AI use is changing how much companies pay for cyber insurance
In July 2025, McDonald’s had an unexpected problem on the menu, one involving McHire, its AI-powered platform used to recruit and screen job applicants. The…
Category: CISOOnline
North Korean fake IT worker tradecraft exposed
“North Korean threat actors are weaponizing the trust inherent in the tech recruitment process, tricking developers into executing malicious payloads under the guise of technical…
PhantomRaven returns to npm with 88 bad packages
Once executed, the malware gathers a range of sensitive information from the developer’s environment. This includes email addresses, system details, and credentials from CI/CD platforms…
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
Critical flaw If Intune was the route to compromise, the first job for Stryker’s forensics team will be to work out how attackers got into…
Telus Digital hit with massive data breach
In other words, he said, the systems likely trusted the attacker, noting that, based on publicly available details, this incident aligns with a growing class…
10 Kennzahlen, die CISOs weiterbringen
Geht es um Security-Kennzahlen, sollten CISOs sich auf das Wesentliche fokussieren. Foto: Vadym Nechyporenko – shutterstock.com Die Security-Performance zu messen, gehört vielleicht nicht zu den…
The cyber perimeter was never dead. We just abandoned it.
Institutional failure: The place-to-stand problem The fallacy of the faded perimeter has taken hold in part due to a shift in security strategy due to…
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
Attackers cover their tracks after credential theft After capturing them, the fake client displays an error message indicating installation has failed, the advisory said. It…
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
I used to think hybrid incidents would get easier once we standardized on “one tool”: one monitoring platform, one ticketing system, one on-call process. After…
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Backup systems have become increasingly valuable targets for attackers, particularly ransomware operators, because compromising them can undermine recovery capabilities and enable data destruction or exfiltration…
Cyber criminals too are working from home… your home
The FBI is so concerned about the threat of residential proxy attacks and the dangers posed by cyber criminals using the technique that it has…
Google warns of two actively exploited Chrome zero days
These new flaws underscore the reason why browser engines remain among the most attractive targets for attackers, noted Jack Bicer, director of vulnerability research at…