Claude Mythos Preview's cyber capabilities

Anodot hack leaves breached companies facing extortion

wolfSSL library flaw enables forged certificate use

Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-mythos-previews-capabilities-anodot-breached-companies-face-extortion-wolfssl-flaw-enables-forged-certificates/

Huge thanks to our sponsor, Conveyor

Three tools to manage customer security reviews is two too many. Most teams start with a trust center, bolt on a questionnaire tool, and end up with a knowledge base nobody trusts and a Slack channel full of sales pings anyway. Conveyor replaces all of it. Trust center, questionnaire automation, self-serve for sales, AI-managed knowledge library, one platform. Companies like Atlassian and Zapier already made the switch. See why at conveyor.com.

A quick announcement: we're moving our Department of Know livestream to Fridays at 4pm ET/1 pm PT. The format will remain the same. We hope to see you there.

Adobe patches months-old Reader zero-day

Critical Marimo flaw now under active exploitation

Hackers claim control over Venice anti-flood pumps

Get the show notes here: https://cisoseries.com/cybersecurity-news-adobe-patches-zero-day-marimo-flaw-exploited-venice-flood-threat/

Huge thanks to our sponsor, Conveyor

Still manually filling out security questionnaires even though you have a trust center? A starter trust center is table stakes and the best security teams have moved way past that. Conveyor gives you an agentic trust center, AI questionnaire automation, and a self-serve layer so sales can move deals forward without pinging you every five minutes. Companies like Atlassian and Zapier made the switch. See why at conveyor.com.

Google API keys in Android apps expose Gemini endpoints

Acrobat Reader zero-day flaw exploited since December

Cryptocurrency ATM company Bitcoin Depot reports cyberattack

Check out our show notes here: https://cisoseries.com/cybersecurity-news-android-api-exposure-acrobat-reader-zero-day-bitcoin-depot-cyberattack/

Huge thanks to our episode sponsor, Vanta

Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Ransomware knocks Dutch healthcare vendor offline

APT28 is keeping busy

CIA quietly elevated its cyber espionage division

Check out our show notes here: https://cisoseries.com/cybersecurity-news-chipsoft-popped-apt28-updates-cia-cyber-espionage-elevation/

Huge thanks to our episode sponsor, Vanta

Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Anthropic announces Project Glasswing

U.S. seeks to slash CISA funding

Russia-linked hackers hijack routers for passwords

Check out our show notes here: https://cisoseries.com/cybersecurity-news-anthropics-project-glasswing-cisa-funding-in-doubt-routers-hijacked-for-passwords/

Huge thanks to our episode sponsor, Vanta

Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Drift says exploit was North Korean intelligence operation

GitHub used in multi-stage attacks targeting South Korea

Data leak threatened after Die Linke attack

Check out our show notes here: https://cisoseries.com/cybersecurity-news-drift-blames-exploit-on-north-korea-github-attacks-target-south-korea-die-linke-breach-threatens-data-leak/

Huge thanks to our episode sponsor, Vanta

Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Link to episode page

This week's Department of Know is hosted by Sarah Lane, with guests Jack Kufahl, CISO, Michigan Medicine, and Adam Palmer, CISO, First Hawaiian Bank.

Missed the live show? Check it out on YouTube.

Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

36 Malicious npm packages exploited to deploy persistent implants

Hundreds of millions to be cut from CISA in proposed budget

Hackers exploit React2Shell in automated credential theft campaign

Check out our show notes here: https://cisoseries.com/cybersecurity-news-malicious-npm-packages-cisa-budget-cuts-hackers-exploit-react2shell/

Huge thanks to our episode sponsor, Vanta

Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

250,000 affected by data Breach at Texas hospital

CISA says, "patch Citrix NetScaler bug by Thursday"

Researchers uncover mining operation using ISO lures

Get the show notes here: https://cisoseries.com/cybersecurity-news-texas-hospital-breach-cisa-orders-netscaler-patch-iso-file-rat-warning/

Huge thanks to our sponsor, ThreatLocker

Security controls fail when they break the business. Successful teams phase in protections gradually — starting with visibility, then moving to enforcement. That approach allows organizations to reduce risk without overwhelming IT teams or disrupting critical workflows. Learn more at ThreatLocker.com

Apple pushes new patches over DarkSword

FBI: US surveillance hack is major incident

Cisco code stolen in Trivy-linked breach

Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-pushes-new-patches-over-darksword-fbi-us-surveillance-hack-is-major-incident-cisco-code-stolen-in-trivy-linked-breach/

Huge thanks to our sponsor, ThreatLocker

Detection-based security assumes you'll catch an attack in time. Control-based security assumes you won't. That mindset shift is driving more organizations to focus on preventative controls — stopping unknown execution and unauthorized privilege elevation instead of relying solely on alerts after the fact. Learn more at ThreatLocker.com