CSO US First Look
The day's top cybersecurity news and in-depth coverage
April 17, 2025
CISOs rethink hiring to emphasize skills over degrees and experience
Cybersecurity leaders are increasingly dropping degree and experience requirements in favor of a skills-first approach to defining security roles and recruiting to fill them. But success requires intention and a new way of evaluating talent.
Read more
MITRE funding still in up in the air, say experts
The US is ânot a reliable partnerâ in supporting the CVE database, says one analyst; CVE board members establish the CVE Foundation in response.
New ResolverRAT malware targets healthcare and pharma orgs worldwide
Distributed via phishing emails, the DLL side-loaded malwareâs payload is executed only in memory and uses sophisticated detection evasion and anti-analysis techniques.
CVE program averts swift end after CISA executes 11-month contract extension
After DHS did not renew its funding contract for reasons unspecified, MITREâs 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge.
What boards want and donât want to hear from cybersecurity leaders
To get through to board members, cybersecurity leaders need to not only learn the language of business but how to translate cyber risk in a way board members can make sense of.
Cato Networks augments CASB with genAI security
The SASE provider adds generative AI security controls to its Cloud Access Security Broker application to track the use of genAI.
