CISA urges immediate SharePoint hardening as exploits mount
The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to immediately secure Microsoft SharePoint […]
CISA urges software vendors to formalize vulnerability disclosure programs
The Cybersecurity and Infrastructure Security Agency (CISA) and four international cybersecurity agencies have published guidance urging […]
When AI gets a body, it inherits an attack surface
Most security leaders I know working on AI robotics are being shown the same kind of […]
The executive profile your security team isn’t defending
A few years ago, I was retained to conduct a digital risk review for the chief […]
Flaw surge fuels need for CISOs to rethink vulnerability management
Security experts are calling on enterprises to revise their vulnerability management strategies and move towards “just […]
NPM ecosystem hit with two new supply chain compromises
Attacks targeting developer ecosystems are increasing in frequency and sophistication, with Node.js developers firmly in this […]
New Windows Bind Link techniques let attackers evade EDR, security controls
Attackers who already have administrator privileges on a Windows machine have newer ways to slip past […]
White House launches AI-driven vulnerability clearinghouse to speed cyber remediation
The White House is expanding the use of AI beyond cyber threat detection into vulnerability management, […]
New bugs in Claude for Chrome allow extensions to abuse AI privileges
Two vulnerabilities found in Anthropic’s Claude for Chrome extension remain exploitable months after they were reported […]
When 80,000 fans log on at once: The 2026 World Cup’s unique cybersecurity issues
With the World Cup in full swing, stadiums across North America are currently accommodating thousands of […]