Cybersecurity Headlines

Substack admits data breach Russian attacks target Winter Olympics GitHub Codespaces enable RCE Get the show notes here: Huge thanks to our sponsor, Strike48 It's no secret that AI is only as good as the data available to it. Strike48 unifies agentic AI with unmatched log visibility while avoiding the typical hefty price tag. Build and deploy agents for phishing detection, alert triage, threat correlation and more. Queries existing logs where they currently live, so you can keep the technology you already have. Learn more at Strike48.com.

Ukraine tightens controls on Starlink terminals VMware ESXi flaw now exploited SolarWinds Web Help Desk bug under attack Get the show notes here: https://cisoseries.com/cybersecurity-news-ukraine-tightens-controls-on-starlink-terminals-vmware-esxi-flaw-now-exploited-solarwinds-web-help-desk-bug-under-attack/ Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, maximizing log visibility without blowing your budget. Find threats your siloed tools miss. Get started today with pre-built AI agents and workflows that investigate, detect, and respond 24/7 or build your own at strike48.com/security.

React Native Metro bug impacts thousands of servers Greece and Spain set to ban social media for kids Moltbook shows the dangers of vibe coding Get the show notes here: https://cisoseries.com/cybersecurity-news-metro-bug-more-social-bans-leaky-moltbook/ Huge thanks to our sponsor, Strike48 Security teams are stretched. Attack surfaces and threat volumes keep growing, meanwhile SOC budgets stay flat and glorified chatbots with hallucination problems aren't helping. Strike48 is different. Agents scale independently, running investigations across your logs while your team can concentrate on the highest priority tasks that require human judgment and decision making. Try it today at Strike48.com/security.

OpenClaw targets ClawHub users Notepad++ update delivers malware APT28 attackers abuse Microsoft Office zero-day Get the show notes here: Huge thanks to our sponsor, Strike48 It's no secret that AI is only as good as the data available to it. Strike48 unifies agentic AI with unmatched log visibility while avoiding the typical hefty price tag. Build and deploy agents for phishing detection, alert triage, threat correlation and more. Queries existing logs where they currently live, so you can keep the technology you already have. Learn more at Strike48.com.

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Steve Zalewski, co-host, Defense in Depth, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Devo/Strike 48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, maximizing log visibility without blowing your budget. Find threats your siloed tools miss. Get started today with pre-built AI agents and workflows that investigate, detect, and respond 24/7 or build your own at strike48.com/security. All links and the video of this episode can be found on CISO Series.com

Coupang CEO questioned by police regarding data breach probe Cyberattack on large Russian bread factory disrupts deliveries Real estate agents in Australia use apps that leave lease documents at risk Get the show notes here: https://cisoseries.com/cybersecurity-news-police-question-coupang-ceo-russia-bakery-cyberattack-australian-real-estate-scandal/ Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, maximizing log visibility without blowing your budget. Find threats your siloed tools miss. Get started today with pre-built AI agents and workflows that investigate, detect, and respond 24/7 or build your own at strike48.com/security.

France fines unemployment agency €5 million over data breach Microsoft Teams addition will allow for suspicious calls to be reported UK leaders warned about absorbing cyberattacks without offensive deterrence Check out the show notes here: Huge thanks to our episode sponsor, Conveyor Want to hear a horror story? An infosec manager found out that their sales rep had filled in a customer security questionnaire themselves and sent it back to the customer without review. Which led to dozens of follow up questions. With Conveyor's Trust Center AI Agent, you can avoid all of that. The Agent lives in your Conveyor hosted Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Learn more at Conveyor.com Find the stories behind the headlines at https://cisoseries.com/cybersecurity-news-france-fines-unemployment-agency-teams-flags-calls-uk-pushes-deterrence/

Sandbox flaw exposes n8n instances Fake Moltbot assistant drops malware PeckBirdy takes flight for cross-platform attacks Check out the show notes here: Huge thanks to our episode sponsor, Conveyor Another security questionnaire hits your desk. Ever wish it could magically disappear? You already have the answers that customers should self-serve, but they can't find the info in your Trust Center. That's why Conveyor built the first truly agentic Trust Center. An AI Agent lives inside it, answering customer questions, sharing documents, and even completing full questionnaires instantly. Customers get what they need fast. it's magical, touchless, and extremely accurate. Join teams at Atlassian, Zapier, and more at conveyor.com.

US cyber chief uploaded sensitive files into public ChatGPT Vibe-coded 'Sicarii' ransomware can't be decrypted WhatsApp account feature combats spyware Huge thanks to our episode sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? Meet Conveyor's new Trust Center Agent. The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier, and more are using Conveyor to automate away tedious work. Learn more at conveyor.com.

Microsoft patches Office zero-day vulnerability Indian users targeted by Blackmoon Konni targets blockchain developers Huge thanks to our episode sponsor, Conveyor True story, an infosec team had to give customers MapQuest style directions just to navigate their Trust Center. Spoiler: it didn't reduce follow-up questions and created even more work for everyone involved. With Conveyor's new Trust Center AI Agent, customers get answers instantly and can even upload questionnaires for the Agent to complete. This way, customers find what they need and keep moving, without your team needing to intervene. Learn more at conveyor.com

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Krista Arndt, associate CISO, St. Luke's University Health Network, and Jason Shockey, CISO, Cenlar FSB Thanks to our show sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? Meet Conveyor's new Trust Center Agent. The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier, and more are using Conveyor to automate away tedious work. Learn more at conveyor.com. All links and the video of this episode can be found on CISO Series.com

Microsoft Outlook and boot problems Sandworm likely behind cyberattack on Poland's power grid Dresden museum network suffers cyberattack Huge thanks to our episode sponsor, Conveyor Ever wish your customers could magically get answers to their own security questionnaires before they ever hit your desk? We've heard this wish from hundreds of teams so Conveyor just launched a new Trust Center AI Agent. The Agent lives in your Conveyor hosted Trust Center and answers customer questions, surfaces documents and even completes full questionnaires instantly so customers can finish their review without your intervention. Join top tech companies using Conveyor today like Atlassian, Zapier and more. Check it out at Conveyor.com Find the stories behind the headlines at CISOseries.com.

Multi‑stage AiTM phishing and BEC campaign abusing SharePoint SmarterMail auth bypass flaw now exploited despite patch The problem of AI agents emerges at Davos Huge thanks to our sponsor, Dropzone AI All week we've talked about alert fatigue, MTTR, and the math that's breaking your SOC. Here's the proof. Dropzone AI is trusted by over 300 global enterprises and MSSPs. Named a Gartner Cool Vendor. Recognized in the Fortune Cyber 60. And backed by $37 million in Series B funding. But they're not stopping at a single agent. They're building toward fully agentic SOC teams where human engineers are augmented with specialized AI agents for threat hunting, detection engineering, and forensics. Your team deserves a backup that never sleeps. Book a demo at dropzone.ai. Find the stories behind the headlines at CISOseries.com.

Tesla hacked at Pwn2Own Automotive Everest sitting on Under Armour data? PurpleBravo fake jobs campaign targets IP addresses Huge thanks to our sponsor, Dropzone AI Quick tip for SOC leaders measuring MTTR. Stop optimizing the human. Optimize what the human has to do. Dropzone AI handles the investigation legwork autonomously. Correlating alerts, gathering evidence, documenting findings. Your analysts only engage when it actually matters. The results are investigations that took hours and now take under 10 minutes with much better accuracy of up to 30%. And analysts who can finally focus on real threats. Proven at over 300 enterprises who have deployed Dropzone AI. See the data at dropzone.ai.

UK and China try to ease cyberattack tensions Iranian state TV hijacked VoidLink malware is AI-generated Huge thanks to our sponsor, Dropzone AI Remember yesterday's 2 AM alert? Here's how it ends differently with Dropzone AI. The alert fires. Within minutes, not hours, their AI SOC agents have already correlated logs across your entire security stack, built a complete evidence chain, and delivered a verdict. False positive, or escalate immediately. Your analyst wakes up to answers, not a queue. That's autonomous investigation at enterprise scale. Experience it for yourself at dropzone.ai.

Gemini prompt injection flaw exposes calendar info Hacker admits to leaking stolen Supreme Court data Researchers uncover PDFSIDER malware Huge thanks to our sponsor, Dropzone AI It's 2 AM. An alert fires. Possible data exfiltration. Your on-call analyst is three time zones away, half-asleep, context-switching between tools. By the time they piece together the evidence, forty-five minutes have passed. Was it a real threat or another false positive? The clock is ticking. Tomorrow, I'll tell you how 300 enterprises solved this exact problem. But if you can't wait, head over to dropzone.ai to learn more.

Link to episode page This week's Department of Know is hosted by Sarah Lane with guests Dmitriy Sokolovskiy, senior vice president, information security, Semrush, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Dropzone AI How many alerts did your SOC investigate last week? How many sat in the queue untouched? If you don't know those numbers, or you don't like them, Dropzone AI can help. They've helped enterprises like UiPath and Zapier handle ten times more alerts without adding headcount. Their AI SOC agents work around the clock, investigating every alert autonomously. Book a demo and they'll show you exactly how many hours you could recover. Head over to dropzone.ai and request your demo today. All links and the video of this episode can be found on CISO Series.com

Cybercom-NSA leadership nominee to assess dual-hat role Two-thirds of third-party applications access sensitive data without justification, says report GhostPoster browser extensions up to 840,000 installs Huge thanks to our sponsor, Dropzone AI Here's a security tip most vendors won't tell you. Your SOC analysts aren't slow. They're drowning. The average enterprise faces tens of thousands of alerts daily, and even your best analysts can only investigate so many before burnout wins. Dropzone AI changes that math. Their AI SOC agents autonomously investigate every alert, no playbooks or code required, in three to ten minutes flat. Stop triaging. Start defending. Book a demo at dropzone.ai. Find the stories behind the headlines at CISOseries.com.

Jen Easterly to helm RSAC Windows January update causes login problems UK police blame Copilot for intelligence mistake Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com.

U.S. weighs private companies' cyberwarfare roles China: stop using US and Israeli cybersecurity software DeadLock uses smart contracts to hide work Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.