SC Media

01/02/2026

Even with the arrival of new privacy laws in Kentucky, Indiana and Rhode Island, Approov's Ted Miracco says, “The U.S. remains the only major global economy that treats human privacy as a local issue rather than a national security imperative.”

Except for Rhode Island’s proactive disclosure requirement, experts say the new state laws break little ground.

01/02/2026

01/01/2026

Iranian APT “Prince of Persia” is back | SafeBreach spots 3 new Foudre/Tonnerre variants, parallel DGAs, and a shift to Telegram bots for C2/exfil. Critical infrastructure should be on alert.

Experts say the APT will likely leverage the new malware to target critical energy, water, and transportation systems.

01/01/2026

Space isn’t just aerospace — it’s critical infrastructure, says the
ICIT - Institute for Critical Infrastructure Technology's Val Cofield in this op-ed. As satellites power PNT, weather, finance, and grids, a contested orbital domain turns into civilian risk. Resilience now starts in orbit.

Space must be treated as a national priority across civil, commercial, and defense lines.

12/31/2025

Agentic can supercharge SOC speed, but it also creates a new insider threat, says Red Canary, a Zscaler company's Jimmy Astle in this op-ed. Treat agents like interns: least privilege, human approvals for sensitive actions, baseline behavior, and log everything.

Here’s how teams can modernize their SOCs for the AI era.

12/31/2025

AI gets headlines, but human error still leaks the most data, says Abnormal AI's Mike Leach in this op-ed. 98% of security leaders fear misdirected emails, and 96% saw exposure last year. Behavioral can catch it before sending.

While everyone worries about malicious AI code, 96% of companies lost data via a misdirected email in 2025.

12/31/2025

12/31/2025

Boards don’t speak IOCs — they speak revenue and risk, says NETSCOUT's Debbie Briggs in this op-ed that offers how CISOs can report what they protected, use MTTR/compliance metrics, and embed security in strategy.

A NETSCOUT CISO explains how to align security with revenue, trust, and resilience.

12/30/2025

A 2020 Fortinet FortiOS bug (CVE-2020-12182, CVSS 9.8) is being exploited again — bypassing MFA via username case tricks. Patch now, lock down management access, and hunt if exposed.

CVE-2020-12182 can let attackers bypass MFA without being prompted for a second factor.

12/30/2025

is making attackers faster and quieter—“log in, blend in, adapt.” In this op-ed, DeepTempo's Evan Powell argues detection must evolve from chasing known bad to spotting intent in behavior, sequence, and context before damage occurs.

AI boosts attacker stealth; detection must shift to intent-based, behavior-aware signals beyond SIEM rules.

12/30/2025

The Open Worldwide Application Security Project's new Top 10 warns agents create a new security frontier — one where tools, identity, and trust can be hijacked. As autonomy rises, so does risk: compromised agents can “fan out,” misuse privileges, and trigger cascading failures.

OWASP Top 10 flags agentic AI risks — tool abuse, rogue agents, backdoored coding assistants.

12/30/2025

Boards don’t buy acronyms — they buy outcomes, says Towerwall, Inc.'s Michelle Drolet in this commentary. Pitch in dollars, downtime, and resilience: what risks shrink, what recovery speeds up, and how you’ll prove it when things go sideways.

Here’s how CISOs can get the support they need from board members.