Recent Cybersecurity News Highlights
2025 CISSP Now Cybersecurity News Highlights
- Kovacs, E. (2025, November 10). "Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site: The Cl0p website lists major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland. https://www.securityweek.com/nearly-30-alleged-victims-of-oracle-ebs-hack-named-on-cl0p-ransomware-site/
- Kappel, R. (2025, October 23). Security Boulevard. "Prosper Marketplace Data Breach Expands: 17.6 Million Users Impacted in Database Intrusion." https://securityboulevard.com/2025/10/prosper-marketplace-data-breach-expands-17-6-million-users-impacted-in-database-intrusion/
- Wilson, M., Mears, M. III. (2025, October 20). "Massive Amazon outage takes down Venmo, Snapchat, Alexa, Reddit and much of the internet – all the latest AWS updates live. An AWS earthquake has given the internet a very bad day." Tech Radar. https://www.techradar.com/news/live/amazon-web-services-alexa-ring-snapchat-fortnite-down-october-2025
- ISC2. (2025, October 9). "Cybersecurity Month: Proof of a Strong Culture of Security." ISC2 Insights. https://www.isc2.org/insights/2025/10/cybersecurity-month-good-security-culture
- Solomon, H. (2025, October 3). "Extortion gang opens data leak site to squeeze victims of its Salesforce attacks." CSO Online. https://www.csoonline.com/article/4067846/extortion-gang-opens-data-leak-site-to-squeeze-victims-of-its-salesforce-attacks.html
- Poireault,K. (2025, September 26). "Singapore Threatens Meta With Fines Over Facebook Impersonation Scams: The Singapore government has given Meta Platforms until September 30 to introduce measures to curb impersonation scams on Facebook." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/singapore-meta-fines-facebook/
- Save the date: ISC2 Security Congress 2025. October 28-30, 2025. Register now. Prices increase after October 16th. For more information, visit: https://web.cvent.com/event/00885cdc-a7ef-4682-81d1-77950c2f3d07/websitePage:e3e1427f-5c48-423a-a0e5-60dcec1c4363
- Beek, K. (2025, August 25). Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0': The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds. Dark Reading. https://www.darkreading.com/cyberattacks-data-breaches/interpol-operation-serengeti-2-0
- Maor, E. (2025, July 31). "Who’s Really Behind the Mask? Combatting Identity Fraud: Why context, behavioral baselines, and multi-source visibility are the new pillars of identity security in a world where credentials alone no longer cut it." Security Week. https://www.securityweek.com/whos-really-behind-the-mask-combatting-identity-fraud/
- Poireault, K. (2025, August 1). "Hackers Regularly Exploit Vulnerabilities Before Public Disclosure, Study Finds: Many hackers are opportunistic and often attempt to exploit security gaps to launch an attack days before a vulnerability is disclosed." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/hackers-exploit-vulnerabilities/
- Microsoft Threat Intelligence. (2025, July 22). "Disrupting active exploitation of on-premises SharePoint vulnerabilities: July 23, 2025 update – Expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware. Microsoft Security Blog. https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
- ISC2. (2025, July 17). "Center for Cyber Safety and Education and Amentum Open Scholarships for Professionals Pursuing the CISSP: Scholarship expands access to CISSP certification to advance and strengthen the global cybersecurity profession." ISC2 Insights. https://www.isc2.org/insights/2025/07/center-for-cyber-safety-and-education-and-amentum-scholarships
- Leyden, J. (2025, July 11). "Anatomy of a Scattered Spider attack: A growing ransomware threat evolves: The cybercriminal group has broadened its attack scope across several new industries, bringing valid credentials to bear on help desks before leveraging its new learnings of cloud intrusion tradecraft to set the stage for ransomware." CSO Online. https://www.csoonline.com/article/4020567/anatomy-of-a-scattered-spider-attack-a-growing-ransomware-threat-evolves.html
- Torsten, G. (2025, June 24). "Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives: The future of secure digital engagement depends on continuous identity verification and proofing that can scale with risk." Security Week. https://www.securityweek.com/identity-is-the-new-perimeter-why-proofing-and-verification-are-business-imperatives/
- Coker, J. (2025, June 27). "Hawaiian Airlines Hit by Cybersecurity Incident." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/hawaiian-airlines-cybersecurity/
- Save the Date: "Navigating Cybersecurity Challenges Together at ISC2 SECURE Washington D.C. 2025." To register, click: https://web.cvent.com/event/05fb2973-f58f-47ae-8267-25539fcd4cc1/summary?utm_source=insights&utm_medium=blog&utm_campaign=isc2-secure-dc-2025&utm_id=isc2-secure-dc-2025
- Save the date: ISC2 Security Conference 2025. October 28-30, 2025. Gaylord Opryland, Nashville, TN., and Virtual. For information and registration, visit: https://web.cvent.com/event/00885cdc-a7ef-4682-81d1-77950c2f3d07/websitePage:e3e1427f-5c48-423a-a0e5-60dcec1c4363
- Kovacs, E. (2025, May 20). "Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers: The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization." Security Week. https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/
- Mell, P., Spring, J. (2025, May 19). "Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability." NIST. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.41.pdf
- Poireault, K. (2025, April 30). "US House Approves Bill to Assess Security Threats Posed by Foreign-Made Routers: A new bill requiring the US Commerce Department to assess the national security risks associated with routers and modems controlled by adversarial nations is one step closer to becoming law after passing the House of Representatives." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/us-house-bill-security-threats/
- ISC2. (2025, April 7). "What Can We Learn from Data Breaches: Analyzing recent and historic data breach incidents is a valuable and constructive way to identify learning opportunities and prevent the same incident occurring elsewhere." ISC2 Insights. https://www.isc2.org/insights/2025/04/what-can-we-learn-from-data-breaches?queryID=eb5e2c9ca1dd0dde6bd8fa65bec08ad2
- Haney, J. (2025, April 2). "7 Tips to Keep Your Smart Home Safer and More Private, From a NIST Cybersecurity Researcher." https://www.nist.gov/blogs/taking-measure/7-tips-keep-your-smart-home-safer-and-more-private-nist-cybersecurity
- CSO News. (2025, March 25). "Microsoft launches AI agents to automate cybersecurity amid rising threats." CSO Online. https://www.csoonline.com/article/3853599/microsoft-launches-ai-agents-to-automate-cybersecurity-amid-rising-threats.html
- Gatlan. S. (2025, March 12). "CISA: Medusa ransomware hit over 300 critical infrastructure orgs." Bleeping Computer. https://www.bleepingcomputer.com/news/security/cisa-medusa-ransomware-hit-over-300-critical-infrastructure-orgs/
- ISC2. (2025, February 27). "Investigating a Cybersecurity Incident: Making a Start." ISC2 Insights. https://www.isc2.org/insights/2025/02/investigating-a-cybersecurity-incident
- Poireault, K. (2025, February 28). "Cybersecurity M&A Roundup: SolarWinds Acquired for $4.4bn: Following a busy January, the cybersecurity M&A market remained active in February 2025, with several key mergers and acquisitions (M&As) announced." https://www.infosecurity-magazine.com/news/cybersecurity-ma-roundup-february/
- Gross, G. (2025, February 4). "CIOs are bullish on AI agents. IT employees? Not so much: IT’s opinion on the promise of agentic AI is divided, with leaders seeing agents as core to business operations in the near future and IT pros — who will deploy them — much more skeptical." CIO. https://www.cio.com/article/3815935/cios-are-bullish-on-ai-agents-it-employees-not-so-much.html
- Bracken, B. (2025, February 11). "Data Leaks Happen Most Often in These States — Here's Why: State-led data privacy laws and commitment to enforcement play a major factor in shoring up business data security, an analysis shows." Dark Reading. https://www.darkreading.com/cyber-risk/business-cybersecurity-weakest-states
- Gatlan, S. (2025, January 31). "US healthcare provider data breach impacts 1 million patients: Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data." Bleeping Computer. https://www.bleepingcomputer.com/news/security/data-breach-at-us-healthcare-provider-chc-impacts-1-million-patients/
- Townsend, K. (2025, January 23). "Cyber Insights 2025: Malware Directions: The continuing advance of AI brings the likelihood of effective, specific vulnerability-targeted new malware automatically produced in hours rather than days or weeks ever closer." Security Week. https://www.securityweek.com/cyber-insights-2025-malware-directions/
- Loukides, M. (2025, January 14). "Technology Trends for 2025: What O'Reilly Learning Platform Usage Tells Us About Where the Industry Is Headed." O'Reilly. https://www.oreilly.com/radar/technology-trends-for-2025/ Key take-away regarding CISSP Certification: "The CISSP (up 11%) and CompTIA Security+ (up 13%) certifications are always at the top of our lists, and this year is no exception. Our State of Security in 2024 report showed that CISSP was the certification most commonly required by employers. If there’s a gold standard for security skills, CISSP is it."
- McMiller, A. (2025, January 10). "CISA Issues Cybersecurity Guidance for IT Sector: The Cybersecurity and Infrastructure Agency has published guideposts for the IT industry to help improve cybersecurity throughout the software development lifecycle." ExecutiveGov https://executivegov.com/2025/01/cisa-cybersecurity-guidance-it-sector/ Reference: CISA. (2025, January 7). "Fact Sheet: Information Technology (IT) Sector-Specific Goals (SSGs)." Cybersecurity & Infrastructure Security Agency. https://www.cisa.gov/resources-tools/resources/information-technology-it-sector-specific-goals-ssgs
- ISC2. (2025, January 6). "The Persistent Threat of Social Engineering: Social engineering has become an established and inevitable threat. Aksher Sheriff, CISSP, shares his personal experiences of dealing with the threat posed and the aftermath of an attack." ISC2 Insights. https://www.isc2.org/insights/2025/01/the-persistent-threat-of-social-engineering?queryID=0881bb4d5ac0a5871a7cb19879dc547b
- Tucker, E. (2024, December 30). "Treasury says Chinese hackers remotely accessed workstations, documents in ‘major’ cyber incident." AP News. https://apnews.com/article/china-hacking-treasury-department-8942106afabeac96010057e05c67c9d5
- Frank, E. (2024, December 12). "The 7 most in-demand cybersecurity skills today: Evolving IT strategies and emerging technologies and threats have organizations shuffling their cyber skills want lists, according to a recent survey of IT security managers conducted by ISC2." CSO. https://www.csoonline.com/article/3615797/the-most-in-demand-cybersecurity-skills-today.html
- Swain, G. (2024, December 6). "FCC calls for urgent cybersecurity overhaul amid Salt Typhoon espionage case: The initiative includes a draft Declaratory Ruling that mandates telecom carriers to secure networks against unauthorized access." CSO. https://www.csoonline.com/article/3618729/fcc-calls-for-urgent-cybersecurity-overhaul-amid-salt-typhoon-espionage-case.html
- Mascellino, A. (2024, December 4). "Ransomware Costs Manufacturing Sector $17bn in Downtime: Ransomware attacks on manufacturing companies have caused an estimated $17bn in downtime since 2018." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/ransomware-manufacturing-dollar17b/
- Reuters. (2024, November 25). "Starbucks faces disruptions following ransomware attack on software supplier: Nov 25 (Reuters) - Starbucks (SBUX.O), opens new tab said the aftermath of a ransomware attack on a software supplier has been affecting its ability to pay baristas and manage their schedules, the company's spokesperson said on Monday." Reuters. https://www.reuters.com/business/retail-consumer/starbucks-faces-disruptions-following-ransomware-attack-software-supplier-2024-11-25/
- Webb, D. (2024, October 18). "Top 9 Trends In Cybersecurity Careers for 2025." Esecurity Planet. https://www.esecurityplanet.com/trends/cybersecurity-careers/
- Dugar, U. et al. (2024, November 15). "T-Mobile hacked in massive Chinese breach of telecom networks, WSJ reports." Reuters. https://finance.yahoo.com/news/t-mobile-hacked-massive-chinese-002126952.html
- Masscellino, A. (2024, November 14). "Microsoft Power Pages Misconfiguration Leads to Data Exposure." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/microsoft-power-pages/
- Mello, J.P. (2024, November 8). "The US Department of Defense has finalized cyber rules for its suppliers: Stringent requirements on DoD contractors to comply with existing protections are expected to take effect by the end of the year. CSO Online. https://www.csoonline.com/article/3600834/the-us-department-of-defense-has-finalized-cyber-rules-for-its-suppliers.html
About Certified Information Systems Security Professional
(CISSP) Certification:
(CISSP) Certification:
- ISC2. (2025, July 17). "Center for Cyber Safety and Education and Amentum Open Scholarships for Professionals Pursuing the CISSP: Scholarship expands access to CISSP certification to advance and strengthen the global cybersecurity profession." ISC2 Insights. https://www.isc2.org/insights/2025/07/center-for-cyber-safety-and-education-and-amentum-scholarships
- Read the following article from a top tech learning platform: Loukides, M. (2025, January 14). "Technology Trends for 2025: What O'Reilly Learning Platform Usage Tells Us About Where the Industry Is Headed." O'Reilly. https://www.oreilly.com/radar/technology-trends-for-2025/
- Key take-away regarding CISSP Certification: "The CISSP (up 11%) and CompTIA Security+ (up 13%) certifications are always at the top of our lists, and this year is no exception. Our State of Security in 2024 report showed that CISSP was the certification most commonly required by employers. If there’s a gold standard for security skills, CISSP is it."
- ISC2. (2024, December 17). "The Future of Cyber Knowledge Management is Evolving – ISC2 Unified Body of Knowledge." ISC2 Insights. https://www.isc2.org/insights/2024/12/the-future-of-cyber-knowledge-management-is-evolving
- Great blog! ISC2. (2024, May 17). "My Route to Cybersecurity: Studying for the ISC2 Certified in Cybersecurity exam is no simple task, but as Louise Esporlas, CC explains, earning the certification helped define education and career pathways." ISC2 Insights. https://www.isc2.org/Insights/2024/05/My-Route-to-Cybersecurity-CC
- ISC2. (2024, April 15). "CISSP Exam Refresh and Updated Official Training Now Live." ISC2 Insights. https://www.isc2.org/Insights/2024/04/CISSP-Exam-Refresh-and-Updated-Official-Training-Now-Live?queryID=7de1a62f322d6f13f548aca9641597fd Check out the 2024 Detailed Content Outline with Weights Final, Effective April 15, 2024, by clicking here.
- ISC2. (2024, February 25). "Computerized Adaptive Testing (CAT) for CISSP Examinations in All Languages." https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages From the announcement: "We are pleased to announce that as of April 15, 2024, all CISSP examinations worldwide will take place in Computerized Adaptive Testing (CAT) format." Read the rest: https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages
- CISSP Exam Refresh FAQ: Here are the details about the April 15, 2024 CISSP exam update direct from ISC2. https://www.isc2.org/certifications/cissp/cissp-exam-refresh-faq
- ISC2. (2024, February 12). "Asking All CISSP Holders to Help Shape the Certified in Cybersecurity (CC) Exam." ISC2 Insights. https://www.isc2.org/Insights/2024/02/Asking-All-CISSP-Holders-to-Help-Shape-the-Certified-in-Cybersecurity-CC-Exam?queryID=a1e205b26f8bb9f9d83cc62c123cc17b
CISSP Tips and Topics
|
|
News Sites of Interest to the Certified Information Systems Security Professional (CISSP):
- (ISC)² insights: https://www.isc2.org/Insights
- Infosecurity Magazine: https://www.infosecurity-magazine.com/
- Dark Reading: https://www.darkreading.com/
- The Hacker News: https://thehackernews.com/
- CIO IT Operations: https://www.cio.com/it-operations/
- CSO Online: https://www.csoonline.com/news/
- Security Week: https://www.securityweek.com/
- Wired: https://wired.com
- Bleeping Computer https://www.bleepingcomputer.com/
CISSP - Certified Information Systems Security Professional - About the CISSP NOW! method:
- The CISSP NOW! method, documented in the CISSP NOW! ebook, references official (ISC)² study material, which may be purchased from Amazon: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119787637
- If you do not have access to the official (ISC)² study material, you will not be able to follow the CISSP NOW! method.
- The CISSP NOW! method is built around continuous self-assessment and quantitative feedback.
