day, China's 360 vs Mythos
Copilot AI knocks down cybercrime tools Hackers exploit Cisco zero-day China's 360 says it matches Anthropic's Mythos Get the show notes here: https://cisoseries.com/cybersecurity-news-copilot-ai-attacks-cybercrime-tools-hackers-exploit-cisco-zero-day-chinas-360-vs-mythos/ Huge thanks to our episode sponsor, Guardsquare AI is speeding up development, but at what cost? While ninety-six percent o
Feds seize scam infrastructure, Dragos unveils AI for OT security, Scattered Spider hackers plead guilty
Feds seize alleged cyber-scam infrastructure Dragos unveils AI for OT security Scattered Spider hackers plead guilty Get the show notes here: https://cisoseries.com/cybersecurity-news-feds-seize-scam-infrastructure-dragos-unveils-ai-for-ot-security-scattered-spider-hackers-plead-guilty/ Huge thanks to our episode sponsor, Guardsquare Is your mobile app truly protected? Relying on the OS isn't eno
OpenAI takes on Mythos, Klue hits security shops, Five Eyes has eyes on AI
OpenAI takes on Anthropic's Mythos Klue hack hits security shops Five Eyes has eyes on AI models Get the show notes here: https://cisoseries.com/cybersecurity-news-openai-takes-on-mythos-klue-hits-security-shops-five-eyes-has-eyes-on-ai/ Huge thanks to our episode sponsor, Guardsquare Your backend is only as secure as your frontend. Research shows that client-side compromise is now a primary driv
Brazil phone alert hack, Prinz Eugen ransomware, Congress deepfake bill
Hackers suspected in Brazil cell phone alert Prinz Eugen ransomware prioritizes recent files for encryption Congress presents bill to protect people from AI-generated deepfakes Get the show notes here: https://cisoseries.com/cybersecurity-news-brazil-phone-alert-hack-prinz-eugen-ransomware-congress-deepfake-bill/ Huge thanks to our episode sponsor, Guardsquare Mobile app security isn't just a tec
The Department of Know: SearchLeak, Check Point zero-day, and pulling the plug on Fable
This week's Department of Know is hosted by Rich Stroffolino, with guests Arif Hameed, CISO, C&R Software; Adam Palmer, CISO, First Hawaiian Bank; Jon Collins, Field CTO, GigaOm; and Jack Leidecker, EVP, CSO, Gainsight. Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's
Police clean WordPress sites, Klue OAuth breach, Warner's CISA warnings
Police clean ups SocGholish-infected sites tied to Evil Corp Klue OAuth breach linked to Icarus Salesforce data theft attacks Warner warns of CISA cuts, staffing gaps in letter to acting chief Get the show notes here: https://cisoseries.com/cybersecurity-news-police-clean-wordpress-sites-klue-oauth-breach-warners-cisa-warnings/ Huge thanks to our sponsor, ThreatLocker Every security leader is be
Anthropic tells G7 to cooperate, Fortinet VPN leak exposes credentials, Crypto Clipper abuses reviews
Anthropic tells G7 to cooperate Fortinet VPN leak exposes credentials Crypto Clipper abuses reviews, narrators, and comments Get the show notes here: https://cisoseries.com/cybersecurity-news-anthropic-tells-g7-to-cooperate-fortinet-vpn-leak-exposes-credentials-crypto-clipper-abuses-reviews/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now:
Athena coalition, Estonia's quarantine, Arch hit with malware
Athena coalition looks to secure open source Estonia to quarantine Russian email domains Malicious package wave hits Arch Linux Get the show notes here: https://cisoseries.com/cybersecurity-news-athena-coalition-estonias-quarantine-arch-hit-with-malware/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without
Anthropic models defended, FBI shuts down massive phishing service, 1Password acquires Apono
Cyber leaders defend Anthropic's banned models FBI disrupts massive phishing service 1Password acquires Apono Get the show notes here: https://cisoseries.com/cybersecurity-news-anthropic-models-defended-massive-phishing-service-shuttered-1password-acquires-apono/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation
Feds ban Fable, Maine portal disabled, ShinyHunters exploits Oracle
Feds require Anthropic to ban 'foreign national' access to Fable, Mythos Maine disables data breach notification portal after fake disclosures ShinyHunters extorts universities through exploiting an unpatched Oracle flaw Get the show notes here: Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating u
The Department of Know: CISA's quick patch, Miasma attacks, judge finds AI guilty
This week's Department of Know is hosted by Rich Stroffolino, with guests Brett Conlon, CISO, American Century Investments, and Jason Thomas, senior director, technology security, governance, and risk, Cystic Fibrosis Foundation. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at
Fortinet patches FortiSandbox, GitHub disables npm scripts, Nottingham University breach
Fortinet patches a new critical FortiSandbox flaw GitHub to disable npm install scripts by default to stop supply chain attacks Nottingham University announces data breach Get the show notes here: https://cisoseries.com/cybersecurity-news-fortinet-patches-fortisandbox-github-disables-npm-scripts-nottingham-university-breach/ Thanks to our episode sponsor, Doppel Social engineering attacks look t
Big Patch Tuesday, 'Nightmare Eclipse' drops Windows 0-day, Claude Fable restricted at Microsoft
Patch Tuesday for the books 'Nightmare Eclipse' drops Windows 0-day Claude Fable restricted at Microsoft Get the show notes here: https://cisoseries.com/cybersecurity-news-big-patch-tuesday-nightmare-eclipse-drops-windows-0-day-claude-fable-restricted-at-microsoft/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar
Fable 5, Tchap hacked, CISA priorities
Anthropic releases Claude Fable 5 French government messaging service breached CISA rethinking risk evaluations Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-fable-5-tchap-hacked-cisa-priorities/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees thro
Claude & Gemini malware, Mythos sneaky flaws, Instagram AI abuse
Microsoft malware hits Claude and Gemini users Mythos can exploit new flaws in hours AI tool abuse behind Instagram hacks Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-gemini-malware-mythos-sneaky-flaws-instagram-ai-abuse/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a cal
CISA Palantir Director, EU tech sovereignty, SolarWinds Serv-U flaw
Palantir executive considered for CISA leadership EU unveils tech sovereignty package to cut reliance on U.S., Chinese suppliers Hackers now exploit SolarWinds Serv-U flaw to crash servers Get the show notes here: https://cisoseries.com/cybersecurity-news-cisa-palantir-director-eu-tech-sovereignty-solarwinds-serv-u-flaw/ Thanks to our episode sponsor, Doppel Social engineering attacks look trus
The Department of Know: NVD audit, Meta's leaky AI, Microsoft is closer to quantum
This week's Department of Know is hosted by Rich Stroffolino, with guests Robb Dunewood, host, Daily Tech News Show, and David Cross, CISO, Atlassian. Get the show notes here. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Your team just added its 67th AI to
Chinese cybercrime group, Cisco CM flaw, CISA faces changes
Chinese cybercrime group sets record pace Cisco warns of critical Unified CM flaw with PoC exploit code Hackers spied on a stock exchange executive's Outlook mailbox for five months Get the show notes here: https://cisoseries.com/cybersecurity-news-chinese-cybercrime-group-cisco-cm-flaw-cisa-faces-changes/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfor
Illegal streamers, EU digital sovereignty, cost of a cyber force
Law enforcement cracks down on illegal streamers The European Commission releases digital sovereignty plan The startup costs for US cyber force Get the show notes here: https://cisoseries.com/cybersecurity-news-illegal-streamers-eu-digital-sovereignty-cost-of-a-cyber-force/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th securi
Russia claims officials' surveillance, Project Glasswing expands, CISA flags two-year-old Oracle flaw
Russia claims officials' surveillance Project Glasswing access expands CISA flags two-year-old Oracle flaw Get the show notes here: https://cisoseries.com/cybersecurity-news-russia-claims-officials-surveillance-project-glasswing-expands-cisa-flags-two-year-old-oracle-flaw/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security
Meta AI hands over Instagram access, Dutch police dismantle botnet, RedHat packages backdoored
Meta AI hands over Instagram account access Dutch police dismantle huge botnet RedHat packages get backdoored Get the show notes here: https://cisoseries.com/meta-ai-hands-over-instagram-access-dutch-police-dismantle-botnet-redhat-packages-backdoored/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The goo
GlobalProtect VPN exploited, ChatGPT share links exploits, Feds criticize NIST
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks ChatGPT share links used to host fake outage pages to deliver malware Federal audit reveals NIST's NVD problems Get the show notes here: https://cisoseries.com/cybersecurity-news-globalprotect-vpn-exploited-chatgpt-share-links-exploits-feds-criticize-nist/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th
The Department of Know: Google's CodeMender, CISA's big leak, Torvalds open-source warning
This week's Department of Know is hosted by Rich Stroffolino, with guests Bruce Schneier, chief of security architecture, Inrupt, and Chris Ray, field CTO, GigaOm. Missed the live show? Check it out on YouTube. Huge thanks to our sponsor, Guardsquare Mobile security incidents are no longer the exception—they are the norm. Last year, seventy-two percent of companies suffered a mobile app security
World Cup fraud, US military location targets, IBM and Red Hat go Project Lightwell
Fraud gang steals from World Cup fans Pentagon says US military targeted by location IBM and Red Hat commit to "Project Lightwell" Check out your show notes here: https://cisoseries.com/cybersecurity-news-world-cup-fraud-us-military-location-targets-ibm-and-red-hat-go-project-lightwell/ Huge thanks to our sponsor, Guardsquare Attackers are treating your mobile app like an open book. Sixty-three p
Glassworm botnet shattered, China overhauls surveillance, Charter confirms ShinyHunters breach
Glassworm botnet gets shattered China overhauls world's biggest surveillance network Charter confirms ShinyHunters data breach Check out your show notes here: https://cisoseries.com/cybersecurity-news-glassworm-botnet-shattered-china-overhauls-surveillance-charter-confirms-shinyhunters-breach/ Huge thanks to our sponsor, Guardsquare AI is speeding up development, but at what cost? While ninety-si
Nimbus Manticore, real-time credential harvesting, the 12-hour patch
Nimbus Manticore learning new tricks Phishing moves to real-time credential harvesting India wants 12-hour patches Check out your show notes here: https://cisoseries.com/cybersecurity-news-nimbus-manticore-real-time-credential-harvesting-12-hour-patches/ Huge thanks to our sponsor, Guardsquare Is your mobile app truly protected? Relying on the OS isn't enough. A global study of thirteen-hundred
Megalodon infects GitHub repositories, Netherlands seizes 800 servers, Ghost CMS exploited for ClickFix attacks
'Megalodon' infects GitHub repositories Netherlands seizes 800 servers over cyberattacks Ghost CMS exploited for ClickFix attacks Check out your show notes here: https://cisoseries.com/cybersecurity-news-megalodon-infects-github-netherlands-server-seize-ghost-cms-exploited-for-clickfix/ Huge thanks to our sponsor, Guardsquare Your backend is only as secure as your frontend. Research shows that cl
Drupal KEV addition, Underminr revives domain fronting, Canadian KimWolf arrest
CISA adds Drupal Core flaw to KEV Underminr hides malicious connections behind trusted domains Canadian man charged with running KimWolf DDoS botnet Check out your show notes here: https://cisoseries.com/cybersecurity-news-drupal-kev-addition-underminr-revives-domain-fronting-canadian-kimwolf-arrest/ Huge thanks to our sponsor, Guardsquare Mobile app security isn't just a tech issue; it's a reven
The Department of Know: Google's CodeMender, CISA's big leak, Torvalds open-source warning
This week's Department of Know is hosted by Rich Stroffolino, with guests Kathleen Mullin, former CISO, MyCareGorithm, and Nick Espinosa, host, Deep Dive Radio Show. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, ThreatLocker ThreatLo
Cisco's 10.0 vulnerability, Microsoft email spammed, Chrome vulnerability surge
Cisco issues 10.0 Secure Workload admin flaw warning Spammers abuse internal Microsoftonline account Google's surge in Chrome vulnerability announcements Get the show notes here: https://cisoseries.com/cybersecurity-news-ciscos-10-0-vulnerability-microsoft-email-spammed-chrome-vulnerability-surge/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint c
GitHub VS Code extension breach, Shai-Hulud npm package compromise, Huawei/Luxembourg telecom link
GitHub breach via VS Code extension Shai-Hulud wave compromises 600 npm packages Huawei attack behind Luxembourg telecom crash Get the show notes here: https://cisoseries.com/cybersecurity-news-github-vs-code-extension-breach-shai-hulud-npm-package-compromise-huawei-luxembourg-telecom-link/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control.
Microsoft hits Fox Tempest, robotics OS flaw, CISA admins leaks keys
Microsoft disrupts malware-signing-as-a-service Critical flaw found in industrial robot OS CISA admin leaks keys Get the show notes here: https://cisoseries.com/cybersecurity-news-microsoft-hits-fox-tempest-robotics-os-flaw-cisa-admins-leaks-keys/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust N
Linus Torvalds talks AI bug hunters, 7-Eleven ransom demand, MENA's new cybercrime op
Linus Torvalds not into AI bug hunters 7-Eleven hit with ransom demand MENA runs new cybercrime op Get the show notes here: https://cisoseries.com/cybersecurity-news-linus-torvalds-talks-ai-bug-hunters-7-eleven-ransom-demand-menas-new-cybercrime-op/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust N
Grafan GitHub extortion, Microsoft rejects Azure report, Funnel Builder flaw
Grafana GitHub token breach leads to extortion attempt Microsoft rejects Azure vulnerability report, researcher disputes decision Funnel Builder flaw actively exploited to steal payment data Get the show notes here: https://cisoseries.com/cybersecurity-news-grafan-github-extortion-microsoft-rejects-azure-report-funnel-builder-flaw/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is ext
The Department of Know: GemStuffer attack, AI SBOMs, and AI-created zero-days
This week's Department of Know is hosted by Rich Stroffolino, with guests Gary Chan, CISO, SSM Health and Peter Liebert, CISO, Salesloft. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, Doppel Social engineering attacks look trustworth
G7 releases AI SBOM, DELL SupportAssist BSOD, Dirty Frag sequel
G7 countries release AI SBOM guidance Dell confirms its SupportAssist software causes Windows BSOD crashes Dirty Frag sequel arrives as Fragnesia Get the show notes here: https://cisoseries.com/cybersecurity-news-g7-releases-ai-sbom-dell-supportassist-bsod-dirty-frag-sequel/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal e
Foxconn confirms factory attacks, BitLocker zero-day accesses protected drives, MDASH patches Windows flaws
Foxconn confirms North American factory attack BitLocker zero-day accesses protected drives MDASH patches 16 Windows flaws Get the show notes here: https://cisoseries.com/cybersecurity-news-foxconn-factory-attacks-bitlocker-zero-day-accesses-protected-drives-mdash-patches-windows-flaws/↗ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request,
Instructure's agreement, Shai Hulud campaign, OpenAI's Daybreak
Instructure reaches an "agreement" with ShinyHunters Shai Hulud campaign is back OpenAI launches Daybreak Get the show notes here: https://cisoseries.com/cybersecurity-news-instructures-agreement-shai-hulud-campaign-openais-daybreak/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Dop
A.I. software flaw hackers, Forza Horizon 6 leak, Linux kernel hit again
A.I. hackers find software flaw Xbox leaks 'Forza Horizon 6' Linux kernel hit by 2nd flaw Get the show notes here: https://cisoseries.com/cybersecurity-news-a-i-software-flaw-hackers-forza-horizon-6-leak-linux-kernel-hit-again/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel se
New cPanel vulnerabilities, JDownloader delivers malware, Schumer pushes DHS
CPanel, WHM release fixes for three new vulnerabilities Official JDownloader site serves malware to Windows and Linux users Sen. Schumer seeks DHS plan on AI cyber coordination Get the show notes here: https://cisoseries.com/cybersecurity-news-new-cpanel-vulnerabilities-jdownloader-delivers-malware-schumer-pushes-dhs/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look tru
The Department of Know: AI "transformation paradox," Copy Fail chaos, hacked lawnmowers
Link to the episode This week's Department of Know is hosted by Rich Stroffolino, with guests Jonathan Waldrop, CISO, Acoustic, and Jason Elrod, CISO, MultiCare Health System. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, Vanta Risk
PAN-OS RCE exploit , Poland water hacks, Ivanti EPMM flaw
PAN-OS RCE exploit under active use enabling root access and espionage Polish intelligence says hackers attacked water treatment control systems Ivanti warns of new EPMM flaw exploited in zero-day attacks Get the show notes here: https://cisoseries.com/cybersecurity-news-pan-os-rce-exploit-poland-water-hacks-ivanti-epmm-flaw/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and
Chrome installs AI model on devices, Daemon Tools disk app backdoored, crypto security exodus
Google Chrome installs 4GB AI model on devices Daemon Tools disk app backdoored in supply-chain attack Crypto's 'decentralised finance' sector hit by investor exodus Get the show notes here: Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one A
Video game supply chain attack, Bleeding Llama, US gets early LLM access
Video game platform hit by supply chain attack Bleeding Llama could expose your data US gets more early LLM access Get the show notes here: https://cisoseries.com/cybersecurity-news-video-game-supply-chain-attack-bleeding-llama-us-gets-early-llm-access/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automat
Instructure discloses breach, DigiCert revokes certificates, Silver Fox targets Indian and Russian orgs
Instructure discloses breach amid leak threats DigiCert revokes certificates Silver Fox targets Indian and Russian orgs Get the show notes here: https://cisoseries.com/cybersecurity-news-instructure-discloses-breach-digicert-revokes-certificates-silver-fox-targets-indian-and-russian-orgs/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security ju
Telegram Mini Apps malware, cPanel is Sorry, patch wave warning
Telegram Mini Apps deliver Android malware CISA orders Federal agencies to patch cPanel bug by Sunday British cyber agency warns of looming 'patch wave' due to speedy AI flaw discovery Get the show notes here: https://cisoseries.com/cybersecurity-news-telegram-mini-apps-malware-cpanel-is-sorry-patch-wave-warning/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers ex
The Department of Know: GitHub drama, AI deletes production data, Claude Security Beta
This week's Department of Know is hosted by Rich Stroffolino, with guests Janet Heins, CISO, ChenMed, and TC Niedzialkowski, Head of IT & Security, Opendoor. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Get the show notes here: https://cisoseries.com/cybersecur
Critical cPanel zero-day, Swiss Black Axe arrests, HHS data center questions
Critical cPanel and WHM bug exploited as zero-day Swiss police arrest suspected members of Black Axe group HHS ponders government posture for protecting data centers Get the show notes here: https://cisoseries.com/cybersecurity-news-critical-cpanel-zero-day-swiss-black-axe-arrests-hhs-data-center-questions/ Thanks to our episode sponsor, Guardsqaure Attackers are treating your mobile app like an
Roblox hackers arrested, Microsoft 0-day falls short, Dubai scam takedown
Hackers arrested for selling Roblox accounts Microsoft's patch for a 0-day falls short US & China partner on Dubai scam takedown Get the show notes here: https://cisoseries.com/cybersecurity-news-roblox-hackers-arrested-microsoft-0-day-falls-short-dubai-scam-takedown/ Thanks to our episode sponsor, Guardsqaure AI is speeding up development, but at what cost? While ninety-six percent of teams now
Agent payments, Russian phishing, LeRobot RCE flaw
FIDO Alliance working on securing AI agent payments Germany suspects Russia in Signal phishing RCE flaw in open-source robotics platform Get the show notes here: https://cisoseries.com/cybersecurity-news-agent-payments-russian-phishing-lerobot-rce-flaw/ Thanks to our episode sponsor, Guardsqaure Is your mobile app truly protected? Relying on the OS isn't enough. A global study of thirteen-hundr
PhantomRPC flaw, Checkmarx GitHub dark web data, PyPI package infostealer
PhantomRPC flaw enables privilege escalation Checkmarx confirms GitHub data hit dark web PyPI package hacked to push infostealer Get the show notes here: https://cisoseries.com/cybersecurity-news-phantomrpc-flaw-checkmarx-github-dark-web-data-pypi-package-infostealer/ Thanks to our episode sponsor, Guardsqaure Your backend is only as secure as your frontend. Research shows that client-side compro
ADT data breach, Toronto SMS blasting, pre-Stuxnet malware discovery
ADT says customer data stolen in cyberattack SMS blasting comes to Toronto Researchers find pre-Stuxnet malware targeting engineering software Get the show notes here: https://cisoseries.com/cybersecurity-news-adt-data-breach-toronto-sms-blasting-pre-stuxnet-malware-discovery/ Thanks to our episode sponsor, Guardsquare Mobile app security isn't just a tech issue; it's a revenue issue. A recent gl
The Department of Know: Vercel breach, a "Contagious Interview," and ghost breaches
Link to episode This week's Department of Know is hosted by Rich Stroffolino, with guests Brett Conlon, CISO, American Century Investments, and Michael Bickford, former CISO, New York State Gaming Commission. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge
Rituals cosmetics breach, FBI iOS flaw fixed, Teams Helpdesk impersonation
Cosmetics giant Rituals discloses data breach Apple fixes iOS flaw exploited by the FBI Microsoft Teams Helpdesk impersonation Get the show notes here: https://cisoseries.com/cybersecurity-news-rituals-cosmetics-breach-fbi-ios-flaw-fixed-teams-helpdesk-malware-impersonation/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent
New OpenAI cyber product, unauthorized Mythos access, insurers to cap LLMjacking payouts
OpenAI shares cyber product with government orgs Unauthorized Mythos access, Firebox bugs fixed by Mythos Insurers move to cap LLMjacking cyber payouts Get the show notes here: https://cisoseries.com/cybersecurity-news-new-openai-cyber-product-unauthorized-mythos-access-insurers-to-cap-llmjacking-payouts/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpo
CISA lacks Mythos, Lovable's leak by design, YouTube's deepfake detection
CISA lacks Mythos access Lovable denies data leak YouTube opens up deepfake detection tool Get the show notes here: https://cisoseries.com/cybersecurity-news-cisa-lacks-mythos-lovables-leak-by-design-youtubes-deepfake-detection/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Network Access and Zero Tr
Vercel breach, ZionSiphon targets water infrastructure, Bluesky DDoS
Vercel confirms breach, stolen data for sale ZionSiphon targets water infrastructure Bluesky blames outage on DDoS Get the show notes here: https://cisoseries.com/cybersecurity-news-vercel-breach-zionsiphon-targets-water-infrastructure-bluesky-ddos/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Netwo
London hospital ransomware legacy, PowerOFF takedown, Microsoft RedSun zero-day
London hospitals continue to suffer from 2024 ransomware attack Four arrested in PowerOFF takedown Microsoft Defender "RedSun" zero-day Get the show notes here: https://cisoseries.com/cybersecurity-news-london-hospital-ransomware-legacy-poweroff-takedown-microsoft-redsun-zero-day/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their
The Department of Know: Mythos Mayhem, critical infrastructure targeted, NVD changes
Link to episode page This week's Department of Know is hosted by Rich Stroffolino, with guests Andrew Storms, security engineering, Kilo Code, and Eduardo Ortiz-Romeu, VP, global head of cybersecurity, Techtronic Industries. Missed the live show? Check it out on YouTube. Huge thanks to our sponsor, Conveyor Happy Friday. Hope there isn't a fresh security questionnaire sitting in your inbox righ
Cisco Webex warning, Splunk's Enterprise fix, Git spoof tricks Claude
Cisco posts urgent Webex Services warning Splunk issues fixes for Enterprise vulnerability Git identity spoof tricks Claude into approving bad code Get the show notes here: https://cisoseries.com/cybersecurity-news-cisco-webex-warning-splunks-enterprise-fix-git-spoof-tricks-claude/ Huge thanks to our sponsor, Conveyor Happy Friday. Hope there isn't a fresh security questionnaire sitting in your
OpenAI's GPT-5.4-Cyber, McGraw Hill blames Salesforce for breach, signed adware disables antivirus
OpenAI rolls out GPT-5.4-Cyber McGraw Hill breach due to Salesforce misconfig Signed adware operation disables antivirus Get the show notes here: https://cisoseries.com/cybersecurity-news-openais-gpt-5-4-cyber-mcgraw-hill-blames-salesforce-for-breach-signed-adware-disables-antivirus/ Huge thanks to our sponsor, Conveyor At some point, every fast-growing SaaS team hits the same wall. The trust ce
Ransomware drama, faked Ledger app, Treasury wants Mythos
Ransomware rivals turn on each other Fake Ledger app drains millions in crypto US Treasury wants access to Mythos Get the show notes here: https://cisoseries.com/cybersecurity-news-ransomware-drama-faked-ledger-app-treasury-wants-mythos/ Huge thanks to our sponsor, Conveyor Your trust center was a great start. But if your team is still manually answering questionnaires and fielding sales quest
Claude Mythos Preview's capabilities, Anodot breached companies face extortion, wolfSSL flaw enables forged certificates
Claude Mythos Preview's cyber capabilities Anodot hack leaves breached companies facing extortion wolfSSL library flaw enables forged certificate use Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-mythos-previews-capabilities-anodot-breached-companies-face-extortion-wolfssl-flaw-enables-forged-certificates/ Huge thanks to our sponsor, Conveyor Three tools to manage cus
The Department of Know is Moving to Fridays
A quick announcement: we're moving our Department of Know livestream to Fridays at 4pm ET/1 pm PT. The format will remain the same. We hope to see you there.
Adobe patches zero-day, Marimo flaw exploited, Venice flood threat
Adobe patches months-old Reader zero-day Critical Marimo flaw now under active exploitation Hackers claim control over Venice anti-flood pumps Get the show notes here: https://cisoseries.com/cybersecurity-news-adobe-patches-zero-day-marimo-flaw-exploited-venice-flood-threat/ Huge thanks to our sponsor, Conveyor Still manually filling out security questionnaires even though you have a trust cente
Android API exposure, Acrobat Reader zero-day, Bitcoin Depot cyberattack
Google API keys in Android apps expose Gemini endpoints Acrobat Reader zero-day flaw exploited since December Cryptocurrency ATM company Bitcoin Depot reports cyberattack Check out our show notes here: https://cisoseries.com/cybersecurity-news-android-api-exposure-acrobat-reader-zero-day-bitcoin-depot-cyberattack/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and custome
ChipSoft popped, APT28 updates, CIA cyber espionage elevation
Ransomware knocks Dutch healthcare vendor offline APT28 is keeping busy CIA quietly elevated its cyber espionage division Check out our show notes here: https://cisoseries.com/cybersecurity-news-chipsoft-popped-apt28-updates-cia-cyber-espionage-elevation/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's
Anthropic's Project Glasswing, CISA funding in doubt, routers hijacked for passwords
Anthropic announces Project Glasswing U.S. seeks to slash CISA funding Russia-linked hackers hijack routers for passwords Check out our show notes here: https://cisoseries.com/cybersecurity-news-anthropics-project-glasswing-cisa-funding-in-doubt-routers-hijacked-for-passwords/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to d
Drift blames exploit on North Korea, GitHub attacks target South Korea, Die Linke breach threatens data leak
Drift says exploit was North Korean intelligence operation GitHub used in multi-stage attacks targeting South Korea Data leak threatened after Die Linke attack Check out our show notes here: https://cisoseries.com/cybersecurity-news-drift-blames-exploit-on-north-korea-github-attacks-target-south-korea-die-linke-breach-threatens-data-leak/ Huge thanks to our episode sponsor, Vanta Risk and regulat
Department of Know: Axios malware, TeamPCP campaign, New Storm infostealer
Link to episode page This week's Department of Know is hosted by Sarah Lane, with guests Jack Kufahl, CISO, Michigan Medicine, and Adam Palmer, CISO, First Hawaiian Bank. Missed the live show? Check it out on YouTube. Huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer
Malicious npm packages, CISA budget cuts, hackers exploit React2Shell
36 Malicious npm packages exploited to deploy persistent implants Hundreds of millions to be cut from CISA in proposed budget Hackers exploit React2Shell in automated credential theft campaign Check out our show notes here: https://cisoseries.com/cybersecurity-news-malicious-npm-packages-cisa-budget-cuts-hackers-exploit-react2shell/ Huge thanks to our episode sponsor, Vanta Risk and regulation ram
Texas hospital breach, CISA orders NetScaler patch, ISO file RAT warning
250,000 affected by data Breach at Texas hospital CISA says, "patch Citrix NetScaler bug by Thursday" Researchers uncover mining operation using ISO lures Get the show notes here: https://cisoseries.com/cybersecurity-news-texas-hospital-breach-cisa-orders-netscaler-patch-iso-file-rat-warning/ Huge thanks to our sponsor, ThreatLocker Security controls fail when they break the business. Successfu
New iOS patches over DarkSword, FBI: surveillance hack is major incident, Cisco code stolen in Trivy-linked breach
Apple pushes new patches over DarkSword FBI: US surveillance hack is major incident Cisco code stolen in Trivy-linked breach Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-pushes-new-patches-over-darksword-fbi-us-surveillance-hack-is-major-incident-cisco-code-stolen-in-trivy-linked-breach/ Huge thanks to our sponsor, ThreatLocker Detection-based security assumes you'll
Recommended

پادکست بهزاد بلور | Behzad Bolour's Podcast

The Rabbit Hole: Conspiracy Theories

The Swerve Podcast: Obscure Topics | Conspiracy Theories

The Bread and Banter Podcast

The Conspiracy Podcast

Cult of Conspiracy

Dispatches from Reality

The Conspiracy Files

TechnoSnobCast

The Young and Called Podcast .

Snoop Dogg - Flash Biográfico

Deadline: White House