InfoSec News

Today’s cybersecurity landscape presents two high-priority issues for CISOs: a significant supply chain breach involving CPUID and an actively exploited vulnerability in Adobe Acrobat Reader. Both incidents require immediate attention, clear communication with executives, and a proactive approach to risk mitigation. This brief outlines the key facts, internal verification steps, and board-level considerations to support informed decision-making. Top Items CISOs Should Care About (Priority) CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads What happened: CPUID, a trusted provider of popular system utilities CPU-Z and HWMonitor, experienced a supply chain compromise. Attackers replaced legitimate downloads with trojanized versions that install the STX Remote Access Trojan (RAT) on user systems. The breach was discovered after reports of anomalous network activity traced back to recent installations of these tools. The STX RAT enables remote control, dat...

Today’s cybersecurity landscape continues to evolve rapidly, with new threats and regulatory challenges emerging daily. CISOs must stay ahead of both technical and reputational risks, especially as privacy and identity issues intersect with law enforcement and regulatory scrutiny. This briefing highlights the most pressing developments and provides actionable steps to ensure your organization remains resilient and compliant. Top Items CISOs Should Care About (Priority) Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data What happened: Citizen Lab has reported that law enforcement agencies leveraged a tool called Webloc to track the locations and behaviors of approximately 500 million devices globally. This tracking was accomplished by exploiting ad data, which is commonly collected by mobile applications and advertising networks. The scale of the operation is unprecedented, raising significant concerns about user privacy and the potential for mi...

Today’s briefing highlights a significant development in device tracking via advertising data and a major international crackdown on crypto fraud. These events underscore the evolving landscape of privacy, regulatory expectations, and the importance of robust security governance. CISOs should be prepared to address both technical and executive-level concerns as these stories gain attention. Top Items CISOs Should Care About (Priority) Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data What happened: Citizen Lab has reported that law enforcement agencies leveraged a tool called Webloc to track the locations and activities of approximately 500 million devices globally. The tracking was achieved by exploiting ad data, which is routinely collected by mobile applications and advertising networks. This mass surveillance campaign reportedly spanned multiple countries and involved the collection of device identifiers, location data, and user behaviors. Th...

Today’s security landscape continues to evolve with new threats targeting both IT and OT environments. CISOs should pay close attention to recent supply chain attacks, industrial device exposures, and targeted fraud campaigns. Staying informed and proactive is essential to maintaining organizational resilience and board confidence. Top Items CISOs Should Care About (Priority) CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads What happened: Attackers compromised CPUID’s website, distributing malware through downloads of popular hardware monitoring tools CPU-Z and HWMonitor. Why it matters: This supply chain attack could enable mass malware distribution across enterprises using these tools. What to verify internally: Inventory of systems with CPU-Z, HWMonitor, or related tools installed Integrity of software sources and update mechanisms Endpoint monitoring for indicators of compromise Vendor risk management processes for thi...

Today’s security landscape continues to challenge CISOs with a mix of supply chain compromises, targeted phishing, ransomware, and critical vulnerabilities. This briefing highlights the most urgent developments and provides actionable steps to help you prepare for board and executive discussions. Staying ahead means verifying internal controls and being ready to answer tough questions on risk exposure and response. Top Items CISOs Should Care About (Priority) Healthcare IT solutions provider ChipSoft hit by ransomware attack What happened: ChipSoft, a major healthcare IT provider, suffered a ransomware attack disrupting services and potentially exposing patient data. Why it matters: Healthcare ransomware incidents can lead to regulatory fines, reputational damage, and critical service outages. What to verify internally: Review ransomware response playbooks and tabletop exercise outcomes Confirm backups are recent, tested, and segmented Assess...

Today’s cybersecurity landscape is marked by active zero-day exploits, sophisticated nation-state campaigns, and evolving threats to cloud and enterprise environments. CISOs must remain vigilant, ensuring controls and response plans are ready for rapid changes. Below, we outline the most pressing items and provide actionable guidance for executive and board conversations. Top Items CISOs Should Care About (Priority) Hackers exploiting Acrobat Reader zero-day flaw since December What happened: A zero-day vulnerability in Adobe Acrobat Reader has been actively exploited since December, targeting a wide range of organizations. Why it matters: This affects a ubiquitous enterprise application, raising both operational and regulatory risk. What to verify internally: Current patch status of all Acrobat Reader deployments Monitoring for suspicious PDF activity or exploitation attempts Incident response readiness for potential compromise Employ...