CISOs at government organizations and universities have an unexpected ally coming to their aid: OnlyFans models. For some time, hackers have exploited…
News
Google must open Android to rival AI agents, EU orders
The European Union is stepping up its actions against US tech giants under the Digital Markets Act, which is intended to ensure…
The SaaS blind spot: Why security teams can’t get inside their own apps
Most organizations I work with have invested heavily in cloud security. They have endpoint detection tools, SIEM platforms, cloud security posture management,…
Fake TTF files deliver stealthy malware in global phishing campaign
Threat actors are now abusing an ordinary font file to deliver low-detection malware capable of stealing credentials and establishing persistence on compromised…
Senior executives are killing your shadow AI strategy
Shadow IT has long been a major problem for CISOs, but the biggest problem may be coming from the executive suite’s hunger…
Zoom patches account takeover hole
Zoom has identified, and patched, a critical security hole that “may allow an unauthenticated user to conduct an account takeover via network…
CISA urges immediate SharePoint hardening as exploits mount
The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to immediately secure Microsoft SharePoint deployments after warning that three vulnerabilities…
CISA urges software vendors to formalize vulnerability disclosure programs
The Cybersecurity and Infrastructure Security Agency (CISA) and four international cybersecurity agencies have published guidance urging software manufacturers and online service providers…
When AI gets a body, it inherits an attack surface
Most security leaders I know working on AI robotics are being shown the same kind of video. A humanoid folds a shirt,…
The executive profile your security team isn’t defending
A few years ago, I was retained to conduct a digital risk review for the chief executive of a mid-sized financial services…