Tag: defense
-
2025 Year in Review at Cloud Security Podcast by Google
Tags: 2fa, ai, automation, breach, cloud, compliance, computing, control, cybersecurity, data, defense, detection, edr, finance, google, hacking, incident response, infrastructure, linux, mandiant, metric, mitigation, offense, phone, privacy, risk, security-incident, siem, soc, technology, threat, vulnerability, vulnerability-management, zero-trust(written jointly with Tim Peacock) Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or”Š”, “Šif you’re a very large enterprise”Š”, “Šjust start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google. We…
-
Best of 2025: Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats
The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and evade detection. The Veriti Research team analyzed these chat logs, revealing our favorite exploits, security measures they bypass, and the defenses they fear most. Veriti Research analyzed these chat communications, exposing: Targeted Exploits:..…
-
Polygraph Controversy at CISA Sparks Internal Investigation, Six Staff Placed on Leave
A failed polygraph test taken by the acting head of the Cybersecurity and Infrastructure Security Agency (CISA) has triggered an internal investigation at the Department of Homeland Security, placing at least six long-serving career officials on administrative leave and deepening turmoil inside the federal government’s lead civilian cyber defense agency. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-acting-director-polygraph-test/
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
DevOps and Cybersecurity: Building a New Line of Defense Against Digital Threats
Learn how DevOps and DevSecOps strengthen cybersecurity through automation, CI/CD, and secure DevOps development services. First seen on hackread.com Jump to article: hackread.com/devops-cybersecurity-digital-threats-defense/
-
Cybersecurity Budgets are Going Up, Pointing to a Boom
KPMG finds cybersecurity budgets rising sharply as leaders invest in AI-driven defense, resilience, and smarter security operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cybersecurity-budgets-are-going-up-pointing-to-a-boom/
-
Senate Intel Chair Warns of Open-Source Security Risks
Top Lawmaker Urges White House to Review Foreign Influence in Open-Source Code. A top Republican in the U.S. Senate warned the White House that foreign adversaries are exploiting trusted open-source software used across federal networks and defense systems, urging the National Cyber Director to lead efforts to monitor contributors and reduce supply chain risk. First…
-
Preventing This Week’s AWS Cryptomining Attacks: Why Detection Fails and Permissions Matter
The recent discovery of a cryptomining campaign targeting Amazon compute resources highlights a critical gap in traditional cloud defense. Attackers are bypassing perimeter defenses by leveraging compromised credentials to execute legitimate but privileged API calls like ec2:CreateLaunchTemplate, ecs:RegisterTaskDefinition, ec2:ModifyInstanceAttribute, and lambda:CreateFunctionUrlConfig. While detection tools identify anomalies after they occur, they do not prevent execution, lateral……
-
Kirsten Davies Confirmed as Pentagon CIO
Former Unilever CISO to Lead Department of Defense IT. A former Unilever executive is officially the next U.S. Department of Defense CIO. The Pentagon CIO is the principal technology advisor to Pentagon leadership and manages the department’s information management and IT, and many other critical systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/kirsten-davies-confirmed-as-pentagon-cio-a-30353
-
HubSpot Phishing Campaign Bypasses Trusted Email Defenses
A phishing campaign targeting HubSpot users bypassed email defenses by abusing trusted platforms and authenticated infrastructure. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/hubspot-phishing-campaign-bypasses-trusted-email-defenses/
-
NDSS 2025 PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation
Session 6C: Sensor Attacks Authors, Creators & Presenters: Yan Jiang (Zhejiang University), Xiaoyu Ji (Zhejiang University), Yancheng Jiang (Zhejiang University), Kai Wang (Zhejiang University), Chenren Xu (Peking University), Wenyuan Xu (Zhejiang University) PAPER NDSS 2025 – PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation Sensors are key components to enable various applications, e.g., home intrusion…
-
NDSS 2025 PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation
Session 6C: Sensor Attacks Authors, Creators & Presenters: Yan Jiang (Zhejiang University), Xiaoyu Ji (Zhejiang University), Yancheng Jiang (Zhejiang University), Kai Wang (Zhejiang University), Chenren Xu (Peking University), Wenyuan Xu (Zhejiang University) PAPER NDSS 2025 – PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation Sensors are key components to enable various applications, e.g., home intrusion…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across multiple organizations, Lefteris brings a…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
Trump signs defense bill allocating millions for Cyber Command, mandating Pentagon phone security
President Donald Trump signed a $901 billion Pentagon policy bill that features a slew of cyber provisions, including a requirement that senior Defense Department officials use phones with “enhanced cybersecurity protections.” First seen on therecord.media Jump to article: therecord.media/trump-signs-ndaa-cyber-command
-
Beyond Rules and Alerts: How Behavioral Threat Analytics Redefines Modern Cyber Defense
Executive Summary Modern cyber adversaries no longer depend on loud malware, obvious exploits, or easily identifiable indicators of compromise. Instead, they leverage legitimate credentials, trusted tools, and native system functions to operate silently within enterprise environments. These attacks are deliberately designed to resemble normal business activity, rendering traditional detection methods ineffective. Behavioral Threat Analytics (BTA)…
-
Adaptive Security Gets $81M Series B for AI Deepfake Defense
Bain Capital Ventures Funding Backs Risk Tools for AI-Driven Voice, Video Threats. With AI-powered voice and video deepfakes on the rise, Adaptive Security has raised $81 million in a Bain Capital Ventures-led Series B round to accelerate its efforts in personalized training, risk assessment and real-time attack simulations across SMS, voice and video channels. First…
-
NDSS 2025 PhantomLiDAR: Cross-Modality Signal Injection Attacks Against LiDAR
Session 6C: Sensor Attacks Authors, Creators & Presenters: Zizhi Jin (Zhejiang University), Qinhong Jiang (Zhejiang University), Xuancun Lu (Zhejiang University), Chen Yan (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University) PAPER PhantomLiDAR: Cross-Modality Signal Injection Attacks Against LiDAR LiDAR is a pivotal sensor for autonomous driving, offering precise 3D spatial information. Previous signal…
-
NDSS 2025 PhantomLiDAR: Cross-Modality Signal Injection Attacks Against LiDAR
Session 6C: Sensor Attacks Authors, Creators & Presenters: Zizhi Jin (Zhejiang University), Qinhong Jiang (Zhejiang University), Xuancun Lu (Zhejiang University), Chen Yan (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University) PAPER PhantomLiDAR: Cross-Modality Signal Injection Attacks Against LiDAR LiDAR is a pivotal sensor for autonomous driving, offering precise 3D spatial information. Previous signal…
-
NDSS 2025 PhantomLiDAR: Cross-Modality Signal Injection Attacks Against LiDAR
Session 6C: Sensor Attacks Authors, Creators & Presenters: Zizhi Jin (Zhejiang University), Qinhong Jiang (Zhejiang University), Xuancun Lu (Zhejiang University), Chen Yan (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University) PAPER PhantomLiDAR: Cross-Modality Signal Injection Attacks Against LiDAR LiDAR is a pivotal sensor for autonomous driving, offering precise 3D spatial information. Previous signal…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
Senate Intel chair urges national cyber director to safeguard against open-source software threats
Tom Cotton, R-Okla., cited Chinese and Russian involvement in open-source tech and the risks to government and defense systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/tom-cotton-open-source-software-foreign-influence-national-cyber-director/
-
Senate Intel chair urges national cyber director to safeguard against open-source software threats
Tom Cotton, R-Okla., cited Chinese and Russian involvement in open-source tech and the risks to government and defense systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/tom-cotton-open-source-software-foreign-influence-national-cyber-director/
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…

