Cybersecurity Headlines

ShinyHunters hits Madison Square Garden Cal Water finds no evidence of OT activity New CISA guide helps agencies adopt SASE for Zero Trust Get the show notes here: https://cisoseries.com/cybersecurity-news-shinyhunters-hits-msg-cal-water-confirms-no-damage-cisa-sase-guide/ Huge thanks to our episode sponsor, Guardsquare Attackers are treating your mobile app like an open book. Sixty-three percent of security leaders recently detected app tampering, cloning, or unauthorized modifications. When your code runs in an untrusted environment, you need runtime self-protection and code hardening to keep attackers out. Address tampering before it starts. Learn more at Guardsquare.com.

Feds seize alleged cyber-scam infrastructure Dragos unveils AI for OT security Scattered Spider hackers plead guilty Get the show notes here: https://cisoseries.com/cybersecurity-news-feds-seize-scam-infrastructure-dragos-unveils-ai-for-ot-security-scattered-spider-hackers-plead-guilty/ Huge thanks to our episode sponsor, Guardsquare Is your mobile app truly protected? Relying on the OS isn't enough. A global study of thirteen-hundred security and developer leaders found that ninety-six percent of teams using layered protection reported significantly fewer security incidents. Don't wait for a breach to harden your defenses. Get the protection needed for modern secuirty risks. Learn more at Guardsquare.com.

Hackers suspected in Brazil cell phone alert Prinz Eugen ransomware prioritizes recent files for encryption Congress presents bill to protect people from AI-generated deepfakes Get the show notes here: https://cisoseries.com/cybersecurity-news-brazil-phone-alert-hack-prinz-eugen-ransomware-congress-deepfake-bill/ Huge thanks to our episode sponsor, Guardsquare Mobile app security isn't just a tech issue; it's a revenue issue. A recent global study found that seventy-two percent of organizations experienced a mobile app security incident last year. Even worse? Sixty-five percent saw customer churn or uninstalls as a result. Protect your brand and your bottom line with layered mobile app protection. Learn more at Guardsquare.com.

Police clean ups SocGholish-infected sites tied to Evil Corp Klue OAuth breach linked to Icarus Salesforce data theft attacks Warner warns of CISA cuts, staffing gaps in letter to acting chief Get the show notes here: https://cisoseries.com/cybersecurity-news-police-clean-wordpress-sites-klue-oauth-breach-warners-cisa-warnings/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.

Athena coalition looks to secure open source Estonia to quarantine Russian email domains Malicious package wave hits Arch Linux Get the show notes here: https://cisoseries.com/cybersecurity-news-athena-coalition-estonias-quarantine-arch-hit-with-malware/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.

Feds require Anthropic to ban 'foreign national' access to Fable, Mythos Maine disables data breach notification portal after fake disclosures ShinyHunters extorts universities through exploiting an unpatched Oracle flaw Get the show notes here: Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.

Fortinet patches a new critical FortiSandbox flaw GitHub to disable npm install scripts by default to stop supply chain attacks Nottingham University announces data breach Get the show notes here: https://cisoseries.com/cybersecurity-news-fortinet-patches-fortisandbox-github-disables-npm-scripts-nottingham-university-breach/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at doppel.com.

Anthropic releases Claude Fable 5 French government messaging service breached CISA rethinking risk evaluations Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-fable-5-tchap-hacked-cisa-priorities/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at doppel.com.

Palantir executive considered for CISA leadership EU unveils tech sovereignty package to cut reliance on U.S., Chinese suppliers Hackers now exploit SolarWinds Serv-U flaw to crash servers Get the show notes here: https://cisoseries.com/cybersecurity-news-cisa-palantir-director-eu-tech-sovereignty-solarwinds-serv-u-flaw/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at doppel.com.

Chinese cybercrime group sets record pace Cisco warns of critical Unified CM flaw with PoC exploit code Hackers spied on a stock exchange executive's Outlook mailbox for five months Get the show notes here: https://cisoseries.com/cybersecurity-news-chinese-cybercrime-group-cisco-cm-flaw-cisa-faces-changes/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk. Get started at vanta.com/headlines.

Russia claims officials' surveillance Project Glasswing access expands CISA flags two-year-old Oracle flaw Get the show notes here: https://cisoseries.com/cybersecurity-news-russia-claims-officials-surveillance-project-glasswing-expands-cisa-flags-two-year-old-oracle-flaw/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk. Get started at vanta.com/headlines.

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks ChatGPT share links used to host fake outage pages to deliver malware Federal audit reveals NIST's NVD problems Get the show notes here: https://cisoseries.com/cybersecurity-news-globalprotect-vpn-exploited-chatgpt-share-links-exploits-feds-criticize-nist/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk. Get started at vanta.com/headlines.

Fraud gang steals from World Cup fans Pentagon says US military targeted by location IBM and Red Hat commit to "Project Lightwell" Check out your show notes here: https://cisoseries.com/cybersecurity-news-world-cup-fraud-us-military-location-targets-ibm-and-red-hat-go-project-lightwell/ Huge thanks to our sponsor, Guardsquare Attackers are treating your mobile app like an open book. Sixty-three percent of security leaders recently detected app tampering, cloning, or unauthorized modifications. When your code runs in an untrusted environment, you need runtime self-protection and code hardening to keep attackers out. Address tampering before it starts. Learn more at Guardsquare.com.