Latest from todayFeaturePolymorphic AI malware exists — but it’s not what you thinkUnderstanding AI malware and how to separate real operational risk from vendor hype.By Ax Sharma10 Dec 20259 minsCybercrimeGenerative AIMalware Feature Ignoring AI in the threat chain could be a costly mistake, experts warnBy Cynthia Brumfield9 Dec 20259 minsArtificial IntelligenceCyberattacksSecurityFeature Offensive security takes center stage in the AI eraBy Mary K. Pratt8 Dec 20258 minsArtificial IntelligenceSecuritySecurity Practices FeatureHow CISOs can prepare for the new era of short-lived TLS certificatesBy Andrada Fiscutean 3 Dec 20259 minsData and Information SecurityEncryptionNetwork Security How-ToKey questions CISOs must ask before adopting AI-enabled cyber solutionsBy Neal Weinberg 2 Dec 20259 minsApplication SecurityArtificial IntelligenceData and Information Security Feature12 signs the CISO-CIO relationship is broken — and steps to fix itBy Mary K. Pratt 1 Dec 202511 minsC-SuiteCSO and CISOSecurity Practices News AnalysisRCE flaw in OpenAI’s Codex CLI highlights new risks to dev environmentsBy Lucian Constantin 4 Dec 20255 minsArtificial IntelligenceGenerative AIVulnerabilities How-ToCSPM buyer’s guide: How to choose the best cloud security posture management toolsBy Linda Rosencrance and David Strom 27 Nov 202511 minsCloud SecurityData and Information SecurityThreat and Vulnerability Management News AnalysisAI browsers can be tricked with malicious prompts hidden in URL fragmentsBy Lucian Constantin 27 Nov 20255 minsArtificial IntelligenceBrowser SecurityEndpoint Protection More security newsnewsFortinet admins urged to update software to close FortiCloud SSO holesVulnerabilities could allow an attacker to bypass single sign-on login protection; users should disable SSO until patching is complete.By Howard Solomon 11 Dec 2025 4 minsAccess ControlIdentity and Access ManagementSingle Sign-onnewsMaking cybercrime illegal won't stop it; making cybersec research legal mayThe UK and Portugal are looking to give protection to ethical hackers to allow them to find and report vulnerabilities without fear of prosecution.By Maxwell Cooter 11 Dec 2025 5 minsCybercrimeGovernmentIndustrynews analysisHidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fixResearcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy classes also accept non-HTTP URLs, a behavior developers are responsible to guard against — but not likely to expect.By Lucian Constantin 11 Dec 2025 6 minsApplication SecuritySecuritySoftware DevelopmentnewsHundreds of Ivanti EPM systems exposed online as critical flaw patchedUnauthenticated attackers can hijack admin sessions at companies managing enterprise endpointsBy Gyana Swain 11 Dec 2025 5 minsEndpoint ProtectionSecurityVulnerabilitiesnewsGitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environmentsWiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud environments. By Taryn Plumb 10 Dec 2025 6 minsCloud SecurityGitHubSecuritynewsDecember Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploitedAttacker with local access could escalate privileges, Microsoft warns; analyst calls it ‘the most urgent concern’ this month.By Howard Solomon 10 Dec 2025 7 minsSecurity SoftwareThreat and Vulnerability ManagementZero-Day VulnerabilitiesnewsGemini for Chrome gets a second AI agent to watch over itGoogle acknowledged the prompt injection risks in its browsing assistant, deploying a ‘user alignment critic’ to vet its actionsBy Gyana Swain 10 Dec 2025 5 minsArtificial IntelligenceBrowser SecurityEndpoint ProtectionnewsManufacturing fares better against ransomware — with room for improvementAlthough defenses have improved, more than half of the affected manufacturing companies pay ransom, with 39% suffering data loss, according to a recent survey.By Julia Mutzbauer 9 Dec 2025 2 minsCybercrimeMalwareRansomwarenewsApache Tika hit by critical vulnerability thought to be patched months agoThe scope of an old PDF parsing flaw has been widened to include more Tika modules.By John E. Dunn 9 Dec 2025 3 minsApplication SecurityDevelopment ToolsVulnerabilitiesnewsKeep AI browsers out of your enterprise, warns GartnerThey’re already in use but may lead to “irreversible and untraceable” data loss, analysts said.By Gyana Swain 9 Dec 2025 5 minsArtificial IntelligenceBrowser SecurityEndpoint ProtectionnewsWarning: React2Shell vulnerability already being exploited by threat actorsIt has been seen spreading cryptojacking malware and in attempts to steal cloud credentials from compromised machines.By Howard Solomon 6 Dec 2025 5 minsCyberattacksCybercrimeDevelopment ToolsnewsInsecure use of Signal app part of wider Department of Defense problem, suggests Senate reportCommittee calls for a more comprehensive review of ‘shadow communication’ app use in DoD.By John E. Dunn 6 Dec 2025 4 minsGovernmentGovernment ITSecurity Practices Show more Show less Explore a topicApplication SecurityBusiness ContinuityBusiness OperationsCareersCloud SecurityComplianceCritical InfrastructureCybercrimeIdentity and Access ManagementIndustryIT LeadershipPhysical SecurityPrivacyRisk ManagementView all topics Spotlight: Making the most of multicloud Articles Buyer’s Guide For IT leaders navigating multicloud environments, success depends on strategic alignment across business units, robust governance frameworks, and proactive security postures. While multicloud offers agility and vendor flexibility, it also introduces challenges in visibility, compliance, and developer productivity. In this special report, you’ll learn how to take advantage of benefits of using multiple clouds, avoid common pitfalls, and ensure that multicloud is worth the investment. View all Popular topicsIT Leadership opinionCybersecurity isn’t underfunded — It’s undermanagedBy JC Gaillard 12 Dec 2025 7 minsC-SuiteCSO and CISOIT Strategy how-toHow to justify your security investmentsBy Chritstoph Schuhwerk 11 Dec 2025 6 minsC-SuiteCSO and CISOIT Leadership opinionHow can staff+ security engineers force-multiply their impact?By Priyank Desai 11 Dec 2025 10 minsIT LeadershipIT ManagementStaff Management View topic Generative AI opinionFrom code to boardroom: A GenAI GRC approach to supply chain riskBy Adetunji Adebayo 22 Nov 2025 7 minsGenerative AIIT GovernanceRisk Management newsAnthropic AI-powered cyberattack causes a stirBy Julia Mutzbauer 19 Nov 2025 2 minsCyberattacksCybercrimeGenerative AI newsAnthropic’s AI used in automated attacksBy Mikael Markander 15 Nov 2025 1 minArtificial IntelligenceGenerative AISecurity View topic Careers featureCoach or mentor: What you need depends on where you are as a cyber leaderBy Deb Radcliff 4 Dec 2025 8 minsC-SuiteCSO and CISOMentoring newsMicrosoft gives Windows admins a legacy migration headache with WINS sunsetBy John E. Dunn 2 Dec 2025 6 minsEndpoint ProtectionNetwork AdministratorWindows Security opinionThe CISO’s paradox: Enabling innovation while managing riskBy Solomon Adote 2 Dec 2025 6 minsC-SuiteCSO and CISOInnovation View topic Hear from the Experts FeatureBeyond CVE: The hunt for other sources of vulnerability intelWere the CVE program to be discontinued, security teams would have a hard time finding one resource that would function with the same impact across the board. Here are current issues of relying on CVE and some existing options to look into.By Jaikumar Vijayan30 Jun 20258 mins Threat and Vulnerability ManagementVulnerabilities Show me moreLatestArticlesPodcastsVideos opinion Behind the breaches: Case studies that reveal adversary motives and modus operandi By Suren Reddy11 Dec 20257 mins CyberattacksCybercrimeData Breach opinion Quantum meets AI: The next cybersecurity battleground By Nathaniel Adeniyi Akande11 Dec 20257 mins Data and Information SecurityEncryptionIT Strategy news analysis Key cybersecurity takeaways from the 2026 NDAA By Cynthia Brumfield10 Dec 202510 mins GovernmentGovernment ITSecurity podcast CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan Goodchild11 Dec 202527 mins CSO and CISOSecurity Infrastructure podcast Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan Goodchild4 Dec 202527 mins Artificial IntelligenceCSO and CISOPhishing podcast The Future of Cybersecurity Leadership: AI, Governance & Education | Kevin Powers, Boston College 20 Nov 202523 mins CyberattacksCybercrimeRisk Management video CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan Goodchild11 Dec 202527 mins CSO and CISOSecurity Infrastructure video Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan Goodchild4 Dec 202527 mins Artificial IntelligenceCSO and CISOPhishing video The Future of Cybersecurity Leadership: AI, Governance & Education | Kevin Powers, Boston College 20 Nov 202523 mins CyberattacksCybercrimeRisk Management