#ciso-decision-making
#ciso-decision-making

6 hours ago

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Privacy professionals

10 Data Security Stories to Know About (March 2026)

Information security

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

fromTechCrunch

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

Stakeholder Confidence in the Age of Digital Threats: PR as a Security Asset

Cybersecurity involves both technical measures and effective communication to maintain stakeholder trust during incidents.

Boards Are Falling Short on Cybersecurity

Boards recognize the need for cybersecurity investments, yet the worsening cybercrime situation suggests governance may be deteriorating.

6 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

fromTechCrunch

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

Stakeholder Confidence in the Age of Digital Threats: PR as a Security Asset

Cybersecurity involves both technical measures and effective communication to maintain stakeholder trust during incidents.

more#cybersecurity

#ai-governance

Your AI governance gap is bigger than you think | MarTech

AI governance is an immediate challenge for leaders, focusing on safe and effective usage across organizations.

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Artificial intelligence

Securing AI agents: Okta's approach to identity governance

Artificial intelligence

AI regulations are already out of date - IT leaders need to think ahead

Your AI governance gap is bigger than you think | MarTech

AI governance is an immediate challenge for leaders, focusing on safe and effective usage across organizations.

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

Securing AI agents: Okta's approach to identity governance

Organizations must govern AI identities to mitigate security risks while embracing AI for competitiveness.

AI regulations are already out of date - IT leaders need to think ahead

Establishing a solid AI governance foundation now can ease future compliance with evolving AI regulations.

Sanctions ramping up in cases involving AI hallucinations

Monetary sanctions against attorneys for AI-generated hallucinations in case documents are increasing as courts take these issues more seriously.

fromMedium

AWS Security and Compliance Quiz (25 Questions) with Detailed Answers - Cloud Practitioner Guide

Understanding AWS security services is essential for modern applications running on AWS.

Cryptocurrency

fromnews.bitcoin.com

5 hours ago

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

#ai

Privacy technologies

fromwww.businessinsider.com

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

McKinsey's new AI leadership playbook: flatten teams and move faster

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Artificial intelligence

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

Privacy technologies

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

fromwww.businessinsider.com

McKinsey's new AI leadership playbook: flatten teams and move faster

AI can streamline organizational structures by flattening management layers and enhancing decision-making capabilities.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Intellectual property law

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

AI assistance in policy as code can introduce serious flaws, leading to incorrect access permissions despite syntactically valid policies.

more#ai

fromNextgov.com

Trade and industry groups warn of risks in GSA's draft AI procurement guidance

Proposed GSA changes to AI acquisition raise concerns over data ownership and potential misuse in federal operations.

Business

Your CEO gives you the ick. Now what?

Emily's perception of her CEO's integrity is compromised after discovering his affair, affecting her confidence in promoting company values.

Marketing tech

As AI does more of the work, are we building the right leaders? | MarTech

AI is transforming marketing analysis but may obscure foundational issues that affect decision-making.

Remote teams

fromInfoQ

How to Handle Trusts and Psychological Safety When Scaling Organizations

Trust must be built team by team; it cannot be replicated as organizations scale.

#leadership

Bootstrapping

Your Management Strategy Is Doomed to Fail If You Don't Do This

Productivity

How Senior Leaders Make Fewer, Better Decisions

Senior leaders must make high-impact decisions with less visibility by treating decision-making as a discipline and designing supportive systems.

Bootstrapping

Your Management Strategy Is Doomed to Fail If You Don't Do This

Effective management focuses on execution through a straightforward approach: face reality, investigate issues, fix them systematically, and own the outcomes.

Productivity

How Senior Leaders Make Fewer, Better Decisions

Senior leaders must make high-impact decisions with less visibility by treating decision-making as a discipline and designing supportive systems.

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

What Does It Take to Be an Outstanding CSO or CISO?

Outstanding security leaders often come from non-traditional backgrounds, with 40% of recent CSO-CISO Hall of Fame honorees starting in the private sector.

6 hours ago

Managing AI has become its own job

Managers are adopting AI for efficiency, but employees face challenges in making it work effectively.

#data-breach

fromSilicon Canals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

fromSilicon Canals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

Remote teams

fromFortune

HR leaders are drowning in decisions: here's how the best ones are getting ahead | Fortune

Geopolitical uncertainty and economic volatility challenge talent retention while modern workplace demands require skilled workers to innovate with technology.

Business

Boards Need to Rethink How They Advise CEOs

Boards need to adapt discussions despite having experienced members, as CEOs struggle to prioritize amid disruption.

21 hours ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

fromTechRepublic

AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech - TechRepublic

Tech industry faces rapid AI advancements alongside significant security vulnerabilities and human costs.

How Ceros Gives Security Teams Visibility and Control in Claude Code

AI coding agents like Claude Code operate outside existing enterprise security controls, requiring new machine-level security infrastructure to provide visibility, policy enforcement, and audit trails.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Security leaders lack adequate tools and skills to defend AI systems, with visibility gaps and skills shortages creating critical vulnerabilities in AI infrastructure security.

Software development

How Ceros Gives Security Teams Visibility and Control in Claude Code

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Security leaders lack adequate tools and skills to defend AI systems, with visibility gaps and skills shortages creating critical vulnerabilities in AI infrastructure security.

more#ai-security

fromElectronic Frontier Foundation

Tech Nonprofits to Feds: Don't Weaponize Procurement to Undermine AI Trust and Safety

The U.S. government is revising procurement rules to influence AI technology use and funding, impacting safety and utility of AI tools.

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

fromAdExchanger

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

fromElectronic Frontier Foundation

Google and Amazon: Acknowledged Risks, And Ignored Responsibilities

Google and Amazon have failed to act on human rights risks associated with Project Nimbus despite multiple warnings and commitments.

IGEL brings 'Smarter, Zero Trust' approach Contextual Access to endpoints

IGEL's Contextual Access enhances endpoint security by adapting access rights based on user, device, location, and trust status.

How to Draw the Line Between AI Insights and Human Decisions

High-performance teams leverage clear ownership and decision velocity to enhance AI-informed decision-making in competitive environments.

fromTechCrunch

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro detected an intrusion on March 28, prompting the company to take down some of its systems. Parts of Hasbro's website appeared down, with error messages indicating maintenance.

Privacy professionals

3 SOC Process Fixes That Unlock Tier 1 Productivity

Fragmented workflows and manual triage slow down Tier 1 SOC performance more than the threats themselves.

Google gives enterprises new controls to manage AI inference costs and reliability

Gemini API introduces Flex and Priority tiers for managing AI inference workloads based on criticality and cost.

fromTNW | Insights

2 hours ago

KeeperDB brings zero-trust database access to privileged access management

Database credentials are a major attack vector, and KeeperDB integrates access controls into its PAM platform to enhance security.

Why AI lies, cheats and steals

AI chatbots are increasingly misbehaving, with a fivefold rise in unethical actions over six months, according to recent research.

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

fromMedCity News

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

#generative-ai

fromFortune

The biggest mistake CEOs make with AI has nothing to do with the technology | Fortune

Advanced generative AI tools will transform industries rather than destroy established software companies.

Artificial intelligence

Building an AI competitive edge through strategy and governance | MarTech

fromReadWrite

Information security

The CISO Struggle: How AI is Changing the Data Security Landscape

fromFortune

The biggest mistake CEOs make with AI has nothing to do with the technology | Fortune

Advanced generative AI tools will transform industries rather than destroy established software companies.

Building an AI competitive edge through strategy and governance | MarTech

Generative AI requires strategic layers for effective output; polish does not equate to quality or alignment with creative goals.

fromReadWrite

The CISO Struggle: How AI is Changing the Data Security Landscape

Generative AI adoption is rapid, but security governance is lagging, creating significant risks for organizations.

more#generative-ai

3 signs your company is using AI incorrectly

Most organizations struggle with AI due to a lack of strategic thinking, not technology issues.

fromWIRED

19 hours ago

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

fromInfoQ

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

The Rising Tide of Executive Protection: Corporations Ramp Up Security in an Era of Heightened Threats

Companies are increasingly investing in executive protection due to rising threats, making it a strategic necessity for business continuity and resilience.

Mercor Hit by LiteLLM Supply Chain Attack

We believe that the compromise originated from the Trivy dependency used in our CI/CD security scanning workflow. Our security team moved promptly to contain and remediate the incident.

Information security

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

The New Battleground of Cybersecurity

I've always had what I would consider a hacker mindset, a curiosity to take things apart, understand them, and use that knowledge to solve problems. That mindset took me on a circuitous route into the cybersecurity industry; after being kicked out of high school for hacking computer systems, I worked a range of jobs, managing office supply companies by day and cracking Wi-Fi networks by night until I started a Digital Forensics degree which led me to the world of security research.

Science

This AI Security Strategy Is Redefining Cyberattack Recovery

Combining Zero Trust principles with AI enhances resilience, reduces downtime, and maintains strict access controls.

fromZDNET

1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now

AI-powered cybercrime is a significant and growing threat to businesses, with many feeling unprotected.

Beyond integration theatre: Building stronger cyber platforms | Computer Weekly

Integration layers between security platforms, not the platforms themselves, have become the primary enterprise security risk requiring rigorous governance of delegated trust.

Why Security Validation Is Becoming Agentic

Security validation tools operate in silos while attackers exploit interconnected systems, creating a structural blind spot that Agentic Exposure Validation can address through continuous, autonomous, context-aware assessment.

#cybersecurity-leadership

How CISOs can build a truly unified and resilient security platform | Computer Weekly

Modern enterprise security requires rethinking architecture from perimeter defense to distributed asset protection across decentralized networks and cloud environments.

Information security

CISO Conversations: Aimee Cardwell

Information security

Security's Top Cybersecurity Leaders 2026

Information security

CISO Conversations: Aimee Cardwell

more#cybersecurity-leadership

Information security

Security's Top Cybersecurity Leaders 2026

fromTNW | Artificial-Intelligence

Why 2026 will be the year of governed cybersecurity AI

Global data breach costs fell 9% to $4.44 million in 2025, but automation gaps are widening between organizations, creating new AI-driven risks that regulators must address.

The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering

Hackers exploit DLL side-loading on trusted platforms like LinkedIn to deliver malware through seemingly legitimate file attachments, bypassing traditional security defenses and compromising entire corporate networks.

fromBusiness Matters

7 Data Privacy Risks Leaders Miss in 2026

Organizations overlook seven critical privacy risks in 2026 that bypass security awareness, including public WiFi interception, malicious browser extensions, shadow AI tools, unencrypted messaging, credential reuse, unmanaged personal devices, and data retention gaps.

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

Tier 1 SOC analysts process the highest alert volume with the least experience, creating a structural vulnerability where alert fatigue, decision fatigue, and cognitive overload directly undermine organizational security performance and increase incident costs.

Information security

How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

Information security

How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Why investing in cybersecurity just became a 'must-have' for CFOs | Fortune

CFOs must treat vendor cyber risk as a material balance sheet risk, integrating resilience assessments and proactive risk quantification into enterprise frameworks amid heightened geopolitical threats.

Four Risks Boards Cannot Treat as Background Noise

Rather than stolen data making headlines, it was business stoppage that triggered attention. Moving into 2026, the board's focus should be on ensuring business continuity and building resilience in the face of emerging risks generated by AI usage and attack vectors, quantum computing and geopolitics.

Information security

3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

Prioritize reducing dwell time with continuously refreshed, high-quality threat intelligence feeds to detect more threats and prevent costly operational downtime.

New (and renewed) cybersecurity trends for 2026

The prospects for phishing in the era of AI could be huge. We've (arguably) moved well beyond requests for money from fake nation state princes, we're now in place where all message formats (emails, audio messages or video messages) can faked. "We are going to have to have multiple trusted channels with those who are close to us. If one channel, email, WhatsApp, Slack, etc. gets an important message, you may need to validate this on another channel.

Information security

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.

CISO Salaries Continue to Rise Despite Economic Uncertainty

CISO compensation rose 6.7% in 2025 with equity growing faster than cash, security budgets slowed to 4%, and executive perks and equity prevalence increased.

fromwww.housingwire.com

Reducing risk: The importance of administrative access responsibilities

Clearly defined and strictly managed administrative access reduces cybersecurity risk while preserving operational efficiency in real estate, title insurance, and mortgage systems.

What Security Leaders Could Expect in 2026

AI-driven autonomous systems and expanding poly-threat environments will create accountability, identity, and risk-management challenges for organizations in 2026.

4 cybersecurity trends for business resilience in 2026

Organizational resilience is weakening as accelerating change and offensive AI increase complexity risk, requiring prioritized recovery capabilities and identity security investments.