Burnout seems certain as CISOs confront budget constraints, a heavy workload and job dissatisfaction.

Security leaders are making inroads with corporate boards and now have a seat at the table with CEOs, a Splunk report shows.

Researchers say the manufacturer has yet to publicly disclose or patch the flaw.

Unpredictable cloud bills, outdated software licenses and shadow IT frustrate FinOps efforts, according to Apptio.

The company last week confirmed attackers are actively exploiting a critical vulnerability in the devices. 

When malicious hackers exploit vulnerabilities in firewalls, VPNs and routers, it’s not the vendors that get hit — it’s their customers.

The consumer goods company built an in-house solution to keep orders moving as its transportation management system provider navigated a ransomware attack.

The new estimate nearly doubles the company’s previous report of 100 million affected individuals, already the largest healthcare data breach ever reported to federal regulators.

Researchers from Microsoft Threat Intelligence alerted the company to suspected threat activity.

State-linked hackers were linked to a series of attacks that led to the theft of unclassified data from the Treasury Department.

Shadowserver scans found 379 compromised Ivanti Connect Secure devices. Researchers said the situation is serious and likely impacts more organizations.

The vendor’s customers have confronted multiple attack sprees targeting zero-days spanning a variety of products.

The incident led to delays in processing child support payments in Wisconsin.

The directive, issued in October 2023, added guardrails for AI developers and bolstered guidance for businesses looking to adopt the technology. 

Cloud services with weak credentials were a prime target for attackers, often resulting in lateral movement attempts, a Google Cloud report found.

The Cyber Safety Review Board was investigating the hacks of U.S. telecom firms attributed to the Salt Typhoon threat group.

The K-12 software company is facing legal pushback and criticism following a cyberattack that impacted a still unknown number of districts.

The vendor said it has no immediate evidence of operational impacts or compromised customer data.

The Office of Foreign Assets Control took measures against a state-linked hacker and a Shanghai-based cybersecurity firm in response to the recent attacks against critical infrastructure in the U.S.

The financially-motivated hacker was previously linked to the mass exploitation of critical vulnerabilities in MOVEit file-transfer software.

The agency’s declaratory ruling took effect Thursday, but the future outlook of that effort and a separate proposed rule remain uncertain under the incoming administration.

Outgoing CISA Director Jen Easterly didn’t say what agencies were impacted by Salt Typhoon or when, but noted it provided greater visibility into the active campaign.

Released in the administration's final days, the highly-anticipated order follows a series of sophisticated attacks against federal agencies and critical infrastructure providers.

A report from Allianz shows the global disruption caused by CrowdStrike’s IT mishap added to longtime concerns about data breaches and ransomware.

Ransomware remains the top cyber risk concern among executives, but CISOs are almost twice as likely as CEOs to make that determination.