Tag: ciso

AI prompt injection gets real, with macros the latest hidden threat

Sep 11, 2025 10:16 AM

Tags: ai, attack, ciso, control, cybersecurity, data, defense, governance, injection, intelligence, jobs, LLM, malicious, malware, microsoft, office, RedTeam, strategy, threat, tool, unauthorized, zero-trust

Jedi mind trick turned against AI-based malware scanners: The “Skynet” malware, discovered in June 2025, featured an attempted prompt injection against AI-powered security tools. The technique was designed to manipulate AI malware analysis systems into falsely declaring no malware was detected in a sample through a form of “Jedi mind trick.”Researchers at Check Point reckon…
How attackers weaponize communications networks

Sep 11, 2025 8:16 AM

Tags: advisory, ciso, communications, network, risk

In this Help Net Security interview, Gregory Richardson, Vice President, Advisory CISO Worldwide, at BlackBerry, talks about the growing risks to communications networks. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/11/gregory-richardson-blackberry-securing-communication-networks/
How attackers weaponize communications networks

Sep 11, 2025 8:16 AM

Tags: advisory, ciso, communications, network, risk

In this Help Net Security interview, Gregory Richardson, Vice President, Advisory CISO Worldwide, at BlackBerry, talks about the growing risks to communications networks. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/11/gregory-richardson-blackberry-securing-communication-networks/
Menschenzentrierte Cybersicherheit gewinnt an Bedeutung

Sep 11, 2025 7:16 AM

Tags: ai, awareness, ciso, cyersecurity, deep-fake, gartner, mail, monitoring, password, phishing, risk, risk-management, social-engineering, threat, tool, training

Lesen Sie, worauf es beim Human Risk Management ankommt.Die Rolle des CISO in Unternehmen hat sich stark gewandelt, vom Cybersicherheitsexperten mit Technikfokus hin zu einem Manager von Mensch und Maschine. Gerade diese Kompetenzen sind insbesondere essentiell, um größten Cybersicherheitsrisiken zu reduzieren. Immer wieder nutzen Cyberkriminelle Social Engineering und somit menschliches Handeln, um Unternehmen effektiv zu…
When is the Right Time to Hire a CISO?

Sep 11, 2025 5:16 AM

Tags: breach, cio, ciso, cybersecurity, data, international, jobs, law, risk, skills, startup, threat

Knowing when to hire a CISO is a challenging proposition one which most organizations will eventually need to answer. The need to hire a CISO depends on a combination of factors, including but not limited to: Relevance of regulatory requirements Size of the organization Complexity of operations Sensitivity of data handled or processed Desired risk…
Neues Phishing-Framework umgeht Multi-Faktor-Authentifizierung

Sep 10, 2025 6:22 PM

Tags: authentication, ceo, ciso, cloud, corporate, cyberattack, framework, hacker, Hardware, infrastructure, mail, mfa, microsoft, passkey, password, phishing, service, strategy, zero-trust

Phishing 2.0 nutzt Subdomain-Rotation und Geoblocking.Eine kürzlich aufgedeckte Phishing-Kampagne steht in Verbindung mit Salty2FA, einem Phishing-as-a-Service-(PhaaS-)Framework. Es soll entwickelt worden sein, um Multi-Faktor-Authentifizierung (MFA) zu umgehen.Wie die Cybersicherheitsfirma Ontinue herausgefunden hat,fängt sie Verifizierungsmethoden ab,rotiert Subdomains undtarnt sich innerhalb vertrauenswürdiger Plattformen wie Cloudflare Turnstile.In unserer US-Schwesterpublikation CSO erklärten die Experten, dass die Kampagne ‘bemerkenswerte technische Innovationen”…
We’ve crossed the security singularity – Impart Security

Sep 10, 2025 6:02 PM

Tags: access, ai, api, attack, authentication, breach, ciso, compliance, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, framework, group, hacker, incident response, injection, intelligence, Internet, msp, password, penetration-testing, ransomware, risk, risk-assessment, skills, software, sql, strategy, supply-chain, threat, update, vulnerability, zero-day, zero-trust

The Bottom Line: We’ve Crossed the Security Singularity “ The Security Singularity: When AI Democratized Cyberattacks We’ve crossed a threshold that fundamentally changes cybersecurity forever. Not with fanfare or headlines, but quietly, in the background of our AI-powered world. The expertise barrier that once separated script kiddies from sophisticated threat actors has simply… vanished. I…
Ransomware upstart ‘The Gentlemen’ raises the stakes for OT”‘heavy sectors

Sep 10, 2025 5:16 PM

Tags: access, attack, breach, ceo, ciso, credentials, cybersecurity, data, defense, endpoint, group, healthcare, insurance, intelligence, least-privilege, monitoring, network, ransomware, resilience, risk, supply-chain, threat, tool, update, vulnerability, zero-trust

High-stakes industries make prime targets: The attacks have been spread across 17 countries, with Thailand and the US being the top targets, followed by Venezuela and India. The Gentlemen ransomware group already has a victim count of 27, with manufacturing and construction industries being the key targets, followed by healthcare, insurance, and others.”These sectors are…
6 hot cybersecurity trends

Sep 10, 2025 5:16 PM

Tags: access, ai, attack, automation, awareness, breach, ceo, chatgpt, cisco, ciso, cloud, compliance, credentials, crowdstrike, cyber, cybersecurity, data, data-breach, deep-fake, edr, email, endpoint, finance, firewall, google, group, hacker, ibm, identity, incident response, infrastructure, intelligence, jobs, law, LLM, malicious, mfa, monitoring, network, open-source, password, phishing, phone, radius, RedTeam, risk, risk-assessment, sans, skills, sophos, strategy, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability, zero-trust

2. Protecting AI from attacks: AI can help CISOs protect their IT infrastructure, but who’s protecting the AI?”While 2024 saw a surge in proof-of-concept (POC) projects for gen AI, many organizations are moving these projects into production without conducting comprehensive risk assessments,” IDC concludes in its 2025 Security and Trust FutureScape.”Companies may face significant vulnerabilities…
Patch Tuesday priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-V

Sep 10, 2025 5:16 PM

Tags: access, attack, authentication, awareness, business, ciso, control, cve, cvss, data, exploit, flaw, ibm, infrastructure, Internet, microsoft, mitigation, network, ntlm, oracle, remote-code-execution, risk, sans, sap, service, software, threat, unauthorized, update, vulnerability, windows, zero-day

CSO. “The sole fact of being it a deserialization vulnerability, exploitable in an unauthenticated way, makes it very critical,” he said. “The positive side of this vulnerability for defenders is that it is exploitable through a protocol that is not typically internet-facing, the RMI-P4 SAP protocol.” Deserialization vulnerabilities are common in products like NetWeaver, Johannes Ullrich,…
6 hot cybersecurity trends

Sep 10, 2025 5:16 PM

Tags: access, ai, attack, automation, awareness, breach, ceo, chatgpt, cisco, ciso, cloud, compliance, credentials, crowdstrike, cyber, cybersecurity, data, data-breach, deep-fake, edr, email, endpoint, finance, firewall, google, group, hacker, ibm, identity, incident response, infrastructure, intelligence, jobs, law, LLM, malicious, mfa, monitoring, network, open-source, password, phishing, phone, radius, RedTeam, risk, risk-assessment, sans, skills, sophos, strategy, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability, zero-trust

2. Protecting AI from attacks: AI can help CISOs protect their IT infrastructure, but who’s protecting the AI?”While 2024 saw a surge in proof-of-concept (POC) projects for gen AI, many organizations are moving these projects into production without conducting comprehensive risk assessments,” IDC concludes in its 2025 Security and Trust FutureScape.”Companies may face significant vulnerabilities…
Blue Mantis Expands Into Full-Scale MSSP With Launch Of Mantis Protect Service

Sep 10, 2025 5:16 PM

Tags: ciso, cyberattack, mssp, service, threat

Blue Mantis unveiled a major expansion of its managed security service Wednesday with the launch of a comprehensive offering, Mantis Protect, that will provide a massive boost to threat response and proactive security at a time of intensifying cyberattacks, Blue Mantis CISO Jay Martin told CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2025/blue-mantis-expands-into-full-scale-mssp-with-launch-of-mantis-protect-service
Patch Tuesday priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-V

Sep 10, 2025 5:16 PM

Tags: access, attack, authentication, awareness, business, ciso, control, cve, cvss, data, exploit, flaw, ibm, infrastructure, Internet, microsoft, mitigation, network, ntlm, oracle, remote-code-execution, risk, sans, sap, service, software, threat, unauthorized, update, vulnerability, windows, zero-day

CSO. “The sole fact of being it a deserialization vulnerability, exploitable in an unauthenticated way, makes it very critical,” he said. “The positive side of this vulnerability for defenders is that it is exploitable through a protocol that is not typically internet-facing, the RMI-P4 SAP protocol.” Deserialization vulnerabilities are common in products like NetWeaver, Johannes Ullrich,…
AI agents are here, now comes the hard part for CISOs

Sep 10, 2025 5:16 PM

Tags: ai, ciso

AI agents are being deployed inside enterprises today to handle tasks across security operations. This shift creates new opportunities for security teams but also introduces … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/google-ai-security-roi/
AI agents are here, now comes the hard part for CISOs

Sep 10, 2025 5:16 PM

Tags: ai, ciso

AI agents are being deployed inside enterprises today to handle tasks across security operations. This shift creates new opportunities for security teams but also introduces … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/google-ai-security-roi/
AI agents are here, now comes the hard part for CISOs

Sep 10, 2025 5:16 PM

Tags: ai, ciso

AI agents are being deployed inside enterprises today to handle tasks across security operations. This shift creates new opportunities for security teams but also introduces … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/google-ai-security-roi/
CISOs, stop chasing vulnerabilities and start managing human risk

Sep 10, 2025 5:16 PM

Tags: breach, ciso, intelligence, risk, vulnerability

Breaches continue to grow in scale and speed, yet the weakest point remains unchanged: people. According to Dune Security’s 2025 CISO Risk Intelligence Survey, over 90 percent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/ciso-human-centric-risk/
CISOs, stop chasing vulnerabilities and start managing human risk

Sep 10, 2025 5:16 PM

Tags: breach, ciso, intelligence, risk, vulnerability

Breaches continue to grow in scale and speed, yet the weakest point remains unchanged: people. According to Dune Security’s 2025 CISO Risk Intelligence Survey, over 90 percent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/ciso-human-centric-risk/
Zero Trust’s Next Phase: Agility, Identity, AI Risks

Sep 9, 2025 6:08 PM

Tags: access, ai, ciso, control, data, governance, identity, intelligence, network, risk, threat, zero-trust

Why CISOs Must Rethink Access, Behavioral Analytics and AI Governance at Scale Zero trust is evolving beyond static controls and network segmentation. CISOs must prepare for dynamic, behavior-driven security models that incorporate real-time intelligence, enforce identity and data safeguards, and manage AI as both a threat vector and a security tool. First seen on govinfosecurity.com…
Breaking Down Silos: Why You Need an Ecosystem View of Cloud Risk

Sep 9, 2025 5:08 PM

Tags: access, attack, business, ciso, cloud, compliance, container, cvss, cyber, data, data-breach, exploit, governance, grc, identity, infrastructure, Internet, least-privilege, metric, network, risk, threat, tool, training, vulnerability

A disjointed approach to cloud security generates more noise than clarity, making it hard for you to prioritize what to fix first. Learn how Tenable dissolves this challenge by integrating cloud security into a unified exposure management platform giving you the context to pinpoint your organization’s biggest cyber risks. Don’t just manage cloud security understand…
Breaking Down Silos: Why You Need an Ecosystem View of Cloud Risk

Sep 9, 2025 5:08 PM

Tags: access, attack, business, ciso, cloud, compliance, container, cvss, cyber, data, data-breach, exploit, governance, grc, identity, infrastructure, Internet, least-privilege, metric, network, risk, threat, tool, training, vulnerability

A disjointed approach to cloud security generates more noise than clarity, making it hard for you to prioritize what to fix first. Learn how Tenable dissolves this challenge by integrating cloud security into a unified exposure management platform giving you the context to pinpoint your organization’s biggest cyber risks. Don’t just manage cloud security understand…
When AI nukes your database: The dark side of vibe coding

Sep 9, 2025 2:08 PM

Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trust

private paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
When AI nukes your database: The dark side of vibe coding

Sep 9, 2025 2:08 PM

Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trust

private paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
When AI nukes your database: The dark side of vibe coding

Sep 9, 2025 2:08 PM

Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trust

private paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
How Leading CISOs are Getting Budget Approval

Sep 9, 2025 12:08 PM

Tags: breach, ciso, tool

It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized.If you’re a CISO or security leader, you’ve likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they’re framed in…
71% of CISOs hit with third-party security incident this year

Sep 9, 2025 10:08 AM

Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, tool

Software supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
71% of CISOs hit with third-party security incident this year

Sep 9, 2025 10:08 AM

Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, tool

Software supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
5 ways CISOs are experimenting with AI

Sep 9, 2025 10:08 AM

Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-management

Translating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
71% of CISOs hit with third-party security incident this year

Sep 9, 2025 10:08 AM

Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, tool

Software supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
5 ways CISOs are experimenting with AI

Sep 9, 2025 10:08 AM

Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-management

Translating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…