Security Operations | CSO Online

Supply chain security is now a board-level issue: Here's what CSOs need to know

Security isn't just your problem anymore — it's the board's. With 97% of apps using open-source, CSOs need to ditch the false positives and get serious about SBOMs.

By Scott Register

Apr 7, 20269 mins

Application SecurityMarketsTransportation and Logistics Industry

A core infrastructure engineer pleads guilty to federal charges in insider attack

By Evan Schuman

Apr 3, 20263 mins

CyberattacksCybercrimeLegal

SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats

By Cyber NewsWire – Paid Press Release

Jan 14, 20266 mins

Business OperationsCyberattacksSupply Chain

Invisible battles: How cybersecurity work erodes mental health in silence

By Maman Ibrahim

Nov 24, 20258 mins

BurnoutEmployee ExperienceHuman Resources

From code to boardroom: A GenAI GRC approach to supply chain risk

By Adetunji Adebayo

Nov 21, 20257 mins

Generative AIIT GovernanceRisk Management

Google asks US court to shut down Lighthouse phishing-as-a-service operation

By Howard Solomon

Nov 12, 20256 mins

CybercrimePhishingSocial Engineering

Articles

Modern supply-chain attacks and their real-world impact

Supply-chain attacks have evolved considerably in the last two years going from dependency confusion or stolen SSL among others once common attacks to AI-backed social engineering and open-source registries.

By Ax Sharma

Nov 4, 2025 10 mins

CyberattacksCybercrimeMalware

US Appeals Court lowers burden of proof for data breach lawsuits

The 4th Circuit Court has ruled that dark web data publication alone may be damaging — a decision that could raise extortion stakes, rewrite CISOs’ risk calculus, and increase breached companies’ lawsuit exposure.

By Evan Schuman

Nov 3, 2025 5 mins

CyberattacksCybercrimeData Breach

71% of CISOs hit with third-party security incident this year

Increasingly complex business partnerships and rising reliance on third-party software components are proving to be ever weakening cybersecurity links.

By John Leyden

Sep 9, 2025 6 mins

CyberattacksCybercrimeData Breach

Attackers steal data from Salesforce instances via compromised AI live chat tool

One of their goals was to access other credentials to compromise other environments.

By Lucian Constantin

Aug 26, 2025 5 mins

Access ControlApplication SecuritySupply Chain

SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats

By Cyber NewsWire – Paid Press Release

Jan 14, 2026 6 mins

Business OperationsCyberattacksSupply Chain

Supply chain attack compromises npm packages to spread backdoor malware

Phishing attacks on package maintainer accounts led to infected JavaScript type testing utilities.

By John E. Dunn

Jul 24, 2025 5 mins

MalwareOpen SourceSupply Chain

Cybersecurity in the supply chain: strategies for managing fourth-party risks

Third-party vendors are a well-known risk but they are often not the last point in the supply chain and cybersecurity leaders need to ensure fourth-party providers are given the same treatment.

By Linda Rosencrance

Jul 4, 2025 9 mins

IT GovernanceSecuritySupply Chain

US indicts one for role in BreachForums, France arrests four others

A US court has indicted a man arrested earlier this year on suspicion of being an administrator of stolen data marketplace BreachForum, while on Monday French police arrested four others suspected of running the site.

By Shweta Sharma

Jun 26, 2025 4 mins

Data BreachHackingLegal

Chain IQ data theft highlights need to oversee third party suppliers

Firm says hack on 19 companies came from ‘tools and techniques that had never before been seen on a global scale.’

By Howard Solomon

Jun 19, 2025 5 mins

Data BreachSupply Chain

4 ways to safeguard CISO communications from legal liabilities

The SEC’s lawsuit against SolarWinds’ CISO highlights the legal liabilities CISOs can face when communicating. Here are four ways CISOs can avoid the pitfalls.

By Cynthia Brumfield

May 20, 2025 9 mins

CSO and CISOLaws and RegulationsLegal

Is HR running your employee security training? Here’s why that’s not always the best idea

Training employees to resist the lure of phishing, scams, and deepfakes is central to a good cybersecurity posture, but to be effective it needs to be handled with plenty of input and guidance from the security team.

By Linda Rosencrance

Apr 9, 2025 9 mins

CSO and CISOHuman ResourcesIT Skills and Training

Why DEI is key for a cyber safe future

Diversity, equity, and inclusion (DEI) can be a cyber superpower — not just for reducing security skills gaps but for ensuring cybersecurity teams make defenses stronger and more adaptive.

By Bridget Chan, Camille Stewart Gloster and Katelyn Ringrose

Apr 8, 2025 5 mins

CybercrimeDiversity and InclusionHuman Resources

Veterans are an obvious fit for cybersecurity, but tailored support ensures they succeed

Paying attention to the specific needs of military members transitioning to civilian security positions can help organizations improve their recruitment and retention, and the process can benefit hiring programs in general.

By Mary K. Pratt

Apr 3, 2025 9 mins

HiringHuman ResourcesMilitary