Uyghur Language Software Hijacked to Deliver Malware Cloudflare sees a big jump in DDoS attacks 4chan back online Thanks to today's episode sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit Threat...
Apr 29, 2025•8 min
SAP zero-day vulnerability under widespread active exploitation Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts Cybersecurity firm CEO charged with installing malware on hospital systems Thanks to today's episode sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mit...
Apr 28, 2025•7 min
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude , CISO emeritus, The Carlyle Group Thanks to our show sponsor, Dropzone AI Alert investigation is eating up your security team's day—30 to 40 minutes per alert adds up fast. Dropzone AI 's SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across you...
Apr 25, 2025•30 min
Russian army targeted by Android malware hidden in mapping app Attackers hit security device defects hard in 2024 Critical Commvault Command Center flaw warning Huge thanks to our sponsor, Dropzone AI Alert investigation is eating up your security team's day—30 to 40 minutes per alert adds up fast. Dropzone AI 's SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your secu...
Apr 25, 2025•8 min
Blue Shield of California shared private health data of millions with Google The FBI issues its 2024 IC3 report Ex-Army sergeant jailed for selling military secrets Huge thanks to our sponsor, Dropzone AI Security analysts need practical experience to build investigation skills, but getting expert guidance for every alert is impossible. That's why Dropzone AI created COACH—a free Chrome extension that serves as an AI security mentor for SOC analysts at any level. COACH reads alerts across all ma...
Apr 24, 2025•10 min
Microsoft Recall on Copilot+ PC: testing the security and privacy implications Russian organizations targeted by backdoor masquerading as secure networking software updates SSL.com Scrambles to Patch Certificate Issuance Vulnerability Huge thanks to our sponsor, Dropzone AI Is your security team spending too much time chasing alerts instead of stopping threats? Dropzone AI modernizes your security operations by handling the routine investigations that consume your team's day. Our AI SOC Analyst ...
Apr 23, 2025•7 min
Google OAuth abused in DKIM replay attack Japan warns of sharp rise in unauthorized trading North Koreans hijacking Zoom's Remote Control Huge thanks to our sponsor, Dropzone AI Security threats don't clock out at 5 PM, but your analysts need to sleep sometime. Dropzone AI delivers around-the-clock alert investigations with the same attention to detail at midnight as at noon. Our AI SOC Analyst ensures no more morning backlogs and no more off-hours blind spots. Just reliable, continuous protecti...
Apr 22, 2025•8 min
Widespread Microsoft Entra lockouts cause by new security feature rollout Malware delivered through diplomatic wine-tasting invites British companies told to hold in-person interviews to thwart North Korea job scammers Huge thanks to our sponsor, Dropzone AI Growing your MSSP client roster while your alerts are multiplying? Dropzone AI works alongside your team, investigating alerts just like your best human analysts would. Our AI SOC Analyst cuts investigation time from an hour to minutes while...
Apr 21, 2025•8 min
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by David Spark with guest Trina Ford , CISO, iHeartMedia Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation t...
Apr 18, 2025•26 min
Bipartisan push for renewal of cyberthreat information sharing law ClickFix becoming a favorite amongst state-sponsored hackers GoDaddy puts Zoom on mute for about 90 minutes Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their c...
Apr 18, 2025•9 min
MITRE gets last-minute bailout from CISA Krebs exits SentinelOne after security clearance pulled Apple fixes two zero-days exploited in targeted iPhone attacks Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Va...
Apr 17, 2025•8 min
CISA issued a statement that it execution an option on its contract with MITRE to continue funding the CVE program.
Apr 16, 2025•36 sec
Government CVE funding set to end Tuesday 4chan, the internet's most infamous forum, is down following an alleged hack China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous...
Apr 16, 2025•8 min
AI code dependencies are a supply chain risk Morocco investigates social security leak European Commission increases security measures for US-bound staff Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . ...
Apr 15, 2025•8 min
Major workforce cuts planned for CISA Microsoft warns Windows users not to delete 'inetpub' folder Data breach at testing lab affects 1.6 million people Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . V...
Apr 14, 2025•7 min
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Carla Sweeney , SVP, InfoSec, Red Ventures Thanks to our show sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security , you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day trial All links and the video of this ep...
Apr 11, 2025•23 min
President orders probe of former CISA Director Chris Krebs Nissan Leaf cars can be hacked for remote spying and physical takeover Infosec experts warn of China Typhoon retaliation against tariffs Thanks to our episode sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security, you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day t...
Apr 11, 2025•8 min
U.S. Comptroller suffers 'major incident' Oracle confirms "obsolete servers" hacked Police seize Smokeloader malware servers and detain customers Thanks to our episode sponsor, Nudge Security Nudge Security is the only solution for SaaS security and governance that can discover up to two years of historical SaaS spend along with usage insights so you can uncover wasted spend and sources of unnecessary risk. Start a free 14-day trial today For the stories behind the headlines, visit CISOseries.co...
Apr 10, 2025•8 min
WhatsApp vulnerability could facilitate remote code execution Spyware targeting Chinese diaspora Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day Thanks to our episode sponsor, Nudge Security Nudge Security provides advanced security posture management for Okta, Microsoft 365, Google Workspace, and other critical apps. With Nudge, you'll be alerted of risks like weak or missing MFA, inactive admin accounts, and risky integrations, plus you can automate remediation tasks and...
Apr 09, 2025•7 min
Apple appeals UK encryption back door order Researchers warn about AI-driven hacking tool PoisonSeed campaign weaponizes CRM system Thanks to our episode sponsor, Nudge Security Nudge Security discovers every GenAI tool ever used in your org, even those you've never heard of. For each tool, you'll see who introduced it, who else is using it, where it's integrated into other tools, and a vendor security profile. Get your free GenAI inventory today....
Apr 08, 2025•7 min
Haugh fired from leadership of NSA and Cyber Command WinRAR flaw bypasses Windows Mark of the Web security alerts Researcher creates fake passport using ChatGPT Thanks to our episode sponsor, Nudge Security Nudge Security helps you mitigate security risks stemming from SaaS sprawl by discovering every SaaS account ever created by anyone in your org within minutes of starting a free trial. And, you can automate on-going governance tasks like security posture checks, user access reviews, employee ...
Apr 07, 2025•7 min
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Howard Holton , COO and industry analyst, GigaOm Thanks to our show sponsor, Qualys Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate ...
Apr 04, 2025•31 min
Google patches Quick Share vulnerability ChatGPT suffered brief outage Wednesday UK's Royal Mail investigates data leak claims Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectiv...
Apr 04, 2025•9 min
North Korean IT worker army expands operations in Europe Stripe API skimming campaign unveils new techniques for theft Verizon call filter API flaw exposed customers' incoming call history Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streaml...
Apr 03, 2025•7 min
Mozilla Thunderbird finally takes on Gmail with new email service Surge in scans on PAN GlobalProtect VPNs hints at attacks Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, stream...
Apr 02, 2025•7 min
FTC sends warning to future 23andMe buyer Global phishing threat targets 88 countries Samsung data breach tied to old stolen credentials Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— whil...
Apr 01, 2025•9 min
FBI warns of increase in free online document converter scams Resurge malware exploits Ivanti flaw BlackLock hackers exposed through leak site vulnerability Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate ...
Mar 31, 2025•8 min
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jonathan Waldrop , CISO, The Weather Company Jonathan will be speaking at The CrowdStrike Crowd Tour, on Tuesday, April 15, 2025 in Atlanta – details here . He will also be speaking at the C Vision International Think Tank on April 24, 2025, also in Atlanta – details here . Thanks to our show sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, o...
Mar 28, 2025•24 min
150,000 sites compromised by JavaScript injection Vulnerabilities in numerous solar power systems found T-Mobile pays $33 million in SIM swap lawsuit Huge thanks to our episode sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more an...
Mar 28, 2025•8 min
New ransomware group claims attack on US Telecom firm WideOpenWest NSA warned of vulnerabilities in Signal app a month before Houthi strike chat New ReaderUpdate malware variants target macOS users Huge thanks to our episode sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate p...
Mar 27, 2025•7 min
