SC Media

SC Media SC Media arms information security professionals with the in-depth, unbiased business and technical information they need.

The official page for all things IT security.

Boards chasing buzzwords can pull focus from what really reduces risk. CISOs must steer leaders toward fundamentals, n...
05/12/2026

Boards chasing buzzwords can pull focus from what really reduces risk. CISOs must steer leaders toward fundamentals, not hype-driven spending, says NR Labs' Jon David in this commentary.

Here are three ways CISOs can guide board members to move beyond the buzzwords.

Vibe coding is reshaping cybersecurity, but experts say won’t replace real security engineering anytime soon. The real...
05/11/2026

Vibe coding is reshaping cybersecurity, but experts say won’t replace real security engineering anytime soon. The real risk? False confidence in AI-generated code.

Cyber pros balance hype, skepticism and uncertainty as AI coding disrupts industry norms.

The Cybersecurity and Infrastructure Security Agency ordered federal agencies to patch Ivanti EPMM zero-day CVE-2026-697...
05/11/2026

The Cybersecurity and Infrastructure Security Agency ordered federal agencies to patch Ivanti EPMM zero-day CVE-2026-6973 by May 10 after adding the flaw to its KEV catalog amid active exploitation.

The actively exploited flaw enables remote admin users to execute arbitrary code.

New “Dirty Frag” Linux zero-day affects most distributions and could be weaponized within days. Researchers warn the Cop...
05/11/2026

New “Dirty Frag” Linux zero-day affects most distributions and could be weaponized within days. Researchers warn the Copy Fail fix alone isn’t enough.

Dirty Frag Linux zero-day exposes most distributions to root privilege escalation.

Attackers exploit domains, DNS, and social media trust to launch BEC and brand impersonation scams that evade traditiona...
05/10/2026

Attackers exploit domains, DNS, and social media trust to launch BEC and brand impersonation scams that evade traditional email defenses. Tools like Red Sift's OnDMARC combine authentication and DNS hygiene to reduce exposure.

Protecting the inbox is no longer enough. The real battle is fought everywhere your brand exists.

AI-driven vulnerability discovery is overwhelming patch cycles. In the Mythos era, organizations need continuous detecti...
05/09/2026

AI-driven vulnerability discovery is overwhelming patch cycles. In the Mythos era, organizations need continuous detection and visibility — not patching alone — to stay ahead, says Mitiga's Ariel Parnes in this commentary.

AI-driven vulnerability discovery is outpacing patch cycles, forcing defenders to prioritize detection.

Palo Alto Networks warns exploited PAN-OS flaw CVE-2026-0300 is under active attack. The Cybersecurity and Infrastructur...
05/08/2026

Palo Alto Networks warns exploited PAN-OS flaw CVE-2026-0300 is under active attack. The Cybersecurity and Infrastructure Security Agency added the bug to KEV as researchers urge teams to treat exposed firewalls as compromised.

Palo Alto confirms that its PAN-OS firewalls were actively exploited by a zero-day for more than a month.

is accelerating vulnerability discovery — and many flaws may never get a CVE. In the Mythos era, continuous patching, ...
05/08/2026

is accelerating vulnerability discovery — and many flaws may never get a CVE. In the Mythos era, continuous patching, visibility, and exposure management are critical, says BlueVoyant's Michael Spencer in this op-ed.

Here’s six ways teams can survive in the machine speed era.

Hybrid IT and workloads are exposing gaps traditional vulnerability management can’t catch. Continuous, context-aware ...
05/08/2026

Hybrid IT and workloads are exposing gaps traditional vulnerability management can’t catch. Continuous, context-aware visibility is now essential for reducing risk, says ConnectSecure's Srikant Sreenivasan in this op-ed.

Hybrid IT and AI expand attack surfaces, making continuous, context-aware risk management essential.

Third-party connections are now a top attack path. In the era, periodic vendor reviews aren’t enough, says iCOUNTER's ...
05/07/2026

Third-party connections are now a top attack path. In the era, periodic vendor reviews aren’t enough, says iCOUNTER's John Watters in this op-ed — organizations need continuous intelligence and real-time visibility.

Here’s five priorities for teams looking to manage third-party risk in the AI era.

Rapid7 says an Iranian threat actor used Chaos as a false flag, blending Microsoft Teams phishing, credential theft an...
05/07/2026

Rapid7 says an Iranian threat actor used Chaos as a false flag, blending Microsoft Teams phishing, credential theft and espionage tactics to mask its true mission.

The purported ransomware attack did not encrypt files and used infrastructure tied to MuddyWater.

Address

400 Madison Avenue
New York, NY
10017

Opening Hours

Monday 9am - 5pm
Tuesday 9am - 5pm
Wednesday 9am - 5pm
Thursday 9am - 5pm
Friday 9am - 5pm

Website

Alerts

Be the first to know and let us send you an email when SC Media posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share

Category