Latest from todayfeatureThe state of ransomware: Fragmented but still potent despite takedownsFresh cybercrime threats are emerging from rebranded, leaked, or purchased code, as data exfiltration becomes the norm and enterprises ramp up countermeasures.By John Leyden12 Mar 20257 minsRansomwareSecurityThreat and Vulnerability Management feature Security operations centers are fundamental to cybersecurity — here’s how to build oneBy Cynthia Brumfield11 Mar 202510 minsCSO and CISOSecurity Operations CenterSecurity Practicesfeature CISOs and CIOs forge vital partnerships for business successBy Beth Stackpole10 Mar 202510 minsBusiness IT AlignmentCSO and CISOIT Strategy opinionThe cybersecurity product sales process is broken, but it doesn’t have to beBy Tyler Farrar 12 Mar 20256 minsBusiness IT AlignmentBusiness Process ManagementCSO and CISO newsMarch Patch Tuesday warnings: Act fast to plug zero day holes in Windows, VMwareBy Howard Solomon 11 Mar 20257 minsSecurityVulnerabilitiesZero-Day Vulnerabilities news analysisCompanies are drowning in high-risk software security debt — and the breach outlook is getting worseBy John Leyden 11 Mar 20256 minsRisk ManagementSoftware DevelopmentVulnerabilities newsAlmost 1 million business and home PCs compromised after users visited illegal streaming sites: MicrosoftBy Howard Solomon 10 Mar 20257 minsGitHubMalwareSecurity featureSuite 404: Training executives for cyberattack response in a playful wayBy Jürgen Hill 10 Mar 20258 minsCyberattacksIT TrainingIncident Response feature7 key trends defining the cybersecurity market todayBy Neal Weinberg 04 Mar 20259 minsIntrusion Detection SoftwareSecurity Information and Event Management SoftwareVenture Capital More security newsnewsMicrosoft patches privilege escalation flaw exploited since 2023The privilege escalation flaw in the Win23k driver affects older versions of Windows and is one of six zero-day vulnerabilities fixed by Microsoft in its March patch cycle.By Lucian Constantin 11 Mar 2025 3 minsVulnerabilitiesWindows SecurityZero-Day VulnerabilitiesnewsIvanti EPM vulnerabilities actively exploited in the wild, CISA warnsThree of the four critical path traversal flaws fixed in January in Ivanti Endpoint Manager are being exploited in cyberattacks after proof-of-concept exploit code was released last month.By Lucian Constantin 11 Mar 2025 3 minsPatch Management SoftwareSecurityVulnerabilitiesnewsGoogle paid nearly $12 million to bug hunters last yearThe company says it has paid out over $65 million since its bug hunting program started.By Viktor Eriksson 11 Mar 2025 2 minsBugsSecurityVulnerabilitiesnewsMusk links cyberattack on X to Ukraine without evidenceHacking group Dark Storm claimed the DDoS attacks that took down X on Monday and said they were not from Ukraine.By Shweta Sharma 11 Mar 2025 3 minsDDoSSecuritynewsLinux, macOS users infected with malware posing as legitimate Go packagesThreat actors are typosquatting popular Go packages such as Hypert and Layout to drop malware on Linux and macOS systems.By Shweta Sharma 07 Mar 2025 3 minsMalwareSecurityfeature8 obstacles women still face when seeking a leadership role in ITFor women, the IT career ladder is littered with obstacles, bias, and challenges that cannot always be overcome without the help of allies.By Christina Wood 07 Mar 2025 8 minsCareersIT LeadershipfeatureWhat is risk management? Quantifying and mitigating uncertaintyThe best way to deal with risk is to understand what you’re up against and embrace its upside. An enterprise risk management program can help you do just that.By Josh Fruhlinger 07 Mar 2025 10 minsIT Governance FrameworksIT LeadershipRisk Managementnews analysisChinese APT Silk Typhoon exploits IT supply chain weaknesses for initial accessThe threat group’s tactics mark a shift from direct exploits to lateral movement through privileged access obtained by compromising IT services suppliers and third-party partners.By Lucian Constantin 06 Mar 2025 6 minsAdvanced Persistent ThreatsGovernmentHacker GroupsnewsUS charges 12 Chinese hackers in major government-backed espionage campaignJustice Department unveils indictments against Silk Typhoon group members, seizes domains in escalating cybersecurity standoff.By Gyana Swain 06 Mar 2025 5 minsCybercrimeSecuritynewsBadbox Android botnet disrupted through coordinated threat huntingHuman Security, in collaboration with Google, Shadowserver and others, has sinkholed C2 operations affecting 500,000 infected machines.By Shweta Sharma 06 Mar 2025 4 minsAndroid SecuritySecuritynews analysis60% of cybersecurity pros looking to change employersHigh salaries are not enough to discourage cybersecurity workers — including functional leaders — from keeping an eye out for better jobs in a competitive talent market.By John Leyden 06 Mar 2025 5 minsCareersIT LeadershipopinionThe risks of standing down: Why halting US cyber ops against Russia erodes deterrenceThe threat from Russian bad actors is real; if the US government is halting offensive operations, it may fall to the private sector to take up the cause of disruption, argues Christopher Whyte.By Christopher Whyte 06 Mar 2025 8 minsAdvanced Persistent ThreatsCSO and CISOThreat and Vulnerability Management Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics Spotlight: Managing Modern Risks Articles Buyer’s Guide Staying secure is of course critical, but there are many risks beyond security that enterprise IT must consider. We explore emerging risks that warrant your attention. View all Popular topicsGenerative AI newsMicrosoft files lawsuit against LLMjacking gang that bypassed AI safeguardsBy Lucian Constantin 28 Feb 2025 4 minsCybercrimeGenerative AIThreat and Vulnerability Management feature5 things to know about ransomware threats in 2025By Rosalyn Page 27 Feb 2025 9 minsData and Information SecurityGenerative AIRansomware newsAI can kill banks: Cybersecurity’s disinformation gapBy Florian Maier 24 Feb 2025 2 minsFinancial Services IndustryGenerative AISecurity View topic Cybercrime newsFake captcha attacks are increasing, say expertsBy Howard Solomon 20 Feb 2025 6 minsCyberattacksCybercrimeMalware newsAuthorities seize Phobos and 8Base ransomware servers, arrest 4 suspectsBy Lucian Constantin 11 Feb 2025 3 minsCybercrimeRansomware newsPolice arrest teenager suspected of hacking NATO and numerous Spanish institutionsBy Computerworld España 06 Feb 2025 2 minsCybercrimeSecurity View topic Careers featureThe CSO guide to top security conferencesBy CSO Staff 28 Feb 2025 10 minsApplication SecurityEventsTechnology Industry featureBeyond the paycheck: What cybersecurity professionals really wantBy Aimee Chanthadavong 12 Feb 2025 9 minsCSO and CISOCareersIT Training events promotionSponsored by CSO EventsCSO Award and Hall of Fame Nominations Open NowBy CSO Events 11 Feb 2025 3 minsCareersIT LeadershipSecurity View topic IT Leadership opinionWhat CISOs need from the board: Mutual respect on expectationsBy David Gee 26 Feb 2025 6 minsBusiness IT AlignmentCSO and CISOCompliance featureHow to create an effective incident response planBy Bob Violino 25 Feb 2025 11 minsIT LeadershipIncident ResponseSecurity featureStrategic? Functional? Tactical? Which type of CISO are you?By Mary K. Pratt 24 Feb 2025 9 minsCSO and CISOHuman ResourcesSecurity Practices View topic Upcoming Events15/May in-person event FutureIT Los Angeles15 May 2025The Biltmore Data and Information SecurityEvents 25/Jun in-person event FutureIT Dallas25 Jun 2025Union Station Application SecurityArtificial IntelligenceEvents 17/Jul in-person event FutureIT New York17 Jul 2025Convene-New York, NY Data and Information SecurityEvents View all events In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins CSO and CISOMultifactor AuthenticationRemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos news Ransomware goes postal: US healthcare firms receive fake extortion letters By John E. Dunn 05 Mar 20256 mins RansomwareSecurity news Critical vulnerabilities expose network security risks in Keysight's infrastructure By Gyana Swain 05 Mar 20254 mins SecurityVulnerabilities feature The dirty dozen: 12 worst ransomware groups active today By John Leyden 05 Mar 202511 mins Ransomware podcast CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO video CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security video CSO Executive Sessions: How should software solution providers keep themselves and their enterprise clients safe? 26 Jan 202518 mins Security video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 202415 mins Critical InfrastructureIT GovernanceSupply Chain