Latest from todayFeaturePolymorphic AI malware exists — but it’s not what you thinkUnderstanding AI malware and how to separate real operational risk from vendor hype.By Ax SharmaDec 10, 20259 minsCybercrimeGenerative AIMalware Feature Ignoring AI in the threat chain could be a costly mistake, experts warnBy Cynthia BrumfieldDec 9, 20259 minsArtificial IntelligenceCyberattacksSecurityFeature Offensive security takes center stage in the AI eraBy Mary K. PrattDec 8, 20258 minsArtificial IntelligenceSecuritySecurity Practices News AnalysisKey cybersecurity takeaways from the 2026 NDAABy Cynthia Brumfield Dec 10, 202510 minsGovernmentGovernment ITSecurity NewsDecember Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploitedBy Howard Solomon Dec 9, 20257 minsSecurity SoftwareThreat and Vulnerability ManagementZero-Day Vulnerabilities NewsGitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environmentsBy Taryn Plumb Dec 9, 20256 minsCloud SecurityGitHubSecurity NewsManufacturing fares better against ransomware — with room for improvementBy Julia Mutzbauer Dec 9, 20252 minsCybercrimeMalwareRansomware NewsKeep AI browsers out of your enterprise, warns GartnerBy Gyana Swain Dec 8, 20255 minsArtificial IntelligenceBrowser SecurityEndpoint Protection NewsChinese cyberspies target VMware vSphere for long-term persistenceBy Lucian Constantin Dec 5, 20254 minsAdvanced Persistent ThreatsCyberattacksCybercrime More security newsnewsFortinet admins urged to update software to close FortiCloud SSO holesVulnerabilities could allow an attacker to bypass single sign-on login protection; users should disable SSO until patching is complete.By Howard Solomon Dec 10, 2025 4 minsAccess ControlIdentity and Access ManagementSingle Sign-onnewsMaking cybercrime illegal won't stop it; making cybersec research legal mayThe UK and Portugal are looking to give protection to ethical hackers to allow them to find and report vulnerabilities without fear of prosecution.By Maxwell Cooter Dec 10, 2025 5 minsCybercrimeGovernmentIndustrynews analysisHidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fixResearcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy classes also accept non-HTTP URLs, a behavior developers are responsible to guard against — but not likely to expect.By Lucian Constantin Dec 10, 2025 6 minsApplication SecuritySecuritySoftware DevelopmentopinionHow can staff+ security engineers force-multiply their impact?Consider some ideas on how to be an effective security leader who multiplies outcomes, not workloads.By Priyank Desai Dec 10, 2025 10 minsIT LeadershipIT ManagementStaff ManagementnewsHundreds of Ivanti EPM systems exposed online as critical flaw patchedUnauthenticated attackers can hijack admin sessions at companies managing enterprise endpointsBy Gyana Swain Dec 10, 2025 5 minsEndpoint ProtectionSecurityVulnerabilitiesopinionBehind the breaches: Case studies that reveal adversary motives and modus operandiThese breach case studies reveal cybercriminals are messy, conflicted and recruiting openly. Understanding their motives is key to staying ahead.By Suren Reddy Dec 10, 2025 7 minsCyberattacksCybercrimeData BreachopinionQuantum meets AI: The next cybersecurity battlegroundAs AI and quantum collide, we get huge leaps in power — along with a scramble to secure our data, trust the results and brace for a fast-approaching Q-Day.By Nathaniel Adeniyi Akande Dec 10, 2025 7 minsData and Information SecurityEncryptionIT StrategynewsGemini for Chrome gets a second AI agent to watch over itGoogle acknowledged the prompt injection risks in its browsing assistant, deploying a ‘user alignment critic’ to vet its actionsBy Gyana Swain Dec 9, 2025 5 minsArtificial IntelligenceBrowser SecurityEndpoint ProtectionopinionRacks, sprawl and the myth of redundancy: Why your failover isn’t as safe as you thinkToday’s outages hit harder, so smart redundancy — backed by good policies, automation and testing — is the only way to keep traffic flowing when things inevitably break.By Olatunde Olasehan Dec 9, 2025 8 minsBusiness ContinuityCloud SecuritySecurityfeatureSpotlight: Making the most of multicloudFor IT leaders navigating multicloud environments, success depends on strategic alignment across business units, robust governance frameworks, and proactive security postures. While multicloud offers agility and vendor flexibility, it also introduces challenges in visibility, compliance, and developer productivity. In this special report, you’ll learn how to take advantage of the benefits of using multiple clouds, avoid common pitfalls, and ensure that multicloud is worth the investment. By CSO Staff Dec 9, 2025 1 minCloud SecurityEnterprise Buyer’s GuidesnewsApache Tika hit by critical vulnerability thought to be patched months agoThe scope of an old PDF parsing flaw has been widened to include more Tika modules.By John E. Dunn Dec 8, 2025 3 minsApplication SecurityDevelopment ToolsVulnerabilitiesopinionWhen it comes to security resilience, cheaper isn’t always betterChasing the cheapest vendors feels great — until a breach wipes out the “savings”; real wins come when procurement bakes resilience into every decision.By Maman Ibrahim Dec 8, 2025 11 minsBudgetingIT ManagementSecurity Show more Show less Video on demand video CISO Reality: Record Pay, Rising Pressure, and Retention Risk In this edition of Cyber Sessions, host Joan Goodchild talks with IANS researcher Nick Kakolowski about why midmarket CISOs now earn record-high pay but are still are stretched thin by expanding responsibilities and limited resources. By Joan Goodchild Dec 10, 2025 27 minsCSO and CISOSecurity Infrastructure Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan Goodchild Dec 3, 2025 27 mins Artificial IntelligenceCSO and CISOPhishing The Future of Cybersecurity Leadership: AI, Governance & Education | Kevin Powers, Boston College Nov 19, 2025 23 mins CyberattacksCybercrimeRisk Management Inside Black Hat: Andy Ellis on vendor buzzwords, AI hype, and the future of the CISO role By Joan Goodchild Nov 12, 2025 31 mins Black HatCSO and CISOCyberattacks See all videos Explore a topicGenerative AIApplication SecurityBusiness ContinuityBusiness OperationsCareersCloud SecurityComplianceCritical InfrastructureCybercrimeIdentity and Access ManagementIndustryIT LeadershipNetwork SecurityPhysical SecurityView all topics Spotlight: Making the most of multicloud Articles Buyer’s Guide For IT leaders navigating multicloud environments, success depends on strategic alignment across business units, robust governance frameworks, and proactive security postures. While multicloud offers agility and vendor flexibility, it also introduces challenges in visibility, compliance, and developer productivity. In this special report, you’ll learn how to take advantage of benefits of using multiple clouds, avoid common pitfalls, and ensure that multicloud is worth the investment. View all Popular topicsGenerative AI news analysisRCE flaw in OpenAI’s Codex CLI highlights new risks to dev environmentsBy Lucian Constantin Dec 3, 2025 5 minsArtificial IntelligenceGenerative AIVulnerabilities opinionFrom code to boardroom: A GenAI GRC approach to supply chain riskBy Adetunji Adebayo Nov 21, 2025 7 minsGenerative AIIT GovernanceRisk Management newsAnthropic AI-powered cyberattack causes a stirBy Julia Mutzbauer Nov 18, 2025 2 minsCyberattacksCybercrimeGenerative AI View topic Cybercrime newsWarning: React2Shell vulnerability already being exploited by threat actorsBy Howard Solomon Dec 5, 2025 5 minsCyberattacksCybercrimeDevelopment Tools newsCoupang breach of 33.7 million accounts allegedly involved engineer insiderBy 이지현 and CSO Staff Dec 4, 2025 5 minsCyberattacksData BreachE-commerce Services newsSuspicious traffic could be testing CDN evasion, says expertBy Howard Solomon Dec 4, 2025 5 minsCybercrimeMalwareSecurity View topic Careers featureCoach or mentor: What you need depends on where you are as a cyber leaderBy Deb Radcliff Dec 4, 2025 8 minsC-SuiteCSO and CISOMentoring newsMicrosoft gives Windows admins a legacy migration headache with WINS sunsetBy John E. Dunn Dec 1, 2025 6 minsEndpoint ProtectionNetwork AdministratorWindows Security opinionThe CISO’s paradox: Enabling innovation while managing riskBy Solomon Adote Dec 1, 2025 6 minsC-SuiteCSO and CISOInnovation View topic IT Leadership how-toHow to justify your security investmentsBy Chritstoph Schuhwerk Dec 11, 2025 6 minsC-SuiteCSO and CISOIT Leadership opinionAvoiding the next technical debt: Building AI governance before it breaksBy Marco Túlio Moraes Dec 5, 2025 7 minsArtificial IntelligenceIT GovernanceRisk Management feature12 signs the CISO-CIO relationship is broken — and steps to fix itBy Mary K. Pratt Dec 1, 2025 11 minsC-SuiteCSO and CISOSecurity Practices View topic In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsCyber Sessions with Joan GoodchildCybersecurity is constantly evolving, and so are the leaders who shape it. Hosted by veteran journalist Joan Goodchild, Cyber Sessions brings candid conversations with top CISOs, strategists, and industry influencers. Each episode cuts through the noise to explore the trends, challenges, and leadership insights that define the future of security.4 episodesSecuritySecurity Practices Ep. 04 CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan Goodchild Jun 28, 202327 mins CSO and CISOSecurity Infrastructure Ep. 03 Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan Goodchild Jun 28, 202327 mins Artificial IntelligenceCSO and CISOPhishing Show me moreLatestArticlesPodcastsVideos interview Vaillant CISO: NIS2 complexity and lack of clarity endanger its mission By Julia MutzbauerDec 8, 20255 mins ComplianceData and Information SecurityLaws and Regulations news Insecure use of Signal app part of wider Department of Defense problem, suggests Senate report By John E. DunnDec 5, 20254 mins GovernmentGovernment ITSecurity Practices opinion Hardening browser security with zero-trust controls By Sunil GentyalaDec 5, 202514 mins Browser SecurityEndpoint ProtectionSecurity podcast CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan GoodchildDec 10, 202527 mins CSO and CISOSecurity Infrastructure podcast Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan GoodchildDec 3, 202527 mins Artificial IntelligenceCSO and CISOPhishing podcast The Future of Cybersecurity Leadership: AI, Governance & Education | Kevin Powers, Boston College Nov 19, 202523 mins CyberattacksCybercrimeRisk Management video CSO Executive Sessions ASEAN: Leading the Charge on Cyber Agility for Southeast Asia’s Digital Future By Estelle QuekOct 2, 202521 mins Cloud SecurityCyberattacksThreat and Vulnerability Management video CSO Executive Session ASEAN: Navigating the Cyber Battleground, Strengthening Southeast Asia’s Digital Defense By Estelle QuekSep 23, 202541 mins CyberattacksThreat and Vulnerability ManagementZero Trust video CSO Executive Session ASEAN: Navigating sophisticated cyberthreats in the Southeast Asia region By Estelle QuekSep 15, 202548 mins CybercrimeRansomware