CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now…
Category: CISOOnline
Resumés with malicious ISO attachments are circulating, says Aryaka
Defensive strategies “It is virtually impossible to instill sophisticated levels of knowledge for every user of technology to be able to correctly identify malicious communications,”…
Wie CISOs schlechte Angebote enttarnen
Drum prüfe… Ground Picture | shutterstock.com Security-Anbietern stehen viele Wege offen, um CISOs und Sicherheitsentscheider mit Lobpreisungen und Angeboten zu ihren jeweils aktuellen Produkten und…
“Zombie ZIP”: Neue Angriffstechnik täuscht Virenscanner
Mithilfe sogenannter Zombie-ZIPs lassen sich fast alle Virenscanner austricksen. Pressmaster | shutterstock.com Eine neue Technik mit dem Namen „Zombie ZIP“ ist in der Lage, Payloads…
AI use is changing how much companies pay for cyber insurance
In July 2025, McDonald’s had an unexpected problem on the menu, one involving McHire, its AI-powered platform used to recruit and screen job applicants. The…
North Korean fake IT worker tradecraft exposed
“North Korean threat actors are weaponizing the trust inherent in the tech recruitment process, tricking developers into executing malicious payloads under the guise of technical…
PhantomRaven returns to npm with 88 bad packages
Once executed, the malware gathers a range of sensitive information from the developer’s environment. This includes email addresses, system details, and credentials from CI/CD platforms…
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
Critical flaw If Intune was the route to compromise, the first job for Stryker’s forensics team will be to work out how attackers got into…
Telus Digital hit with massive data breach
In other words, he said, the systems likely trusted the attacker, noting that, based on publicly available details, this incident aligns with a growing class…
10 Kennzahlen, die CISOs weiterbringen
Geht es um Security-Kennzahlen, sollten CISOs sich auf das Wesentliche fokussieren. Foto: Vadym Nechyporenko – shutterstock.com Die Security-Performance zu messen, gehört vielleicht nicht zu den…
The cyber perimeter was never dead. We just abandoned it.
Institutional failure: The place-to-stand problem The fallacy of the faded perimeter has taken hold in part due to a shift in security strategy due to…
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
Attackers cover their tracks after credential theft After capturing them, the fake client displays an error message indicating installation has failed, the advisory said. It…