Rethinking the CIO-CISO Dynamic in the Age of AI

Jennifer Lawinski • December 5, 2025

Organizations are beginning to reimagine how leadership roles should be structured, aligned and empowered as they grapple with regulatory pressures, the unpredictable nature of AI systems, and the need for operational resilience in an increasingly uncertain business climate.

Agentic AI

SOCs Must Be Built for Speed in the AI Threat Era

Latest

Government

No Vote, No Leader: CISA Faces 2026 Without a Director

Chris Riotta • December 5, 2025

Sean Plankey's stalled nomination leaves the Cybersecurity and Infrastructure Security Agency without a Senate-confirmed director amid rising state-linked threats, as unrelated congressional holds tied to telecom and contracting fights freeze the process with no resolution in sight.

Cyber Insurance

23andMe to Get $16.5M in Unused Cyber Insurance

Marianne Kolbasuk McGee • December 5, 2025

As part of its ongoing Chapter 11 bankruptcy proceedings, 23andMe Holding Co. - now named Chrome Holding - has reached a settlement with its cyber insurers for the carriers to buy back $16.5 million of the consumer genetics testing firm's unused cyber policy. What will the company do with the funds?

AI-Based Attacks

ISMG Editors: Inside the Rapid Evolution of Ransomware

Anna Delaney • December 5, 2025

In this week's panel, four ISMG editors discussed the latest shifts in ransomware tactics, a major development in the Texas challenge to the HIPAA Privacy Rule related to reproductive rights, and how SMBs navigating AI are facing very different challenges than large enterprises.

Security Operations

React Flaw Mitigation Leads to Cloudflare Outage

Akshaya Asokan • December 5, 2025

Content delivery network giant Cloudflare is investigating a brief outage early Friday that took down multiple websites. The incident marks the second outage in the span of a month, although the causes are unrelated. It stemmed from how Cloudflare's web application firewall parses requests.

Governance & Risk Management

Chinese Nation-State Groups Tied to 'React2Shell' Targeting

Mathew J. Schwartz • December 5, 2025

Warnings continue to mount over a critical vulnerability in the widely used web application framework React, with threat intelligence analysts warning that it's being actively targeted by Chinese nation-state groups, and that a legitimate, weaponized proof-of-concept exploit is now public.

Cyberwarfare / Nation-State Attacks

Brickstorm Malware Hits US Critical Systems, CISA Warns

Chris Riotta • December 4, 2025

U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels.

Artificial Intelligence & Machine Learning

HHS Outlines AI Road Map Amid Major Department Overhaul

Marianne Kolbasuk McGee • December 4, 2025

The U.S. Department of Health and Human Services on Thursday unveiled "version 1" of a strategic plan to implement artificial intelligence as a "practical layer" across the department and its agencies aimed at helping to break down silos, improve collaboration and increase efficiencies.

Geo Focus: The United Kingdom

UK Government Considers Computer Misuse Act Revision

Akshaya Asokan • December 4, 2025

The U.K. government is considering amending its three-decade-old hacking law to include a "statutory defense" cover for security researchers. The announcement comes amid concerns that the law penalizes white hat hackers for essential security practices.

Cybercrime

Breach Roundup: React Flaw Incites Supply Chain Risk

Pooja Tikekar • December 4, 2025

This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi "evil twin" crimes. The US FTC will send $15.3 million to Avast users. A London council said attackers stole data.

Artificial Intelligence & Machine Learning

US, Allies Warn AI in OT May Undermine System Safety

Chris Riotta • December 4, 2025

The U.S. cyber defense agency warned that machine learning and large language model deployments can introduce new attack surfaces across critical infrastructure sectors in a document setting out principles for safely integrating AI into operational technology.

Blockchain & Cryptocurrency

Cryptohack Roundup: Authorities Shutter Cryptomixer

Rashmi Ramesh • December 4, 2025

This week, authorities shutter Cryptomixer, Anthropic warns about autonomous AI exploits, U.K. plans ban on crypto political donations, Do Kwon seeks leniency, Lazarus Group suspected in Upbit theft, Balancer's post-exploit plans and Yearn recovers hacked crypto.

Endpoint Security

CISA Warns of Severe Flaws in Nuclear Med Tracking Software

Marianne Kolbasuk McGee • December 3, 2025

U.S. federal authorities are warning that several high-severity vulnerabilities discovered in Mirion Medical Co. inventory tracking software used by nuclear medicine departments could allow attackers to modify program executables and gain access to sensitive information.