Cybersecurity Headlines

Microsoft wants to update all the things LexisNexis breach impacts 364,000 people Cyber insurance premium volume expected to double Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

MathWorks, Creator of MATLAB, Confirms Ransomware Attack Adidas warns of data breach after customer service provider hack Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

Malicious npm and VS Code packages stealing data Nova Scotia Power confirms ransomware attack Researchers claim ChatGPT o3 bypassed shutdown in controlled test Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

CISA warns Commvault clients of campaign targeting cloud applications Russian hacker group Killnet returns with slightly adjusted mandate Fake VPN and browser NSIS installers used to deliver Winos 4.0 malware Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest George Finney, CISO, The University of Texas System – check out George's new book plus all his other achievements at his website, WellAwareSecurity. Thanks to our show sponsor, Conveyor Still spending hours maintaining a massive spreadsheet of Q&A pairs or using RFP tools to answer security questionnaires? Conveyor's AI doesn't need hand-holding and gets you accurate answers every time with limited knowledge base maintenance. It reads directly from your connected sources—documents, wikis, websites, Confluence, Google drive, and even your Conveyor trust center. You don't maintain a knowledge base. You connect to one. And our AI does the rest for you. See what real auto-fill magic looks like at www.conveyor.com All links and the video of this episode can be found on CISO Series.com

Signal adds Recall blocker Critical Windows Server 2025 dMSA vulnerability warning Pathology lab suffers data breach Huge thanks to our sponsor, Conveyor Still spending hours maintaining a massive spreadsheet of Q&A pairs or using RFP tools to answer security questionnaires? Conveyor's AI doesn't need hand-holding and gets you accurate answers every time with limited knowledge base maintenance. It reads directly from your connected sources—documents, wikis, websites, Confluence, Google drive, and even your Conveyor trust center. You don't maintain a knowledge base. You connect to one. And our AI does the rest for you. See what real auto-fill magic looks like at www.conveyor.com Find the stories behind the headlines at CISOseries.com.

Ransomware attack knocks out Kettering Health Lumma malware operation disrupted Federal agencies impacted by "major lapse" at Opexus Huge thanks to our sponsor, Conveyor Half-baked AI answers to security questionnaires are worse than no answer at all. Conveyor's AI gets it right the first time—with market-leading accuracy rates and full citations for every response. Because "good enough" doesn't cut it when you're filling in questionnaires daily. Accuracy isn't just a feature—it's the foundation. Because we know that when AI gets it wrong, you're stuck with more work. If AI isn't living up to its promise with other tools, check out Conveyor at www.conveyor.com

US DOJ opens investigation into Coinbase's recent cyberattack Dutch government passes law to criminalize cyber-espionage Ransomware attack on food distributor spells more pain for UK supermarkets Huge thanks to our sponsor, Conveyor What if your sales team could answer security questions themselves—without blowing up your Slack or email every 10 minutes? With Conveyor, they can. Conveyor is the trust center and security questionnaire automation tool your infosec friends love to use. Whether through Slack or the Conveyor app, sales and presales teams can easily get AI-generated answers to any customer security question, with your pre-set rules and reviews in place. Free up your team and keep deals moving at www.conveyor.com

UK's Legal Aid Agency breached NHS patients put at risk from cyberattacks 23andMe has a buyer Huge thanks to our sponsor, Conveyor Ever spent an hour in a clunky portal questionnaire with UI from 1999 just to lose your work because it timed out? Conveyor's got you. Our browser extension completes questionnaires in the most tedious portals for you by auto-importing all the questions and generating AI answers. For popular portals, it can go full autopilot and fill in reviewed answers into the portal on one click. You shouldn't have to fight a portal just to prove your security posture. Learn more at www.conveyor.com.

Scattered Spider facilitates UK retail hacks and is moving to the U.S. Defendnot tool can disable Microsoft Defender FBI warns government officials about new waves of deepfakes Huge thanks to our sponsor, Conveyor Are you dealing with security questionnaire chaos this week? If so, get Conveyor's AI to knock them out for you. Connect Conveyor to any source, easily upload any format of questionnaire or use the browser extension for portals and their AI handles the rest—from parsing the questions to generating answers and auto-tagging collaborators. Let Conveyor do the work for you. Learn more at www.conveyor.com. Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Nick Espinosa, host, The Deep Dive Radio Show. Here's where you can find him: Daily Podcast on SoundCloud | YouTube | Forbes | Twitter/X | Facebook | BlueSky | Mastodon Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com

Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom Windows 11 and Red Hat Linux hacked on first day of Pwn2Own The Internet's biggest-ever black market just shut down amid a Telegram purge Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.

Steel producer disrupted by cyberattack European Vulnerability Database (EUVD) is online CISA pauses advisory overhaul Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.

Radware says recently WAF bypasses were patched in 2023 Marks & Spencer confirms data stolen in ransomware attack Alabama suffers cybersecurity event Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com

Global Crossing Airlines Group confirms cyberattack Google settles privacy lawsuits UK launches software security guidelines Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.

Hackers hijack Japanese financial accounts to conduct billions in trades Education giant Pearson hit by cyberattack exposing customer data Microsoft Teams will soon block screen capture during meetings Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dan Holden, CISO, BigCommerce Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com

Cisco patches a level 10 vulnerability in IOS XE President nominates former Unilever CISO to be Pentagon CIO SonicWall patches a new zero-day vulnerability Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Europol shuts down six DDoS-for-hire services used in global attacks CrowdStrike says it will lay off 500 workers Passkeys set to protect GOV.UK accounts against cyber-attacks Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Congress challenges Noem over proposed CISA cuts Texas school district breach impacts over 47,000 people NSO Group to pay WhatsApp $167 million in damages Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Signal clone gets hacked Sounding the alarm on easyjson Ransomware group takes credit for UK retail attacks Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Microsoft ends Authenticator password autofill in favor of Edge StealC malware enhanced with stealth upgrades and data theft White House proposes cutting $491M from CISA budget Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest DJ Schleen, Head of Security, Boats Group Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com

UK retailer Co-Op suffers cyberattack FBI shares list of 42,000 LabHost phishing domains NSO group looking at hefty damages in WhatsApp case Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Alleged 'Scattered Spider' member extradited to U.S. Experts see little progress after major Chinese telecom hack Polish police take down impersonation scammers Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. For the stories behind the headlines, visit CISOseries.com.

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi Google tracked 75 zero days exploited in the wild in 2024 France ties Russian APT28 hackers to 12 cyberattacks on French orgs Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

Uyghur Language Software Hijacked to Deliver Malware Cloudflare sees a big jump in DDoS attacks 4chan back online Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

SAP zero-day vulnerability under widespread active exploitation Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts Cybersecurity firm CEO charged with installing malware on hospital systems Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO emeritus, The Carlyle Group Thanks to our show sponsor, Dropzone AI Alert investigation is eating up your security team's day—30 to 40 minutes per alert adds up fast. Dropzone AI's SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your security tools, and delivers clear reports with recommended actions—all in minutes. No playbooks to build, no code to write. Just consistent, high-quality investigations that free your team to focus on what matters: stopping actual threats. Meet us at RSA Booth ESE-60. All links and the video of this episode can be found on CISO Series.com

Russian army targeted by Android malware hidden in mapping app Attackers hit security device defects hard in 2024 Critical Commvault Command Center flaw warning Huge thanks to our sponsor, Dropzone AI Alert investigation is eating up your security team's day—30 to 40 minutes per alert adds up fast. Dropzone AI's SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your security tools, and delivers clear reports with recommended actions—all in minutes. No playbooks to build, no code to write. Just consistent, high-quality investigations that free your team to focus on what matters: stopping actual threats. Meet us at RSA Booth ESE-60. Find the stories behind the headlines at CISOseries.com.

Blue Shield of California shared private health data of millions with Google The FBI issues its 2024 IC3 report Ex-Army sergeant jailed for selling military secrets Huge thanks to our sponsor, Dropzone AI Security analysts need practical experience to build investigation skills, but getting expert guidance for every alert is impossible. That's why Dropzone AI created COACH—a free Chrome extension that serves as an AI security mentor for SOC analysts at any level. COACH reads alerts across all major security platforms, explains their context, provides alternative hypotheses, and guides analysts through industry-standard investigation methodologies. Unlike our AI SOC Analyst product, COACH doesn't do the work for you—it teaches you how to think through investigations yourself. It supplements human mentoring with always-available guidance that respects your data with zero retention. Develop your security team's skills at Dropzone.ai/coach. For the stories behind the headlines, head to CISOseries.com.

Microsoft Recall on Copilot+ PC: testing the security and privacy implications Russian organizations targeted by backdoor masquerading as secure networking software updates SSL.com Scrambles to Patch Certificate Issuance Vulnerability Huge thanks to our sponsor, Dropzone AI Is your security team spending too much time chasing alerts instead of stopping threats? Dropzone AI modernizes your security operations by handling the routine investigations that consume your team's day. Our AI SOC Analyst works with your existing security tools, learns your environment, and delivers clear, actionable reports within minutes. Your human analysts can finally focus on the most critical threats. Organizations using our AI SOC Analyst handle significantly more alerts without growing their team. See how at RSA at booth ESE-60.

Google OAuth abused in DKIM replay attack Japan warns of sharp rise in unauthorized trading North Koreans hijacking Zoom's Remote Control Huge thanks to our sponsor, Dropzone AI Security threats don't clock out at 5 PM, but your analysts need to sleep sometime. Dropzone AI delivers around-the-clock alert investigations with the same attention to detail at midnight as at noon. Our AI SOC Analyst ensures no more morning backlogs and no more off-hours blind spots. Just reliable, continuous protection that ensures every alert gets the attention it deserves, regardless of when it arrives. See how SOC teams are achieving true 24/7 coverage with our AI SOC Analyst without the staffing challenges at Dropzone.ai.

Widespread Microsoft Entra lockouts cause by new security feature rollout Malware delivered through diplomatic wine-tasting invites British companies told to hold in-person interviews to thwart North Korea job scammers Huge thanks to our sponsor, Dropzone AI Growing your MSSP client roster while your alerts are multiplying? Dropzone AI works alongside your team, investigating alerts just like your best human analysts would. Our AI SOC Analyst cuts investigation time from an hour to minutes while handling five times more alerts per analyst. Unlike complex SOAR solutions, Dropzone deploys quickly and adapts to your environment without the need for playbooks or coding. Eliminate backlogs, reduce false positives, and deliver the detailed investigations your clients expect. Ready to scale your MSSP without scaling your team? Meet us at booth ESE-60 at RSA. Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by David Spark with guest Trina Ford, CISO, iHeartMedia Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com

Bipartisan push for renewal of cyberthreat information sharing law ClickFix becoming a favorite amongst state-sponsored hackers GoDaddy puts Zoom on mute for about 90 minutes Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com

MITRE gets last-minute bailout from CISA Krebs exits SentinelOne after security clearance pulled Apple fixes two zero-days exploited in targeted iPhone attacks Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. For the stories behind the headlines, visit CISOseries.com. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.

CISA issued a statement that it execution an option on its contract with MITRE to continue funding the CVE program.

Government CVE funding set to end Tuesday 4chan, the internet's most infamous forum, is down following an alleged hack China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.

AI code dependencies are a supply chain risk Morocco investigates social security leak European Commission increases security measures for US-bound staff Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.

Major workforce cuts planned for CISA Microsoft warns Windows users not to delete 'inetpub' folder Data breach at testing lab affects 1.6 million people Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Carla Sweeney, SVP, InfoSec, Red Ventures Thanks to our show sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security, you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day trial All links and the video of this episode can be found on CISO Series.com

President orders probe of former CISA Director Chris Krebs Nissan Leaf cars can be hacked for remote spying and physical takeover Infosec experts warn of China Typhoon retaliation against tariffs Thanks to our episode sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security, you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com.

U.S. Comptroller suffers 'major incident' Oracle confirms "obsolete servers" hacked Police seize Smokeloader malware servers and detain customers Thanks to our episode sponsor, Nudge Security Nudge Security is the only solution for SaaS security and governance that can discover up to two years of historical SaaS spend along with usage insights so you can uncover wasted spend and sources of unnecessary risk. Start a free 14-day trial today For the stories behind the headlines, visit CISOseries.com.

WhatsApp vulnerability could facilitate remote code execution Spyware targeting Chinese diaspora Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day Thanks to our episode sponsor, Nudge Security Nudge Security provides advanced security posture management for Okta, Microsoft 365, Google Workspace, and other critical apps. With Nudge, you'll be alerted of risks like weak or missing MFA, inactive admin accounts, and risky integrations, plus you can automate remediation tasks and on-going identity governance. Start a free 14-day trial today

Apple appeals UK encryption back door order Researchers warn about AI-driven hacking tool PoisonSeed campaign weaponizes CRM system Thanks to our episode sponsor, Nudge Security Nudge Security discovers every GenAI tool ever used in your org, even those you've never heard of. For each tool, you'll see who introduced it, who else is using it, where it's integrated into other tools, and a vendor security profile. Get your free GenAI inventory today.

Haugh fired from leadership of NSA and Cyber Command WinRAR flaw bypasses Windows Mark of the Web security alerts Researcher creates fake passport using ChatGPT Thanks to our episode sponsor, Nudge Security Nudge Security helps you mitigate security risks stemming from SaaS sprawl by discovering every SaaS account ever created by anyone in your org within minutes of starting a free trial. And, you can automate on-going governance tasks like security posture checks, user access reviews, employee offboarding, and more. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Howard Holton, COO and industry analyst, GigaOm Thanks to our show sponsor, Qualys Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information. All links and the video of this episode can be found on CISO Series.com

Google patches Quick Share vulnerability ChatGPT suffered brief outage Wednesday UK's Royal Mail investigates data leak claims Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information." Find the stories behind the headlines at CISOseries.com.

North Korean IT worker army expands operations in Europe Stripe API skimming campaign unveils new techniques for theft Verizon call filter API flaw exposed customers' incoming call history Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information."