Cybersecurity Headlines

GitHub breach via VS Code extension
Shai-Hulud wave compromises 600 npm packages
Huawei attack behind Luxembourg telecom crash
Get the show notes here: https://cisoseries.com/cybersecurity-news-github-vs-code-extension-breach-shai-hulud-npm-package-compromise-huawei-luxembourg-telecom-link/
Thanks to our episode sponsor, ThreatLocker

ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.

Microsoft disrupts malware-signing-as-a-service
Critical flaw found in industrial robot OS
CISA admin leaks keys
Get the show notes here: https://cisoseries.com/cybersecurity-news-microsoft-hits-fox-tempest-robotics-os-flaw-cisa-admins-leaks-keys/ 
Thanks to our episode sponsor, ThreatLocker

ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.

Linus Torvalds not into AI bug hunters
7-Eleven hit with ransom demand
MENA runs new cybercrime op
Get the show notes here: https://cisoseries.com/cybersecurity-news-linus-torvalds-talks-ai-bug-hunters-7-eleven-ransom-demand-menas-new-cybercrime-op/
Thanks to our episode sponsor, ThreatLocker

ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.

Grafana GitHub token breach leads to extortion attempt
Microsoft rejects Azure vulnerability report, researcher disputes decision
Funnel Builder flaw actively exploited to steal payment data
Get the show notes here: https://cisoseries.com/cybersecurity-news-grafan-github-extortion-microsoft-rejects-azure-report-funnel-builder-flaw/
Thanks to our episode sponsor, ThreatLocker

ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.

This week's Department of Know is hosted by Rich Stroffolino, with guests Gary Chan, CISO, SSM Health and Peter Liebert, CISO, Salesloft.
Missed the live show? Check it out on YouTube.
The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com.
Huge thanks to our sponsor, Doppel


Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call.

But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception.

We fight relentlessly to protect your business, brand, and people.

Doppel. Outpacing what's next in social engineering.

Learn more at doppel.com.