Schrödinger’s Cat and the Enterprise Security Paradox
Security leaders often operate under a paradox: dashboards show compliance while unseen breaches may exist. The article likens this to Schrödinger’s cat, arguing that without direct observation, an organization is simultaneously secure and compromised. It distinguishes the “paper company” of policies from the “real company” of actual behavior, and stresses that detection, telemetry, and continuous hunting are needed to collapse uncertainty. Ultimately, leaders must shift boardroom questions from “Are we secure?” to “What evidence do we have and where are the gaps?”
NIS2: Supply Chains as a Risk Factor
The EU’s NIS2 directive expands cybersecurity obligations beyond a company’s own network to include every external partner in the supply chain. It mandates that firms systematically identify, assess, and continuously monitor risks from service providers, cloud vendors, and subcontractors. The...
The Silent Security Gap in Enterprise AI Adoption
Enterprises are rapidly integrating generative AI into core workflows, but security models have not kept pace. Sensitive data now flows through AI inference requests—prompts containing source code, contracts, PII, and strategic logic—yet these streams sit outside traditional visibility and control...
Software Supply Chain Risks Join the OWASP Top 10 List, Access Control Still on Top
The 2025 OWASP Top 10 introduces software supply chain failures and mishandling of exceptional conditions as new entries, while broken access control retains the top spot after 20 years. Security misconfiguration rises to second place, and AI‑generated code is highlighted in the...
Threat Actors Hijack Web Traffic After Exploiting React2Shell Vulnerability: Report
Researchers at Datadog Security Labs report that threat actors are exploiting the React2Shell vulnerability (CVE‑2025‑55182) in React Server Components to compromise NGINX servers managed via Boato Panel, hijacking web traffic and redirecting users to malicious sites. The attacks target a...
Zero Trust in Practice: A Deep Technical Dive Into Going Fully Passwordless in Hybrid Enterprise Environments
Eliminating passwords in hybrid Active Directory and Microsoft Entra ID environments requires a complete redesign of identity architecture, not a simple switch. Success hinges on three prerequisites—cloud Kerberos trust, device registration, and Conditional Access policies—forming a prerequisite triangle. Organizations must...
From Credentials to Cloud Admin in 8 Minutes: AI Supercharges AWS Attack Chain
Threat actors used a publicly exposed AWS credential to launch an AI‑assisted attack that achieved full administrative control in under eight minutes. Large language models generated malicious Lambda code, enabling rapid privilege escalation, lateral movement across 19 principals, and costly...
Shai-Hulud & Co.: The Software Supply Chain as Achilles’ Heel
Supply‑chain attacks have evolved from passive typosquatting to active worms, exemplified by the Shai‑Hulud malware. Shai‑Hulud steals developer credentials, republishes infected npm packages, and can trigger a dead‑man switch that erases evidence. The worm’s ability to move across languages and...
This Stealthy Windows RAT Holds Live Conversations with Its Operators
Point Wild researchers uncovered a new Windows campaign deploying the Pulsar RAT, a .NET‑based remote access trojan that lives entirely in memory. The infection chain starts with a per‑user Registry Run key that launches a PowerShell loader, which decodes Donut‑generated...
When Responsible Disclosure Becomes Unpaid Labor
Responsible disclosure is increasingly failing as organizations delay acknowledgment, dispute severity, and provide little compensation, turning ethical research into unpaid labor. The recent React2Shell (CVE-2025-55182) case shows coordinated response can work, yet exploitation still spread quickly. In contrast, unbacked open‑source...
Startup Amutable Plotting Linux Security Overhaul to Counter Hacking Threats
Berlin‑based startup Amutable, founded by former Red Hat and Microsoft engineers including systemd creator Lennart Poettering, announced a mission to bring determinism and verifiable integrity to Linux systems. The company plans to replace heuristic security with cryptographic verification of boot processes and...
The CSO Guide to Top Security Conferences
The CSO editorial team compiled a calendar of security conferences slated for February through May 2026, covering more than 30 events across Asia, Europe, North America and Australia. Highlights include multiple Gartner Security & Risk Management Summits, the BSides community...
Human Risk Management: CISOs’ Solution to the Security Awareness Training Paradox
Human risk management (HRM) is emerging as a solution to the security awareness training (SAT) paradox, where 70‑90% of breaches originate from employee actions despite billions spent on training. While SAT spending is projected to grow 15% annually, its efficacy...
EU’s Answer to CVE Solves Dependency Issue, Adds Fragmentation Risks
The European Union has launched the Global Cybersecurity Vulnerability Enumeration (GCVE.eu) database, aggregating advisories from over 25 public sources into a single, searchable platform hosted by Luxembourg’s CIRCL and co‑funded by the EU’s FETTA project. The initiative aims to mitigate...
NIST’s AI Guidance Pushes Cybersecurity Boundaries
NIST’s Center for AI Standards and Innovation released a formal Request for Information targeting secure practices for autonomous AI agents, signaling a shift from broad, principle‑based AI risk guidance to concrete, operational controls. The agency highlighted the limits of treating...
Sicarii Ransomware Locks Your Data and Throws Away the Keys
Sicarii ransomware generates a fresh RSA key pair on each victim system and discards the private key, making encrypted data unrecoverable even after ransom payment. This defect breaks the standard ransomware‑as‑a‑service model that relies on attacker‑held private keys for decryption....
Always-On Privileged Access Is Pervasive — and Fraught with Risks
Enterprises are plagued by pervasive always‑on privileged access, with 91 % of users remaining logged in at their highest privilege level. Legacy governance, mergers, cloud migrations and rapid fixes have left dormant privileged accounts embedded in critical workflows, creating a massive...
Delegation Is a Risk Decision Every Leader Makes, Not an Ops Choice
Leaders increasingly delegate decision‑making authority to software, turning routine operational choices into enterprise‑level risk decisions. When systems automatically issue credits, payments, or pricing adjustments, the underlying authority often lacks explicit ownership, exposing organizations to financial, legal, and reputational fallout. Security...
4 Issues Holding Back CISOs’ Security Agendas
CISOs increasingly view a breach as inevitable, with 76% expecting a material cyberattack within the next year and 58% deeming their organizations unprepared. Four core issues impede progress: insufficient training and empowerment of security teams, lagging AI governance, limited AI...
Microsoft Handed over BitLocker Keys to Law Enforcement, Raising Enterprise Data Control Concerns
Microsoft complied with an FBI search warrant in early 2025, providing BitLocker recovery keys stored on its cloud to law‑enforcement for three laptops linked to a Guam unemployment fraud case. The keys were automatically backed up to Microsoft Entra ID,...
NETSCOUT Recognized for Leadership in Network Detection and Response
NETSCOUT has been named a leader in network detection and response (NDR) by Quadrant Knowledge Solutions’ 2025 SPARK Matrix. The company’s Omnis Cyber Intelligence platform leverages Adaptive Service Intelligence to inspect packets at up to 100 Gbps, delivering deep, context‑rich metadata...
Smarter DDoS Security at Scale
NETSCOUT introduced Arbor Edge Defense (AED), a selective decryption solution that inspects only suspicious encrypted traffic to mitigate DDoS attacks hidden in TLS 1.3 sessions. Traditional full‑traffic decryption is resource‑intensive, creating blind spots for security teams. AED combines known‑source blocking,...
Vulnerability Prioritization Beyond the CVSS Number
The article argues that relying solely on CVSS scores misguides vulnerability prioritization. Real‑world incidents like Equifax, SolarWinds, and Log4Shell show that medium‑scoring flaws can cause outsized damage when they propagate through interconnected systems. It introduces the Unified Linkage Model (ULM)...
13 Cyber Questions to Better Vet IT Vendors and Reduce Third-Party Risk
Enterprises are increasingly exposed to cyber‑risk through third‑party IT providers, as recent high‑profile breaches—Marks & Spencer’s £300 million loss, a Chinese group stealing OAuth tokens from 700 firms, and a SAP NetWeaver zero‑day—demonstrate. Attackers exploit trusted vendor pathways, bypassing traditional perimeter...
For Cyber Risk Assessments, Frequency Is Essential
Cyber risk assessments function like medical check‑ups, enabling organizations to detect vulnerabilities before attackers exploit them. The article highlights that regular assessments uncover data exposure—one in ten cloud data sets is openly accessible—and reveal that over 99% of compromised accounts...
This Intune Update Isn’t Optional — It’s a Kill Switch for Outdated Apps
Microsoft Intune MAM will enforce a mandatory update by January 19, requiring all iOS‑wrapped, SDK‑integrated apps and the Android Company Portal to run the latest versions. Outdated apps—including Outlook and Teams—will be blocked from launching. Administrators must push the new SDK...
7 Top Cybersecurity Projects for 2026
The 2026 cybersecurity roadmap highlights seven priority projects for CISOs, ranging from AI‑aware identity and access management to advanced email protection, autonomous code‑vulnerability discovery, and enterprise‑wide zero‑trust adoption. Leaders emphasize extending IAM controls to non‑human agents, leveraging small language models...
Google Vertex AI Security Permissions Could Amplify Insider Threats
XM Cyber uncovered two privilege‑escalation flaws in Google Vertex AI where default configurations let a low‑privileged "Viewer" user hijack high‑privilege service‑agent identities. Google responded that the behavior is "working as intended," echoing similar stances from other cloud providers. The issue...
From Typos to Takeovers: Inside the Industrialization of Npm Supply Chain Attacks
The npm ecosystem has moved from simple typosquatting to coordinated credential‑driven attacks that compromise maintainers and CI/CD pipelines. Attackers now hijack trusted packages, inject malicious post‑install scripts, and use stolen tokens as a "master key" to reach millions of downstream...
Iran’s Partial Internet Shutdown May Be a Windfall for Cybersecurity Intel
Iran’s near‑total internet blackout, begun Jan 8, has stripped millions of residential users offline, leaving only government‑controlled networks visible. Cybersecurity analysts say this creates a rare window to fingerprint Iranian state‑linked IPs and map their digital infrastructure. Vendors like Whisper Security...
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
SpyCloud unveiled its Supply Chain Threat Protection solution, extending identity‑threat visibility to vendors and other third‑party partners. The platform draws on billions of recaptured breach, malware, phishing and dark‑web data points to deliver real‑time evidence of compromised credentials. It introduces...
Cybersecurity at the State and Local Level: Washington Has the Framework, It’s Time to Act
The March 2025 White House Executive Order calls on states, localities and tribal entities to own their cybersecurity preparedness, while the State and Local Cybersecurity Grant Program (SLCGP) allocates $1 billion over four years to fund those efforts. The bipartisan PILLAR...
US Cybersecurity Weakened by Congressional Delays Despite Plankey Renomination
The White House renominated seasoned cyber veteran Sean Plankey as CISA director after his initial nomination lapsed, but Senate holds tied to a Coast Guard issue and a pending telecom security report are delaying confirmation. Simultaneously, deep budget cuts have...
For Application Security: SCA, SAST, DAST and MAST. What Next?
Application security is moving beyond isolated scanners toward a unified posture, provenance, and proof framework. Gartner and OWASP now emphasize Application Security Posture Management (ASPM) that aggregates SAST, DAST, SCA, MAST and IaC findings into a single, context‑aware view. Provenance...
Top 10 Vendors for AI-Enabled Security — According to CISOs
The CSO 2025 Security Priorities Study reveals that senior security executives continue to favor established, name‑brand vendors for AI‑enabled security solutions despite a flood of AI‑only startups. Cisco and Microsoft lead the list, with reputation, breach history, and integration ease...
Iran-Linked MuddyWater APT Deploys Rust-Based Implant in Latest Campaign
Iran‑linked APT MuddyWater has launched a new espionage campaign using a Rust‑based implant named RustyWater. The group delivered the malware through spear‑phishing emails that contain ZIP archives with decoy PDFs and executable files masquerading as PDFs. RustyWater replaces the group’s...
Cybersecurity at the Edge: Securing Rugged IoT in Mission-Critical Environments
Edge computing is now integral to defense, utilities and public safety, relying on rugged IoT devices that operate in extreme, disconnected environments. These deployments break traditional cybersecurity assumptions such as continuous connectivity and frequent patching, exposing critical infrastructure to heightened...
Holes in Veeam Backup Suite Allow Remote Code Execution, Creation of Malicious Backup Config Files
Veeam disclosed four vulnerabilities in its Backup & Replication suite that let users with Backup Admin, Backup Operator or Tape Operator roles execute remote code or write files as root. The most severe flaw, CVE‑2025‑59470, carries a CVSS score of...
Critical RCE Flaw Allows Full Takeover of N8n AI Workflow Platform
Researchers disclosed a critical unauthenticated remote code execution flaw (CVE‑2026‑21858) in the n8n workflow automation platform. The vulnerability stems from improper Content‑Type validation in the formWebhook function, enabling arbitrary file reads, path traversal, and full system takeover. By stealing configuration...
How to Eliminate IT Blind Spots in the Modern, AI-Driven Enterprise
Enterprises that rely heavily on AI and multi‑cloud environments are confronting new security blind spots that stem from dynamic agent behavior, data‑poisoning, and mis‑configurations. Experts advise CSOs to shift from reactive defenses to unified visibility that normalizes telemetry across AI...
Microsoft Warns of a Surge in Phishing Attacks Exploiting Email Routing Gaps
Microsoft’s Threat Intelligence team reports a sharp rise in phishing campaigns that exploit complex email routing and misconfigured MX, DMARC, and SPF settings. Attackers use these gaps to make malicious messages appear as internal communications, often leveraging phishing‑as‑a‑service platforms such...
8 Things CISOs Can’t Afford to Get Wrong in 2026
CISOs face a rapidly evolving threat landscape in 2026, from AI‑driven identity attacks and complex supply‑chain vulnerabilities to heightened geopolitical cyber aggression. Missteps in AI agent governance, cloud security, and compliance can trigger costly breaches, while human error continues to...
Open WebUI Bug Turns the ‘Free Model’ Into an Enterprise Backdoor
Security researchers have uncovered a high‑severity vulnerability (CVE‑2025‑64496) in Open WebUI, a self‑hosted interface for large language models. The flaw resides in the Direct Connections feature, where unsafe handling of server‑sent events lets a malicious model server inject JavaScript that...
6 Strategies for Building a High-Performance Cybersecurity Team
Veteran security leaders outline six strategies to transform cybersecurity groups from collections of high‑performing individuals into cohesive, high‑performing teams. The approach emphasizes hiring a blend of ambitious innovators and reliable "rock stars," while also seeking diverse backgrounds for broader perspective....
Why Arbor Edge Defense and CDN-Based DDoS Protection Are Better Together
Arbor Edge Defense (AED) complements CDN‑based DDoS mitigation by providing inline, on‑premises protection against low‑volume, application‑layer and state‑exhaustion attacks that cloud scrubbing services often miss. AED leverages AI/ML and NETSCOUT’s ATLAS threat intelligence, which monitors roughly half of global internet...
Why Cybersecurity Needs to Focus More on Investigation and Less on Just Detection and Response
Cybersecurity strategies prioritize detection and response, but over‑reliance limits long‑term protection. The article argues that investigative analysis—examining packet‑level data, attack vectors, and root causes—provides essential insights to prevent repeat incidents. Advanced threats like APTs and zero‑days often evade detection, making...
5 Myths About DDoS Attacks and Protection
The article debunks five common DDoS myths, highlighting that attacks are far more frequent and diverse than many believe. NETSCOUT’s ASERT team recorded over 15 million DDoS incidents in 2024, with a 43 % rise in sub‑gigabit, application‑layer assaults. It explains why...
Stress Caused by Cybersecurity Threats Is Taking Its Toll
Cyber threats are increasingly complex, sparking a mental‑health crisis among IT and security teams. A recent Object First survey of 500 professionals found 84% feel uncomfortably stressed and 78% fear personal blame for breaches. Nearly 60% are actively looking for...
