Latest from todayHow-ToHow to justify your security investments Budget discussions are tiresome because cyber risks and expenses are rising in tandem. CISOs should therefore align their arguments with business objectives.By Chritstoph SchuhwerkDec 11, 20256 minsC-SuiteCSO and CISOIT Leadership News Fortinet admins urged to update software to close FortiCloud SSO holesBy Howard SolomonDec 10, 20254 minsAccess ControlIdentity and Access ManagementSingle Sign-onNews Making cybercrime illegal won't stop it; making cybersec research legal mayBy Maxwell CooterDec 10, 20255 minsCybercrimeGovernmentIndustry News AnalysisHidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fixBy Lucian Constantin Dec 10, 20256 minsApplication SecuritySecuritySoftware Development NewsHundreds of Ivanti EPM systems exposed online as critical flaw patchedBy Gyana Swain Dec 10, 20255 minsEndpoint ProtectionSecurityVulnerabilities OpinionBehind the breaches: Case studies that reveal adversary motives and modus operandiBy Suren Reddy Dec 10, 20257 minsCyberattacksCybercrimeData Breach OpinionQuantum meets AI: The next cybersecurity battlegroundBy Nathaniel Adeniyi Akande Dec 10, 20257 minsData and Information SecurityEncryptionIT Strategy FeaturePolymorphic AI malware exists — but it’s not what you thinkBy Ax Sharma Dec 10, 20259 minsCybercrimeGenerative AIMalware News AnalysisKey cybersecurity takeaways from the 2026 NDAABy Cynthia Brumfield Dec 10, 202510 minsGovernmentGovernment ITSecurity ArticlesnewsGitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environmentsWiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud environments. By Taryn Plumb Dec 9, 2025 6 minsCloud SecurityGitHubSecuritynewsDecember Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploitedAttacker with local access could escalate privileges, Microsoft warns; analyst calls it ‘the most urgent concern’ this month.By Howard Solomon Dec 9, 2025 7 minsSecurity SoftwareThreat and Vulnerability ManagementZero-Day VulnerabilitiesnewsGemini for Chrome gets a second AI agent to watch over itGoogle acknowledged the prompt injection risks in its browsing assistant, deploying a ‘user alignment critic’ to vet its actionsBy Gyana Swain Dec 9, 2025 5 minsArtificial IntelligenceBrowser SecurityEndpoint ProtectionopinionRacks, sprawl and the myth of redundancy: Why your failover isn’t as safe as you thinkToday’s outages hit harder, so smart redundancy — backed by good policies, automation and testing — is the only way to keep traffic flowing when things inevitably break.By Olatunde Olasehan Dec 9, 2025 8 minsBusiness ContinuityCloud SecuritySecuritybrandpostSponsored by CyberNewsWireSpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by MalwareBy Cyber NewsWire – Paid Press Release Dec 5, 2025 5 minsCloud SecurityCyberattacksCybercrimefeatureSpotlight: Making the most of multicloudFor IT leaders navigating multicloud environments, success depends on strategic alignment across business units, robust governance frameworks, and proactive security postures. While multicloud offers agility and vendor flexibility, it also introduces challenges in visibility, compliance, and developer productivity. In this special report, you’ll learn how to take advantage of the benefits of using multiple clouds, avoid common pitfalls, and ensure that multicloud is worth the investment. By CSO Staff Dec 9, 2025 1 minCloud SecurityEnterprise Buyer’s GuidesfeatureIgnoring AI in the threat chain could be a costly mistake, experts warnWhile some researchers dismiss reports of AI-driven cyberattacks as merely marketing messages, threat intel experts counter that CISOs ignore mounting evidence of AI use in the threat chain at their own peril.By Cynthia Brumfield Dec 9, 2025 9 minsArtificial IntelligenceCyberattacksSecuritynewsManufacturing fares better against ransomware — with room for improvementAlthough defenses have improved, more than half of the affected manufacturing companies pay ransom, with 39% suffering data loss, according to a recent survey.By Julia Mutzbauer Dec 9, 2025 2 minsCybercrimeMalwareRansomwarenewsApache Tika hit by critical vulnerability thought to be patched months agoThe scope of an old PDF parsing flaw has been widened to include more Tika modules.By John E. Dunn Dec 8, 2025 3 minsApplication SecurityDevelopment ToolsVulnerabilitiesopinionWhen it comes to security resilience, cheaper isn’t always betterChasing the cheapest vendors feels great — until a breach wipes out the “savings”; real wins come when procurement bakes resilience into every decision.By Maman Ibrahim Dec 8, 2025 11 minsBudgetingIT ManagementSecuritynewsKeep AI browsers out of your enterprise, warns GartnerThey’re already in use but may lead to “irreversible and untraceable” data loss, analysts said.By Gyana Swain Dec 8, 2025 5 minsArtificial IntelligenceBrowser SecurityEndpoint ProtectionfeatureOffensive security takes center stage in the AI eraA growing percentage of CISOs see OffSec as a must-have for improving their overall security posture — especially as AI cyber threats and threats to AI infrastructure rise.By Mary K. Pratt Dec 8, 2025 8 minsArtificial IntelligenceSecuritySecurity PracticesinterviewVaillant CISO: NIS2 complexity and lack of clarity endanger its missionRaphael Reiß, CISO at EU HVAC giant Vaillant Group, explains what cyber challenges his industry faces, including how to operate in a complex regulatory environment.By Julia Mutzbauer Dec 8, 2025 5 minsComplianceData and Information SecurityLaws and Regulations Show more Show less View all Resources whitepaper Modernizing Core Infrastructure for AI-Ready SaaS Apps: Mastering the Art of Application Delivery As a NetOps professional or Cloud Architect, you know that modern SaaS applications aren’t just about code The post Modernizing Core Infrastructure for AI-Ready SaaS Apps: Mastering the Art of Application Delivery appeared first on Whitepaper Repository –. By F5 10 Dec 2025Application ManagementCloudSecurity whitepaper Modernizing Core Infrastructure for AI-Ready SaaS Apps: Unlocking XOps Agility By F5 10 Dec 2025Application ManagementCloudSecurity whitepaper From Chat to Agents: Operationalizing AI at Scale By Glean 01 Dec 2025Artificial IntelligenceIT LeadershipSecurity View all Podcasts podcastsCyber Sessions with Joan GoodchildCybersecurity is constantly evolving, and so are the leaders who shape it. Hosted by veteran journalist Joan Goodchild, Cyber Sessions brings candid conversations with top CISOs, strategists, and industry influencers. Each episode cuts through the noise to explore the trends, challenges, and leadership insights that define the future of security.4 episodesSecuritySecurity Practices Ep. 04 CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan Goodchild Jun 20, 202327 mins CSO and CISOSecurity Infrastructure Ep. 03 Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan Goodchild Jun 20, 202327 mins Artificial IntelligenceCSO and CISOPhishing Video on demand video What is the NIST Cybersecurity Framework? How risk management strategies can mitigate cyberattacks Recently, U.S. Cyber Command confirmed it has acted against ransomware groups, underscoring the importance of cybersecurity to national security. Effective risk management frameworks, such as the NIST Cybersecurity Framework, can help organizations assess risk and mitigate or protect against ransomware attacks or other cyber incidents. Cynthia Brumfield, analyst, CSO Online contributor and author of the new book, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework”, joins Juliet to discuss what the NIST framework is and how IT teams can apply its advice to best protect their organizations. Dec 21, 2021 18 minsRisk ManagementSecurity HP turns to zero trust to defend against emerging threats Nov 5, 2021 25 mins HPSecurityZero Trust Closing the skills gap with smarter cybersecurity hiring and team development Oct 30, 2021 33 mins HiringIT Skills and TrainingSecurity Preparing for XDR: What CISOs should be doing now Oct 22, 2021 23 mins SecurityThreat and Vulnerability Management See all videos Explore a topicApplication SecurityBusiness ContinuityBusiness OperationsCareersCloud SecurityComplianceCritical InfrastructureCybercrimeIdentity and Access ManagementIndustryIT LeadershipNetwork SecurityPhysical SecurityPrivacyView all topics Show me morePopularArticlesPodcastsVideos opinion How can staff+ security engineers force-multiply their impact? By Priyank DesaiDec 10, 202510 mins IT LeadershipIT ManagementStaff Management news Warning: React2Shell vulnerability already being exploited by threat actors By Howard SolomonDec 5, 20255 mins CyberattacksCybercrimeDevelopment Tools news Insecure use of Signal app part of wider Department of Defense problem, suggests Senate report By John E. DunnDec 5, 20254 mins GovernmentGovernment ITSecurity Practices podcast CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan GoodchildDec 10, 202527 mins CSO and CISOSecurity Infrastructure podcast Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan GoodchildDec 3, 202527 mins Artificial IntelligenceCSO and CISOPhishing podcast The Future of Cybersecurity Leadership: AI, Governance & Education | Kevin Powers, Boston College Nov 19, 202523 mins CyberattacksCybercrimeRisk Management video CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan GoodchildDec 10, 202527 mins CSO and CISOSecurity Infrastructure video Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan GoodchildDec 3, 202527 mins Artificial IntelligenceCSO and CISOPhishing video The Future of Cybersecurity Leadership: AI, Governance & Education | Kevin Powers, Boston College Nov 19, 202523 mins CyberattacksCybercrimeRisk Management