Security vulnerabilities remain the most common entry point for cyber attacks. This section tracks newly discovered CVEs, zero-day vulnerabilities, and actively exploited flaws affecting enterprise infrastructure, cloud environments, and software supply chains.
81 articles
A recent surge in Instagram password reset emails coincided with a leak of 17M user records. CISOs must act fast to assess data exposure and social engineering risk.
Click-through rates misrepresent email risk. CISOs should pivot to containment metrics that better reflect modern phishing response and breach limitations.
HP's OmniBook redefines mobile computing with AI-ready chips and exceptional battery life. C-suite stakeholders must evaluate the cybersecurity trade-offs now.
A sophisticated fake WinRAR campaign hides malware behind a genuine-looking installer. CISOs must assess exposure to malicious file download vectors.
Microsoft has uncovered a phishing threat using complex routing and DNS misconfigurations to spoof trusted domains. CISOs must update defenses.
Chinese-language darknet markets on Telegram are enabling massive-scale cybercrime, with $2B/month in illicit activity. Here's what CISOs need to know.
Recommissioning or reselling enterprise Windows PCs? CISOs must enforce secure sanitization practices to prevent sensitive data leakage and maintain compliance.
A global surge in LinkedIn job scams exposes enterprise attack surfaces. CISOs must understand phishing risks tied to fraudulent job offers and insider fraud.
LG’s latest laptops introduce an in-house ultralight material called Aerominum. CISOs should evaluate the durability, data handling, and potential risks of these emerging endpoints.
Equifax’s CISO for Continental Europe highlights the organization's transformation journey since the 2017 breach. Security is now embedded in both governance and operations.
A CVSS 10.0 flaw in React and Next.js, dubbed React2Shell, allowed unauthenticated RCE and was exploited within hours. Exploitation is ongoing across sectors.
A ferry in Italy was compromised by IoT malware likely deployed by someone physically onboard. This unusual breach reveals critical security blind spots in maritime and operational technology.