CSO US First Look
The day's top cybersecurity news and in-depth coverage
April 09, 2025
Is HR running your employee security training? Hereâs why thatâs not always the best idea
Training employees to resist the lure of phishing, scams, and deepfakes is central to a good cybersecurity posture, but to be effective it needs to be handled with plenty of input and guidance from the security team.
Read more
April Patch Tuesday news: Windows zero day being exploited, 'big vulnerability' in 2 SAP apps
There are several critical fixes for CISOs to worry about â and why were Microsoft patches later than expected?
Lessons learned about cyber resilience from a visit to Ukraine
When systems fail, itâs important to have a plan to replace lost resources however and from wherever you can source them, as the embattled country has learned over more than a decade of conflict.
Chinese ToddyCat abuses ESET antivirus bug for malicious activities
The DLL search order hijacking vulnerability allows attackers to trick Windows into executing malicious DLLs.
Warning to developers: Stay away from these 10 VSCode extensions
Malicious extensions that install a cryptominer were released just as the weekend started.
