Claim OwnershipCybersecurity Headlines
Subscribed: 1,110Played: 95,879
Subscribe
© 2018-2024 Spark Media Solutions, LLC
Description
Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
1704 Episodes
Reverse
Anthropic announces Project Glasswing U.S. seeks to slash CISA funding Russia-linked hackers hijack routers for passwords Check out our show notes here: https://cisoseries.com/cybersecurity-news-anthropics-project-glasswing-cisa-funding-in-doubt-routers-hijacked-for-passwords/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.
Drift says exploit was North Korean intelligence operation GitHub used in multi-stage attacks targeting South Korea Data leak threatened after Die Linke attack Check out our show notes here: https://cisoseries.com/cybersecurity-news-drift-blames-exploit-on-north-korea-github-attacks-target-south-korea-die-linke-breach-threatens-data-leak/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.
Link to episode page This week's Department of Know is hosted by Sarah Lane, with guests Jack Kufahl, CISO, Michigan Medicine, and Adam Palmer, CISO, First Hawaiian Bank. Missed the live show? Check it out on YouTube. Huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.
36 Malicious npm packages exploited to deploy persistent implants Hundreds of millions to be cut from CISA in proposed budget Hackers exploit React2Shell in automated credential theft campaign Check out our show notes here: https://cisoseries.com/cybersecurity-news-malicious-npm-packages-cisa-budget-cuts-hackers-exploit-react2shell/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.
250,000 affected by data Breach at Texas hospital CISA says, "patch Citrix NetScaler bug by Thursday" Researchers uncover mining operation using ISO lures Get the show notes here: https://cisoseries.com/cybersecurity-news-texas-hospital-breach-cisa-orders-netscaler-patch-iso-file-rat-warning/ Huge thanks to our sponsor, ThreatLocker Security controls fail when they break the business. Successful teams phase in protections gradually — starting with visibility, then moving to enforcement. That approach allows organizations to reduce risk without overwhelming IT teams or disrupting critical workflows. Learn more at ThreatLocker.com
Apple pushes new patches over DarkSword FBI: US surveillance hack is major incident Cisco code stolen in Trivy-linked breach Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-pushes-new-patches-over-darksword-fbi-us-surveillance-hack-is-major-incident-cisco-code-stolen-in-trivy-linked-breach/ Huge thanks to our sponsor, ThreatLocker Detection-based security assumes you'll catch an attack in time. Control-based security assumes you won't. That mindset shift is driving more organizations to focus on preventative controls — stopping unknown execution and unauthorized privilege elevation instead of relying solely on alerts after the fact. Learn more at ThreatLocker.com
HTTP client introduces malicious dependency TeamPCP testing the open source supply chain Claude source code leaked Get the show notes here: https://cisoseries.com/cybersecurity-news-axios-poisoned-teampcp-details-claude-code-leaked/ Huge thanks to our sponsor, ThreatLocker Least privilege isn't about distrusting users — it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more at ThreatLocker.com
macOS Terminal gets ClickFix attacks Russian court sentences 'Flint' over card fraud CareCloud probes data breach Get the show notes here: https://cisoseries.com/cybersecurity-news-macos-terminal-clickfix-attacks-russian-court-sentences-flint-carecloud-probes-data-breach/ Huge thanks to our sponsor, ThreatLocker Ransomware doesn't need to be sophisticated if it's allowed to execute. A growing number of security teams are shifting focus from detecting ransomware to preventing execution in the first place — controlling applications, scripts, and installers so unauthorized code never gets the chance to run. Learn more at ThreatLocker.com
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Dennis Pickett, vp, CISO, RTI International, and Jacob Combs, CISO, Tandem Diabetes Care Thanks to our show sponsor, ThreatLocker Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security — shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com All links and the video of this episode can be found on CISO Series.com
FBI confirms theft of director's personal emails Lloyds customer data exposed in IT glitch Hundreds of valid API keys discovered on the Web Get the show notes here: https://cisoseries.com/cybersecurity-news-fbi-email-theft-lloyds-bank-glitch-api-keys-running-loose/ Huge thanks to our sponsor, ThreatLocker Most breaches don't start with a zero-day — they start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface: deciding what software should be allowed to execute and blocking everything else by default. Fewer unknowns means fewer opportunities for attackers. Learn more at ThreatLocker.com
Alleged RedLine dev extradited to US Red Menshen uses BPFDoor to spy Former NSA chiefs worry US cybersecurity is slipping Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-alleged-redline-dev-extradited-red-menshen-spies-with-bpfdoor-is-us-cybersecurity-slipping/ Huge thanks to our sponsor, ThreatLocker Security controls fail when they break the business. Successful teams phase in protections gradually — starting with visibility, then moving to enforcement. That approach allows organizations to reduce risk without overwhelming IT teams or disrupting critical workflows. Learn more at ThreatLocker.com
Torg Grabber targets crypto wallets TeamPCP backdoors LiteLLM GitHub adds AI security bug detection Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-torg-grabber-targets-crypto-teampcp-backdoors-litellm-github-ai-bug-detection/ Huge thanks to our sponsor, ThreatLocker Detection-based security assumes you'll catch an attack in time. Control-based security assumes you won't. That mindset shift is driving more organizations to focus on preventative controls — stopping unknown execution and unauthorized privilege elevation instead of relying solely on alerts after the fact. Learn more at ThreatLocker.com
FCC bans foreign routers Drone activity disrupts AWS region Crunchyroll confirmed data leak Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-fcc-router-ban-drone-hit-aws-crunchroll-leak/ Huge thanks to our sponsor, ThreatLocker Least privilege isn't about distrusting users — it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more at ThreatLocker.com
New DarkSword exploit hits GitHub Gemini AI agents scour the dark web Trivy supply chain attack expands Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-darksword-exploit-hits-github-gemini-ai-agents-scour-dark-web-trivy-supply-chain-attack-expands/ Huge thanks to our sponsor, ThreatLocker Ransomware doesn't need to be sophisticated if it's allowed to execute. A growing number of security teams are shifting focus from detecting ransomware to preventing execution in the first place — controlling applications, scripts, and installers so unauthorized code never gets the chance to run. Learn more at ThreatLocker.com
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Bil Harmer, CISO, Supabase, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security — shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com All links and the video of this episode can be found on CISO Series.com
Law enforcement seizes botnet infrastructure California city and LA transit agency report cybersecurity issues Microsoft Azure Monitor alerts used for callback phishing attacks Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-cybersecurity-news-international-botnet-takedown-california-city-ransomed-azure-monitor-phishing/ Huge thanks to our sponsor, ThreatLocker Most breaches don't start with a zero-day — they start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface: deciding what software should be allowed to execute and blocking everything else by default. Fewer unknowns means fewer opportunities for attackers. Learn more at ThreatLocker.com
Critical Microsoft SharePoint flaw now exploited in attacks 1stProtect reveals endpoint security platform intended to prevent cyberattacks in real time CISA urges U.S. organizations to secure Microsoft Intune systems following Stryker breach Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-critical-sharepoint-flaw-real-time-cyberattack-prevention-cisas-intune-warning/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. Learn more at adaptivesecurity.com.
DarkSword emerges from suspected Russian hackers "ShieldGuard" dismantled after malware discovery North Korea's fake IT worker army rakes in $500M/year Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-darksword-emerges-shieldguard-dismantled-nk-it-worker-army-rakes-in-money/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. Learn more at adaptivesecurity.com.
Energy Department to release first cyber strategy Tech giants sign on to fight scammers Font-rendering hides malicious commands from AI in plain sight Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-energy-strategy-scammer-accord-font-rendering-attack/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery – especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs deepfake and vishing simulations so employees practice this before it's real. Learn more at adaptivesecurity.com.
Stryker hospital tools safe, digital ordering services down Models apply to be the face of AI scams Cybercrime up 245% since Iran conflict Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-stryker-hospital-tools-safe-models-apply-to-power-ai-scams-cybercrime-up-245/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Today's phishing doesn't just hit inboxes — it can sound like your CFO or look like your CEO on Zoom. AI voices, video, and deepfakes are turning trust into the attack surface. Adaptive fights back with AI-driven risk scoring, deepfake simulations featuring your own executives, and interactive training your team will actually remember. Take a three-minute tour or request a CEO deepfake demo at adaptivesecurity.com.
Download from Google Play
Download from App Store
United States
jorgensen....
🌴🌲🌳🌱🌿🌵🌴🌲🌳🌱🌴🌲🌴🌳🌲🌴🌳🌲🌴🌴🌴🌴🌴🌴🌴🌴🌴🌴🌴🌲🌲🌲🌲🌲🌲🌴🌴🌴🌴🌲🌲🌲🌲🌴🌴🌴🌴🌲🌲🌲🌲🌴🌴🌴🖐️👽🌴🌴🌴🌴🌴🖐️👽🖐️🌴🌴🌴🌴
good thing I didn't throw away all me cash ...
i never had Facebook or Instagram or whatz up...never had an Amazon account...never bought an apple I phone...and i stopped voting...waste of delusional time...and im done listening...also i ran out of... patience...