36 Malicious npm packages exploited to deploy persistent implants

Hundreds of millions to be cut from CISA in proposed budget

Hackers exploit React2Shell in automated credential theft campaign

Check out our show notes here: https://cisoseries.com/cybersecurity-news-malicious-npm-packages-cisa-budget-cuts-hackers-exploit-react2shell/

Huge thanks to our episode sponsor, Vanta

Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

250,000 affected by data Breach at Texas hospital

CISA says, "patch Citrix NetScaler bug by Thursday"

Researchers uncover mining operation using ISO lures

Get the show notes here: https://cisoseries.com/cybersecurity-news-texas-hospital-breach-cisa-orders-netscaler-patch-iso-file-rat-warning/

Huge thanks to our sponsor, ThreatLocker

Security controls fail when they break the business. Successful teams phase in protections gradually — starting with visibility, then moving to enforcement. That approach allows organizations to reduce risk without overwhelming IT teams or disrupting critical workflows. Learn more at ThreatLocker.com

Apple pushes new patches over DarkSword

FBI: US surveillance hack is major incident

Cisco code stolen in Trivy-linked breach

Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-pushes-new-patches-over-darksword-fbi-us-surveillance-hack-is-major-incident-cisco-code-stolen-in-trivy-linked-breach/

Huge thanks to our sponsor, ThreatLocker

Detection-based security assumes you'll catch an attack in time. Control-based security assumes you won't. That mindset shift is driving more organizations to focus on preventative controls — stopping unknown execution and unauthorized privilege elevation instead of relying solely on alerts after the fact. Learn more at ThreatLocker.com

HTTP client introduces malicious dependency

TeamPCP testing the open source supply chain

Claude source code leaked

Get the show notes here: https://cisoseries.com/cybersecurity-news-axios-poisoned-teampcp-details-claude-code-leaked/

Huge thanks to our sponsor, ThreatLocker

Least privilege isn't about distrusting users — it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more at ThreatLocker.com

macOS Terminal gets ClickFix attacks

Russian court sentences 'Flint' over card fraud

CareCloud probes data breach

Get the show notes here: https://cisoseries.com/cybersecurity-news-macos-terminal-clickfix-attacks-russian-court-sentences-flint-carecloud-probes-data-breach/

Huge thanks to our sponsor, ThreatLocker

Ransomware doesn't need to be sophisticated if it's allowed to execute. A growing number of security teams are shifting focus from detecting ransomware to preventing execution in the first place — controlling applications, scripts, and installers so unauthorized code never gets the chance to run. Learn more at ThreatLocker.com

Link to episode page

This week's Department of Know is hosted by Rich Stroffolino with guests Dennis Pickett, vp, CISO, RTI International, and Jacob Combs, CISO, Tandem Diabetes Care

Thanks to our show sponsor, ThreatLocker

Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security — shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com

All links and the video of this episode can be found on CISO Series.com

FBI confirms theft of director's personal emails

Lloyds customer data exposed in IT glitch

Hundreds of valid API keys discovered on the Web

Get the show notes here: https://cisoseries.com/cybersecurity-news-fbi-email-theft-lloyds-bank-glitch-api-keys-running-loose/

Huge thanks to our sponsor, ThreatLocker

Most breaches don't start with a zero-day — they start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface: deciding what software should be allowed to execute and blocking everything else by default. Fewer unknowns means fewer opportunities for attackers. Learn more at ThreatLocker.com

Alleged RedLine dev extradited to US

Red Menshen uses BPFDoor to spy

Former NSA chiefs worry US cybersecurity is slipping

Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-alleged-redline-dev-extradited-red-menshen-spies-with-bpfdoor-is-us-cybersecurity-slipping/

Huge thanks to our sponsor, ThreatLocker

Security controls fail when they break the business. Successful teams phase in protections gradually — starting with visibility, then moving to enforcement. That approach allows organizations to reduce risk without overwhelming IT teams or disrupting critical workflows. Learn more at ThreatLocker.com