Background image presenting cyber security and attack concept

(Adobe Stock)

Hackers exploiting vulnerabilities at higher rates, reports Verizon

Shaun NicholsApril 23, 2025

Stolen credentials still make up most common threat vector in annual cybersecurity report.

RESOURCES

Critical Infrastructure Security
We’re the federal government, and we’re (maybe) no longer here to help
DevSecOps
Security without speed bumps: Using WAF simulator to transform DevSecOps workflows
Critical Infrastructure Security
Selling to Uncle Sam? Time to diversify
Critical Infrastructure Security
From classrooms to command posts: The cyber education crisis
Critical Infrastructure Security
Critical infrastructure, critically compromised: It’s now a matter of resilience and survival

PODCASTS

Leadership
ISO 42001 Certification, CIOs Struggle to Align Strategies, and CISOs Rethink Hiring – Martin Tschammer – BSW #392
Security Strategy, Plan, Budget
Brains, Elusive Comet, AI Scams, Microsoft Dog Food, Deleting Yourself, Josh Marpet – SWN #470
Application security
Managing Secrets – Vlad Matsiiako – ASW #327
Governance, Risk and Compliance
The past, present, and future of enterprise AI – Pravi Devineni – ESW #403
Vulnerability Management
Tailscale rakes it in, CVE dead to us, cool Chrome extensions, dog saves toddler – ESW #403

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

A sign on top of a building reads "Siemens" in blue letters.

Critical Infrastructure Security

Critical bugs in Siemens, Schneider Electric gear top CISA advisory

Steve ZurierApril 23, 2025

CISA cites 16 CVEs impacting industrial systems in ICS advisory, four critical.

Trading security and spying concept with noface hacker using laptop an digital display with financial graphs and forex chart. Double exposure

Financial malware on the rise as espionage attacks decline

Shaun NicholsApril 23, 2025

Threat actors are getting more work from the private sector than from government sponsored agencies.

(Credit: Andreas Prott – stock.adobe.com)

Google fixes Cloud Composer privilege escalation vulnerability

Laura FrenchApril 22, 2025

Tenable researchers say “ConfusedComposer” highlights how attackers can exploit cloud service permissions.

The Cybersecurity and Infrastructure Security Agency (CISA) emblem is seen at its headquarters in Arlington, Va.

Security Strategy, Plan, Budget

Two senior officials resign from federal cybersecurity office, CISA

Steve ZurierApril 22, 2025

Continued brain drain includes two of the experts who managed CISA’s Secure by Design program.

Microsoft reports improvement in Secure By Design for products, services

Shaun NicholsApril 21, 2025

Microsoft said it's making strides in guarding its own systems against external threat actors.

Fog ransomware notes troll with DOGE references, bait insider attacks

Laura FrenchApril 21, 2025

Recent Fog samples are spread through phishing emails referencing pay adjustments.

A computer popup box screen warning of a system being hacked, compromised software environment. 3D illustration.

Bulletproof hosting provider Proton66 steps-up malware campaigns

Steve ZurierApril 21, 2025

Researchers advise security teams to block sources of bulletproof hosting.

security technologist Bruce Schneier, speaking at RSA Conference 2023

Bruce Schneier tackles AI hype, NSA surveillance, and cyber ‘rage fatigue’

Tom Spring April 21, 2025

Bruce Schneier on security theater, AI snake oil, and the limits of cryptographic morality.

EVENTS