Join former ICE:NYSE CISO Jerry Perullo, former Snowflake CISO Mario Duarte, and former JupiterOne CISO and Bank of America leader Sounil Yu as they dive into the good, the bad, and the ugly in the latest cybersecurity news. Each week, we discuss the most pressing headlines, offer candid commentary, and share unique insights from our extensive experience in the field.
⬇️ See below for timestamps/summaries/references for each topic 00:00 Highlight/theme 00:28 Intro 02:15 Unicorn startup allegedly cultivated spy to steal trade secrets from competitor 18:19 Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz 33:35 Trump Administration accidentally sends war plans to reporter via Signal 47:20 GitHub action supply chain attack 53:55 Oracle under fire for its handling of security incidents Rippling Alleges Deel Cultivated Spy, Orchestrated Trade-Secret Theft Against Competitor Rippling has filed a lawsuit alleging that $12 billion HR-tech company Deel orchestrated a months-long corporate espionage campaign involving a planted spy within Rippling. Reference: https://www.rippling.com/blog/lawsuit-alleges-12-billion-unicorn-deel-cultivated-spy-orchestrated-long-running-trade-secret-theft-corporate-espionage-against-competitor Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz Google has agreed to acquire cybersecurity startup Wiz for $32 billion in cash, marking its largest acquisition ever and the biggest tech deal of 2025 so far. Reference: https://www.wsj.com/business/deals/alphabet-back-in-deal-talks-for-cybersecurity-startup-wiz-41cd3090?st=uQ8bmN&reflink=article_copyURL_share The Trump Administration Accidentally Texted Me Its War Plans In the article, journalist Jeffrey Goldberg reveals that he was accidentally included in a Signal group chat by senior members of the Trump administration—specifically Pete Hegseth, the Secretary of Defense—who shared detailed plans for a military strike on Houthi targets in Yemen. Reference: https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/ Supply Chain Attack on GitHub Action Wiz discovered a supply chain attack on the GitHub Action reviewdog/action-setup@v1, likely leading to the compromise of tj-actions/changed-files, resulting in widespread CI secret leakage and highlighting the risks of unpinned actions. Reference: https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup Oracle hacked Oracle has informed clients of a second recent cybersecurity breach in which a hacker accessed an old system and stole customer log-in credentials, some of which date back to 2024, according to Bloomberg News. Latest: https://www.reuters.com/technology/cybersecurity/oracle-tells-clients-second-recent-hack-log-in-data-stolen-bloomberg-news-2025-04-02/
⬇️ See below for timestamps/summaries/references for each topic 00:00 Highlight/theme 00:37 Intro 01:37 Malvertising campaign leads to info stealers hosted on GitHub 11:59 Wall Street is worried it can't keep up with AI-powered cybercriminals 24:02 What Really Happened With the DDoS Attacks That Took Down X 28:34 Bring-your-own-laptop policies 40:41 Are WAFs useful or are they just another TPRM box to check? 46:59 Is the CISO job market warming up? Malvertising campaign leads to info stealers hosted on GitHub Microsoft Threat Intelligence uncovered a large-scale malvertising campaign in December 2024, affecting nearly one million devices globally. The attack originated from illegal streaming sites embedding malvertising redirectors, which funneled users to GitHub-hosted malware, with additional payloads delivered via Discord and Dropbox. This multi-stage attack leveraged info stealers like Lumma and Doenerium, along with remote monitoring tools, using advanced evasion techniques to steal system and browser data while maintaining persistence on compromised devices. 📖 References: https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/ Wall Street is worried it can't keep up with AI-powered cybercriminals A survey by Accenture found that 80% of bank cybersecurity executives believe generative AI is enabling cybercriminals faster than banks can respond. While banks invest billions in cybersecurity, they struggle to keep pace due to strict regulations and the rapid advancement of AI-powered scams that target customers, employees, and vendors. Cybercriminals exploit generative AI to craft sophisticated attacks, infiltrate supply chains, and identify vulnerabilities, making third-party risk a major concern for financial institutions. 📖 References: https://www.businessinsider.com/banks-ai-cybersecurity-threats-hackers-generative-ai-2025-3 What Really Happened With the DDoS Attacks That Took Down X X experienced intermittent outages due to a series of DDoS attacks, which Elon Musk attributed to Ukrainian IP addresses, though cybersecurity experts argue that IP attribution alone is unreliable. Analysts suggest the attacks targeted improperly secured X origin servers, allowing a botnet of compromised cameras and DVRs to bypass Cloudflare protection. While a pro-Palestinian group claimed responsibility, experts emphasize that the attack’s true origin remains unclear due to the decentralized nature of botnets and the use of obfuscation techniques. 📖 References: https://www.wired.com/story/x-ddos-attack-march-2025/
00:00 Highlight 00:28 Intro 3:41 What's getting cut at CISA? 19:01 USCYBERCOM told to stop planning offensive attacks against Russia 27:54 ByBit hacked for $1.5B in cryptocurrency 40:01 CISO discussion: How to regain trust after a cyber breach 49:17 CISO discussion: Data security for GenAI tools 58:43 How to get the most out of RSA Conference 💰 Budget cuts hit CISA, and election security programs might be first on the chopping block. The team debates whether these cuts were expected, what they mean for cybersecurity, and whether some programs were outside CISA’s core mission in the first place. Reference: https://www.scworld.com/perspective/a-sober-look-at-the-recent-cuts-at-cisa ⚔️ A sudden shift in cyber warfare strategy—USCYBERCOM has reportedly been asked to halt offensive cyber operations against Russia. The guys discuss what this means for national security, cyber deterrence, and whether it signals a political deal in the making. Reference: https://www.nbcnews.com/politics/trump-administration/defense-secretary-pete-hegseth-orders-halt-offensive-cyber-operations-rcna194435 💸 A massive crypto heist exposes software supply chain vulnerabilities. North Korean attackers allegedly compromised a JavaScript library to drain $1.5 billion. The team breaks down what happened, what it means for the future of crypto security, and whether cybercriminals will use the same techniques elsewhere. Reference: https://docsend.com/view/s/rmdi832mpt8u93s7 🔄 When a company gets hacked, how do CISOs rebuild trust? The conversation explores the difference between trust and transparency, why some companies handle breaches better than others, and what lessons CISOs can learn from past incidents. Reference: https://www.csoonline.com/article/3825447/how-cisos-can-rebuild-trust-after-a-security-incident.html 🤖 GenAI tools want access to everything—but should security teams allow it? The team debates whether CISOs should fight the inevitable, or if they should negotiate smarter ways to control AI access while still allowing business teams to benefit. 🎟️ RSA Conference survival guide! How do you maximize networking, avoid vendor overload, and make sure the week is productive?
⬇️ See below for timestamps/summaries/references for each topic 00:00 Highlight/theme 00:37 Intro 1:21 Hitch Partners survey of CISOs 13:34 Dangling S3 buckets 24:35 Update on Cybersecurity Innovation Executive Order 32:58 Cyber stocks - NET and CRWD at all-time highs 44:07 Okta lays off 180 employees, including security engineers 55:47 Is anyone actually doing TLS inspection? 1:03:21 Is a SOC2 certificate enough to pass TPRM? Hitch Partners survey of CISOs The 2025 CISO Security Leadership Survey by Hitch Partners highlights key trends in CISO compensation, reporting structures, and industry disparities. Public company CISOs see higher cash compensation and equity growth, with a 6.1% increase year-over-year, while private company CISOs face tighter financial conditions and fewer benefits like D&O insurance. CISOs in larger organizations are less likely to report directly to the CEO, instead aligning with CIOs as company size increases. Compliance, business impact, and ROI are the top budget justification factors, and signing bonuses are more common in public companies. With an average tenure of 39 months, organizations looking to attract top security leaders must focus on competitive compensation, equity incentives, and comprehensive protections. 📖 References: https://www.hitchpartners.com/ciso-security-leadership-survey-results-25 Dangling S3 buckets watchTowr Labs detailed how they identified approximately 150 abandoned Amazon S3 buckets previously utilized by various organizations, including governments and cybersecurity firms. Upon registering these buckets, they monitored over 8 million HTTP requests within two months, revealing ongoing attempts to access software updates, binaries, and other critical resources. 📖 References: https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/ Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats. 📖 References: https://web.archive.org/web/20250119001804/https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/ Layoffs at Okta On February 4, 2025, Okta, a U.S. access and identity management company, laid off 180 employees, marking its second workforce reduction in just over a year. This follows a previous layoff of approximately 400 employees in February 2024. The Enterprise Security team was affected. 📖 References: https://techcrunch.com/2025/02/04/okta-lays-off-180-employees-nearly-one-year-after-last-workforce-reduction/
⬇️ See below for timestamps/summaries/references for each topic 00:00 Intro 01:33 Biden's Executive Order on Cyber Security 05:18 Cyber policy wishlist 21:30 TikTok and RedNote 29:36 Marsh's report on cyber insurance 49:21 Do CISOs need to be highly technical? Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats. 📖 References: https://web.archive.org/web/20250119001804/https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/ TikTok Refugees Flock to China’s RedNote Amid U.S. Ban Concerns Following increased scrutiny and potential bans on TikTok in the U.S., over half a million users migrate to China’s RedNote platform. This shift highlights growing concerns over data privacy, national security, and the geopolitical tensions surrounding Chinese-owned apps. 📖 References: https://www.reuters.com/technology/over-half-million-tiktok-refugees-flock-chinas-rednote-2025-01-14/ Using Cybersecurity Analytics to Prioritize Cybersecurity Investments This article by Marsh explores how organizations can leverage cybersecurity analytics to make informed decisions about where to allocate resources for maximum impact. By analyzing data on threats, vulnerabilities, and past incidents, businesses can prioritize investments in areas that will most effectively reduce risk and enhance their overall security posture. 📖 References: https://www.marsh.com/en/services/cyber-risk/insights/using-cybersecurity-analytics-to-prioritize-cybersecurity-investments.html No, you probably don't need a technical CISO An article argues that organizations may not necessarily require a highly technical Chief Information Security Officer (CISO). Instead, it emphasizes the importance of leadership, strategic thinking, and the ability to manage risk effectively in the role. 📖 References: https://www.linkedin.com/pulse/you-probably-dont-need-technical-ciso-shaun-marion-u0pmc