Zoom patches account takeover hole
Zoom has identified, and patched, a critical security hole that “may allow an unauthenticated user to […]
How Can Deception Be Used in OT ICS Networks for Early Threat Detection
Key Takeaways Using deception technology, attackers can be detected as early as the reconnaissance and early […]
CISA urges immediate SharePoint hardening as exploits mount
The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to immediately secure Microsoft SharePoint […]
CISA urges software vendors to formalize vulnerability disclosure programs
The Cybersecurity and Infrastructure Security Agency (CISA) and four international cybersecurity agencies have published guidance urging […]
When AI gets a body, it inherits an attack surface
Most security leaders I know working on AI robotics are being shown the same kind of […]
The executive profile your security team isn’t defending
A few years ago, I was retained to conduct a digital risk review for the chief […]
Flaw surge fuels need for CISOs to rethink vulnerability management
Security experts are calling on enterprises to revise their vulnerability management strategies and move towards “just […]
NPM ecosystem hit with two new supply chain compromises
Attacks targeting developer ecosystems are increasing in frequency and sophistication, with Node.js developers firmly in this […]
New Windows Bind Link techniques let attackers evade EDR, security controls
Attackers who already have administrator privileges on a Windows machine have newer ways to slip past […]
White House launches AI-driven vulnerability clearinghouse to speed cyber remediation
The White House is expanding the use of AI beyond cyber threat detection into vulnerability management, […]