Critical SharePoint flaw, real-time cyberattack prevention, CISA's Intune warning

Critical Microsoft SharePoint flaw now exploited in attacks 1stProtect reveals endpoint security platform intended to prevent cyberattacks in real time CISA urges U.S. organizations to secure Microsoft Intune systems following Stryker breach Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-critical-sharepoint-flaw-real-time-cyberattack-prevention-cisas-intune-warning/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. Learn more at  adaptivesecurity.com.

DarkSword emerges from suspected Russian hackers "ShieldGuard" dismantled after malware discovery North Korea's fake IT worker army rakes in $500M/year Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-darksword-emerges-shieldguard-dismantled-nk-it-worker-army-rakes-in-money/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. Learn more at adaptivesecurity.com.

Energy Department to release first cyber strategy Tech giants sign on to fight scammers Font-rendering hides malicious commands from AI in plain sight Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-energy-strategy-scammer-accord-font-rendering-attack/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery – especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs deepfake and vishing simulations so employees practice this before it's real. Learn more at  adaptivesecurity.com.

Stryker hospital tools safe, digital ordering services down Models apply to be the face of AI scams Cybercrime up 245% since Iran conflict Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-stryker-hospital-tools-safe-models-apply-to-power-ai-scams-cybercrime-up-245/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Today's phishing doesn't just hit inboxes — it can sound like your CFO or look like your CEO on Zoom. AI voices, video, and deepfakes are turning trust into the attack surface. Adaptive fights back with AI-driven risk scoring, deepfake simulations featuring your own executives, and interactive training your team will actually remember. Take a three-minute tour or request a CEO deepfake demo at adaptivesecurity.com.

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jonathan Waldrop, CISO, Acoustic, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI-powered social engineering attacks. Learn more at adaptivesecurity.com. All links and the video of this episode can be found on CISO Series.com      

Payload Ransomware group claims breached of Royal Bahrain Hospital Canadian food retailer Loblaw confirms data breach New York cyber regulations for water organizations launch in 2027 Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-royal-bahrain-hospital-breach-canadas-loblaw-breached-new-york-water-laws/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI-powered social engineering attacks. Learn more at adaptivesecurity.com.

Iran boosts cyberattacks VENON targets Brazilian banks England Hockey investigates breach Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-iran-boosts-cyberattacks-venon-targets-brazilian-banks-england-hockey-investigates-breach/ Huge thanks to our sponsor, Dropzone AI If you are heading to RSAC next week, here are three things worth seeing at the Dropzone AI Diner. Booth 455, South Expo Hall.   One: watch their AI SOC agents investigate real alerts live, with every reasoning step exposed. Two: meet the AI Threat Hunter, the newest agent joining the team. Three: enter the investigation competition and go head to head against the AI.   Schedule your stop at dropzone.ai/rsa-2026-ai-diner.

Meta apps offer new scam protection Google's Wiz acquisition finalized China curbs state-run OpenClaw use Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-meta-offers-scam-protection-googles-wiz-acquisition-finalized-china-curbs-openclaw-use/ Huge thanks to our sponsor, Dropzone AI Here is something worth asking any AI security vendor you meet at RSAC.    Can you show me exactly what your AI did? Not just the verdict. The reasoning. Every tool it queried, every piece of evidence, every step it took to get there.   Most cannot. Dropzone AI can. Every investigation is fully transparent. You do not have to trust the AI. You can verify it.    See it for yourself at Booth 455. dropzone.ai/rsa-2026-ai-diner  

NSA and Cyber Command head confirmed Russians targeting encrypted messaging app users OpenAI rolls out vulnerability scanner Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-march-11-2026/ Huge thanks to our sponsor, Dropzone AI Remember yesterday's 3 AM threat intel? Here is how it plays out with Dropzone AI.   The intelligence drops. Dropzone picks it up, turns it into a threat hunt, and runs it across your SIEM, EDR, and cloud data while your team sleeps. By morning, your analysts have answers, not a backlog.   That is the AI Threat Hunter, the newest agent on the team, debuting at RSAC. Booth 455, South Expo Hall. dropzone.ai/rsa-2026-ai-diner  

InstallFix attacks spread fake Claude code sites UNC4899 breaches crypto firm via trojanized file UK launches cyber-fraud crackdown unit Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-installfix-spreads-fake-claude-sites-unc4899-breaches-crypto-uk-cyber-fraud-crackdown/ Huge thanks to our sponsor, Dropzone AI It is 3 AM. New threat intelligence drops. An attack pattern targeting your industry. Your threat hunting team is four people, all on day shift, and already behind on last week's hunts.   By the time someone gets to it, the window for early detection has closed. The attacker is already inside. Tomorrow, I will tell you what Dropzone AI is bringing to RSAC to solve exactly this problem. If you cannot wait, head to dropzone.ai/rsa-2026-ai-diner.