(Credit: Andreas Prott – stock.adobe.com)

(Credit: Andreas Prott – stock.adobe.com)

Google fixes Cloud Composer privilege escalation vulnerability

Laura FrenchApril 22, 2025

Tenable researchers say “ConfusedComposer” highlights how attackers can exploit cloud service permissions.

RESOURCES

Critical Infrastructure Security
We’re the federal government, and we’re (maybe) no longer here to help
DevSecOps
Security without speed bumps: Using WAF simulator to transform DevSecOps workflows
Critical Infrastructure Security
Selling to Uncle Sam? Time to diversify
Critical Infrastructure Security
From classrooms to command posts: The cyber education crisis
Critical Infrastructure Security
Critical infrastructure, critically compromised: It’s now a matter of resilience and survival

PODCASTS

Security Strategy, Plan, Budget
Brains, Elusive Comet, AI Scams, Microsoft Dog Food, Deleting Yourself, Josh Marpet – SWN #470
Application security
Managing Secrets – Vlad Matsiiako – ASW #327
Governance, Risk and Compliance
The past, present, and future of enterprise AI – Pravi Devineni – ESW #403
Vulnerability Management
Tailscale rakes it in, CVE dead to us, cool Chrome extensions, dog saves toddler – ESW #403
Vulnerability Management
Patch It Like You Stole It: Vulnerability Management Lifestyle Choices – Matthew Toussain – ESW #403

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

The Cybersecurity and Infrastructure Security Agency (CISA) emblem is seen at its headquarters in Arlington, Va.

Security Strategy, Plan, Budget

Two senior officials resign from federal cybersecurity office, CISA

Steve ZurierApril 22, 2025

Continued brain drain includes two of the experts who managed CISA’s Secure by Design program.

Microsoft reports improvement in Secure By Design for products, services

Shaun NicholsApril 21, 2025

Microsoft said it's making strides in guarding its own systems against external threat actors.

Fog ransomware notes troll with DOGE references, bait insider attacks

Laura FrenchApril 21, 2025

Recent Fog samples are spread through phishing emails referencing pay adjustments.

A computer popup box screen warning of a system being hacked, compromised software environment. 3D illustration.

Bulletproof hosting provider Proton66 steps-up malware campaigns

Steve ZurierApril 21, 2025

Researchers advise security teams to block sources of bulletproof hosting.

security technologist Bruce Schneier, speaking at RSA Conference 2023

Bruce Schneier tackles AI hype, NSA surveillance, and cyber ‘rage fatigue’

Tom Spring April 21, 2025

Bruce Schneier on security theater, AI snake oil, and the limits of cryptographic morality.

A digital display shows the words "SYSTEM HACKED" in red against

Vulnerability Management

Alarms sound over attacks via Microsoft NTLM vulnerability

Shaun NicholsApril 18, 2025

Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.

HHS fines Guam hospital over ransomware attack, HIPAA violations

Laura FrenchApril 18, 2025

A ransomware attack and incident involving former employees led to potential HIPAA violations.

Cyberpunk gloom a shattered padlock symbolizes data breach amidst scattered devices broken chain of trust visualized.

Legends International notifies customers, employees of data breach

Steve ZurierApril 18, 2025

Sports venue support company said sensitive information was stolen, but offers no further details.

EVENTS