Latest from todayFeatureWhat it takes to win that CSO roleSecurity leaders seeking to earn a promotion to top security exec need deep expertise in one or two cyber domains, broad fluency across the security ecosystem, and a mindset shift that marries risk reduction with business enablement.By David WeldonMar 16, 20269 minsC-SuiteCSO and CISOCareers Opinion The cyber perimeter was never dead. We just abandoned it.By Christopher BurgessMar 13, 20266 minsCyberattacksIdentity and Access ManagementNetwork SecurityFeature AI use is changing how much companies pay for cyber insuranceBy Andrada FiscuteanMar 12, 20266 minsCyberattacksCybercrimeSecurity News AnalysisClickFix techniques evolve in new infostealer campaignsBy Lucian Constantin Mar 16, 20264 minsCybercrimeSocial EngineeringWindows Security NewsStorm-2561 targets enterprise VPN users with SEO poisoning, fake clientsBy Gyana Swain Mar 13, 20264 minsCybercrimeHacker GroupsHacking NewsVeeam warns admins to patch now as critical RCE flaws hit Backup & ReplicationBy Shweta Sharma Mar 13, 20263 minsSecurityVulnerabilities News AnalysisNorth Korean fake IT worker tradecraft exposedBy John Leyden Mar 12, 20265 minsCybercrimeSecurity Feature12 ways attackers abuse cloud services to hack your enterpriseBy John Leyden Mar 11, 20268 minsCloud SecurityCyberattacksSecurity OpinionI replaced manual pen tests with automation. Here’s what I learned.By Noel Toal Mar 10, 20268 minsSecuritySecurity Practices More security newsnewsOpen VSX extensions hijacked: GlassWorm malware spreads via dependency abuseThreat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace checks and silently installing malware onto developers’ systems.By Shweta Sharma Mar 16, 2026 3 minsCybercrimeMalwareSecuritynewsNine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at riskQualys researchers expose ‘CrackArmor’ flaws that allow unprivileged users to escalate privileges to root, break container isolation, and crash systems, with no CVE identifiers yet assigned.By Gyana Swain Mar 16, 2026 5 minsSecurityVulnerabilitiesnewsGoogle warns of two actively exploited Chrome zero days One allows a remote attacker to execute arbitrary code inside a sandbox, the other could result in loss of sensitive information.By Howard Solomon Mar 13, 2026 3 minsBrowser SecurityEndpoint ProtectionZero-Day VulnerabilitiesnewsCyber criminals too are working from home… your homeThe FBI has warned of the threat posed by ‘residential proxies’: networks of devices, typically owned by consumers, that have been taken over by cybercriminals.By Maxwell Cooter Mar 13, 2026 2 minsInternet SecurityNetwork SecuritySecurityopinionHybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mindYour hybrid stack is failing at the seams because your teams are too busy proving their own systems are "green" while the actual customer experience is on fire.By Shalini Sudarsan Mar 13, 2026 8 minsCloud SecurityIncident ResponseSecurity PracticesnewsTelus Digital hit with massive data breachThe attack is described as not ‘smash-and-grab ransomware’, but ‘strategic, disciplined, and optimized for maximum leverage.’By Paul Barker Mar 12, 2026 4 minsCyberattacksCybercrimeData BreachnewsMedical giant Stryker crippled after Iranian hackers remotely wipe computers A nation-state group claims to have wiped 200,000 devices in 79 countries after a possible Microsoft Intune compromise.By John E. Dunn Mar 12, 2026 5 minsCyberattacksCybercrimeHealthcare IndustrynewsPhantomRaven returns to npm with 88 bad packages Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware.By Shweta Sharma Mar 12, 2026 4 minsCybercrimeMalwareSecuritynewsResumés with malicious ISO attachments are circulating, says AryakaHR staff need to understand that these unfamiliar files execute commands and shouldn’t be opened.By Howard Solomon Mar 11, 2026 6 minsMalwarePhishingSocial EngineeringnewsCISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flawsPatched vulnerabilities in Ivanti Endpoint Manager and Cisco Catalyst SD-WAN are under attack, according to the US security agency, which added reporting requirements to its previous Cisco directive.By Lucian Constantin Mar 11, 2026 3 minsCyberattacksSecurityVulnerabilitiesnewsAWS expands Security Hub for multicloud security operationsThe update introduces a unified operations layer designed to aggregate risk signals across cloud environments and help CISOs manage threats through a single security solution.By Nidhi Singal Mar 11, 2026 6 minsCloud SecuritySecuritynewsOverly permissive ‘guest’ settings put Salesforce customers at riskSalesforce warns that a threat campaign is exploiting overly permissive Experience Cloud guest configurations to harvest data from public portals.By Shweta Sharma Mar 11, 2026 4 minsCyberattacksCybercrimeData Breach Show more Show less Video on demand video How Intelligence and AI Are Changing Cyber Defense | Erin Whitmore, Former CIA What if you could stop cyberattacks before they happen? In this episode of Cyber Sessions, host Joan Goodchild sits down with Erin Whitmore, former CIA case officer and current Head of the CYNTURION Group for CYPFER, to discuss how her team uses intelligence and AI to anticipate and prevent attacks before adversaries strike. Whitmore reveals how proactive cybersecurity is blending human intuition, artificial intelligence, and offensive tactics to predict threats — while balancing the line between privacy and protection. By Joan Goodchild Feb 4, 2026 28 minsCyberattacksCybercrime Inside the SMB Threat Landscape: AT&T’s Senthil Ramakrishnan on Why Small Businesses Are Cybercrime’s Favorite Target By Joan Goodchild Jan 13, 2026 23 mins CybercrimeSmall and Medium Business Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan Goodchild Dec 15, 2025 26 mins Application SecurityCSO and CISO CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan Goodchild Dec 10, 2025 27 mins CSO and CISOSecurity Infrastructure See all videos Explore a topicGenerative AIApplication SecurityBusiness ContinuityBusiness OperationsCareersCloud SecurityComplianceCritical InfrastructureCybercrimeIdentity and Access ManagementIndustryIT LeadershipNetwork SecurityPhysical SecurityView all topics The new era of IT innovation Articles Buyer’s Guide Emerging technologies from AI and quantum computing to extended reality, edge computing, digital twins, and more are at the forefront of innovation, poised to reshape how companies operate, compete, and deliver value in a rapidly evolving digital landscape. CIOs and their teams find it difficult to keep pace with emerging tech and to understand the provider landscape. This focus enables sponsors to share their strategies and offerings in new areas of keen interest to buyers. View all Popular topicsGenerative AI opinionA 5-step approach to taming shadow AIBy Greg Neville Mar 11, 2026 7 minsArtificial IntelligenceGenerative AIRisk Management opinionHow to make LLMs a defensive advantage without creating a new attack surfaceBy Ankit Gupta Feb 27, 2026 9 minsGenerative AISecurity InfrastructureSecurity Operations Center newsSix flaws found hiding in OpenClaw’s plumbingBy Shweta Sharma Feb 19, 2026 3 minsArtificial IntelligenceGenerative AISecurity View topic Cybercrime opinionDid cybersecurity recently have its Gatling gun moment?By Dan Lohrmann Mar 11, 2026 9 minsCyberattacksCybercrimeData and Information Security newsJack & Jill went up the hill — and an AI tried to hack themBy Taryn Plumb Mar 10, 2026 7 minsArtificial IntelligenceCybercrimeHacking newsDevs looking for OpenClaw get served a GhostClaw RATBy Shweta Sharma Mar 10, 2026 3 minsCybercrimeMalwareSecurity View topic Careers events promotionAnnouncing the 2026 CSO Hall of Fame honoreesBy CSO events Mar 11, 2026 5 minsCareersData and Information SecurityRisk Management featureHow to know you’re a real-deal CSO — and whether that job opening truly seeks oneBy David Weldon Mar 4, 2026 10 minsCSO and CISOCareersIT Leadership newsOne of the ‘most influential cybersecurity’ roles will pay under $175,000By Maxwell Cooter Feb 27, 2026 2 minsCSO and CISOGovernmentGovernment IT View topic IT Leadership opinionInnovation without exposure: A CISO’s secure-by-design framework for business outcomesBy Luke Collinson Mar 2, 2026 12 minsIT LeadershipInnovationSecurity Practices opinionA scorecard for cyber and risk cultureBy Maman Ibrahim and Gavriel Schneider Mar 2, 2026 15 minsIT LeadershipRisk ManagementSecurity Practices opinionThe farmers and the mercenaries: Rethinking the ‘human layer’ in securityBy Alan LeFort Feb 26, 2026 6 minsIT LeadershipSecurity InfrastructureSecurity Operations Center View topic In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsCyber Sessions with Joan GoodchildCybersecurity is constantly evolving, and so are the leaders who shape it. Hosted by veteran journalist Joan Goodchild, Cyber Sessions brings candid conversations with top CISOs, strategists, and industry influencers. Each episode cuts through the noise to explore the trends, challenges, and leadership insights that define the future of security.6 episodesSecuritySecurity Practices Ep. 06 How Intelligence and AI Are Changing Cyber Defense | Erin Whitmore, Former CIA By Joan Goodchild Jun 28, 202328 mins CyberattacksCybercrime Ep. 06 Inside the SMB Threat Landscape: AT&T’s Senthil Ramakrishnan on Why Small Businesses Are Cybercrime’s Favorite Target By Joan Goodchild Jun 28, 202323 mins CybercrimeSmall and Medium Business Show me moreLatestArticlesPodcastsVideos opinion Why zero trust breaks down in IoT and OT environments By Henry SienkiewiczMar 11, 20267 mins Access ControlIdentity and Access ManagementZero Trust news Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials By Gyana SwainMar 11, 20264 mins SecurityVulnerabilities events promotion CSO Awards 2026 celebrates world-class security strategies By CSO StaffMar 11, 20263 mins CSO50Events podcast CSO Executive Sessions ASEAN: From Compliance to Cyber Resilience-Securing Patient Trust in Southeast Asia’s Hospitals By Estelle QuekFeb 24, 202623 mins CyberattacksCybercrimeRansomware podcast How Intelligence and AI Are Changing Cyber Defense | Erin Whitmore, Former CIA By Joan GoodchildFeb 4, 202628 mins CyberattacksCybercrime podcast Inside the SMB Threat Landscape: AT&T’s Senthil Ramakrishnan on Why Small Businesses Are Cybercrime’s Favorite Target By Joan GoodchildJan 13, 202623 mins CybercrimeSmall and Medium Business video CSO Executive Sessions ASEAN: From Compliance to Cyber Resilience-Securing Patient Trust in Southeast Asia’s Hospitals By Estelle QuekFeb 24, 202623 mins CSO and CISOElectronic Health RecordsRansomware video CSO Executive Sessions ASEAN: The Human Firewall-Retention, AI Readiness, and Women in Cybersecurity By Estelle QuekJan 11, 202628 mins CyberattacksCybercrimeHuman Resources video CSO Executive Sessions Australia with Daisy Wong, Head of Security Awareness at Medibank Dec 14, 202538 mins CSO and CISO