From the War with Iran front,
- Cybersecurity Dive reports,
- “Threat actors linked to Iran are using artificial intelligence to enhance their cyber and information warfare capabilities, putting the U.S. and its allies at higher risk of asymmetric attack, according to a report released Thursday by Recorded Future.
- “Iran-nexus actors have used generative AI and large language models in a range of activities, including the development of malware, conducting research on industrial control systems, exploiting software vulnerabilities and other uses.
- “There are no indications yet that Iran has developed fully autonomous models, but the country is clearly using AI to accelerate its existing capabilities.
- “AI has not transformed Iran into a fundamentally different cyber power, but it has compressed the distance between intent and action,” Alexander Leslie, senior advisor at Recorded Future, told Cybersecurity Dive.”
From the Project Glasswing front.
- CRN reports,
- “Microsoft’s unprecedented July security update—which potentially includes patches for more than 600 vulnerabilities—is confirmation that ultra-powerful AI models for discovering software flaws are already starting to signal massively bigger challenges in vulnerability management, according to MSP executives.
- “For months, the industry has been watching for indicators that vulnerability discovery capabilities from frontier AI models such as Anthropic’s Claude Mythos would lead to increased CVEs (Common Vulnerabilities and Exposures). While some hints of this had surfaced previously, the hundreds of CVEs that received software patches Tuesday as part of Microsoft’s monthly release of software bug fixes is the clearest sign of this yet, MSP executives told CRN.
- “Estimates of the number of vulnerabilities disclosed by Microsoft during the release, colloquially known as “Patch Tuesday,” have varied but could be above 600, according to TrendAI’s Zero Day Initiative. Dustin Childs, head of threat awareness at TrendAI, counted 621 new Microsoft CVEs for the July security update.
- “The bug apocalypse has fully descended upon us,” Childs wrote in a post.” * * *
- “Microsoft has been among the tech industry vendors that have received access to Anthropic’s Claude Mythos model for the purposes of proactively discovering vulnerabilities in its own products, as part of the Project Glasswing initiative announced in April. Similarly, OpenAI has provided Microsoft with access to its frontier AI vulnerability-discovery models through its Trusted Access for Cyber initiative.”
From the cybersecurity and law enforcement front,
- Cybersecurity Dive reports,
- “The Trump administration on Tuesday [July 14] announced the launch of a program that will coordinate the security community’s use of frontier AI models to rapidly identify and fix vulnerabilities.
- “The vulnerability management clearinghouse, which the administration is calling Gold Eagle, is a response to the skyrocketing number of vulnerabilities that AI models are finding and the strain that that surge is placing on the security community. Through the clearinghouse, the government will coordinate efforts by private companies and independent researchers to scan critical software packages for flaws, fix any flaws that surface and deploy those fixes to end users.” * * *
- “Gold Eagle “has already begun to intake and prioritize identified cybersecurity vulnerabilities from across industries and sectors, coordinate scanning verifications, and ultimately ensure the security of our nation’s software and networks,” the White House said in a statement.
- “The core of the Gold Eagle program is the Vulnerability Information and Coordination Environment (VINCE), which the government is operating in partnership with Carnegie Mellon University’s Software Engineering Institute. The VINCE platform will allow anyone to report vulnerabilities to the Gold Eagle program for triage and mitigation.
- “VINCE will enable “vulnerability and patching coordination at a speed and scale never seen before,” National Cyber Director Sean Cairncross told reporters during a briefing on Tuesday.
- “Gold Eagle will focus heavily on open-source software, whose code underpins a wide range of critical infrastructure but is often poorly scrutinized.”
- Dark Reading adds,
- “Katie Moussouris, founder and CEO of Luta Security as well as a pioneer in vulnerability remediation, tells Dark Reading that the cross-sector vulnerability coordination gap Gold Eagle targets “is real,” as the Known Exploited Vulnerabilities (KEV) catalog, National Vulnerability Database (NVD), and Information Sharing and Analysis Center (ISACs) do not address cross-sector prioritization. And as she has long said, vulnerability management policy problems don’t resolve on their own.
- “The bottleneck was never knowing about more bugs. It was having the people and process to prioritize and fix them and ensure they do not recur,” she says. “Remediation prioritization according to the new BOD 26-04 will take skills and process at each affected organization, by definition, since two and possibly three out of four of the prioritization criteria are subjective and specific per organization.” * * *
- “Moussouris cited CISA’s recent postmortem on its AWS keys being exposed in a public GitHub repository for six months as an example of something that highlights pre-existing process weaknesses at the federal level.” * * *
- Knostic chief AI officer Sounil Yu says that if the government wants to help stakeholders via “frontier AI capabilities,” the most useful application would be something that accelerates the implementation of vulnerability fixes.
- “Finding vulnerabilities proactively has not been the constraint. Even finding a fix or patch has not been a significant constraint. The constraint has traditionally been in implementing the fix wherever the software has been deployed,” he says. “But if you unpack it further, it’s deploying the fix and then recertifying that everything is working as expected.”
- “Similarly, Sachin Jade, chief product officer at Cyware, tells Dark Reading that while AI tools can surface vulnerabilities faster than anyone can currently act on them, there is also a lag in determining which findings are real, prioritizing severity, and developing and deploying a fix.
- “This program is a good start, and we as the industry have to work collectively to sharpen our approaches, increase defense velocity, empower sharing and collective defense, and become proactive in our mindsets,” Jade says.”
- Beckers Health IT asks and answers “Healthcare Security Teams Have More Alerts Than Ever. So Why Is Risk Still Getting Through?”
- “People remain the core of healthcare cybersecurity. When automation handles repetitive work, analysts can focus on meaningful threats, response planning and the gaps most likely to affect the organization.
- “IBM found that organizations extensively using AI and automation in security operations identified and contained breaches 80 days faster and experienced an average of $1.9 million less in breach costs. That does not mean technology replaces experienced professionals. It shows what can happen when they receive better-organized information sooner.
- “The most resilient healthcare organizations will be the ones that can work through data faster, identify what is relevant and act within clear safeguards before a security gap interrupts claims or patient care.”
- Security Week relates,
- “The Department of War has suspended CMMC Phase 2’s mandatory third-party assessment requirement, citing concerns that the assessor ecosystem couldn’t scale to meet demand and that compliance costs were pushing small and mid-sized firms out of the defense industrial base.
- “A newly formed CMMC Reform Task Force will spend 60 days reviewing the program, gathering industry feedback, and reporting recommendations by mid-September.
- Crucially, the pause only affects independent verification, with Phase 1 self-assessment obligations, SPRS score submissions, and the underlying DFARS 252.204-7012 requirement to protect controlled unclassified information (CUI) remaining fully in effect.
- “Industry professionals broadly agree that the suspension pauses third-party CMMC audits but not the underlying legal obligation to protect CUI, warning that self-attestation without verification raises False Claims Act exposure. However, experts are split on whether the fix should be to scope assessments down, automate them, or preserve them largely as-is.”
- Per a July 15, 2026, Cybersecurity and Infrastructure Security Agency (CISA) news release,
- “Today, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Security Agency (NSA), Japan Computer Emergency Response Team Coordination Center (JPCERT/CC), Netherlands’ National Cyber Security Centre (NCSC-NL), and United Kingdom’s National Cyber Security Centre (NCSC-UK), published Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers.
- “This guidance helps software manufacturers and online service providers collaborate effectively with security researchers who identify weaknesses in software, networks, and hardware in a structured, transparent framework. A well-defined coordinated vulnerability disclosure (CVD) program enables software manufacturers and online service providers to better assess potential risk, improve their vulnerability management processes, and make informed decisions that improve product security for their customers.
- “Coordinated vulnerability disclosure is foundational to building a secure software ecosystem. The practices in this guide help protect customers, strengthen products and support CISA’s Secure by Design initiative, which encourages companies to be transparent and responsible in how they build and maintain their technology,” said Acting Executive Assistant Director for Cybersecurity Chris Butera. “CISA encourages suppliers to establish a coordinated vulnerability disclosure program and build constructive, collaborative relationships with security researchers to enhance product security.”
- Cyberscoop tells us
- “A total of eight cyber personnel have served in a program that began in 2022 to rotate workers between federal agencies to bolster the workforce, a watchdog report said Thursday.
- “Over the life of the Federal Rotational Cyber Workforce program that effectively went away last year, 13 agencies offered 106 positions and received 634 applications, according to the Government Accountability Office. Eight workers won approval to participate.
- “The goal of the Office of Personnel Management-led program, established by bipartisan legislation, was that “participating employees develop knowledge and skills that they can bring back to their home agencies,” as the GAO noted.
- “OPM evaluated possible shortcomings in implementing the program in late 2024 and developed plans for improving it, but never followed up on them, the GAO said. As of next summer the program will officially end, OPM said.”
- and
- “A pair of young men were sentenced to 66 months in jail for committing acyberattack on the Transport for London that brought the network’s operations to a standstill in 2024, the United Kingdom’s National Crime Agency said Thursday [July 16].
- “Thalha Jubair and Owen Flowers were arrested at their homes in September 2025, barely a year after the attack, and pleaded guilty last month just as their trials were set to begin. Flowers was previously arrested in connection with the attack in September, but was released after questioning by officers.
- “Jubair and Flowers were leading members and highly involved in Scattered Spider, a nebulous hacker subset of The Com, according to researchers. The 20-year-old Jubair was a prolific cybercriminal and core member of the unbound collective.
- “U.S. authorities last year accused Jubair of direct, prominent involvement in at least 120 cyberattacks, including extortion of 47 U.S.-based organizations and the January 2025 attack on the federal court system.
- Beckers Health IT identified 11 cases from a Federal crackdown on hospital hackers.
- “Federal authorities are intensifying their pursuit of the cybercriminals behind hospital and healthcare ransomware attacks, bringing charges against ransomware developers, state-sponsored hackers and even insiders from the cybersecurity industry.
- “The latest move came July 14, when the Justice Department indicted three Russian nationals and two “bulletproof hosting” companies tied to $62 million in U.S. victim losses. The action is part of Operation Riptide, the FBI’s ongoing campaign against cybercrime infrastructure, after Americans reported more than $20 billion in cybercrime losses last year, a 26% single-year increase.”
From the cybersecurity breaches and vulnerabilities front,
- HIPAA Journal posted its May 2026 Healthcare Data Breach report last Tuesday.
- “Based on the current data on the HHS’ Office for Civil Rights (OCR) breach portal, 61 healthcare data breaches affecting 500 or more individuals were reported in May 2026. May’s current total represents a 27.1% month-over-month increase in data breaches. Over the past 12 months, an average of 64 large healthcare data breaches were reported each month.”
- MedTech Dive reports,
- “Abbott disclosed on Thursday [July 16] that a cyberattack hit its cancer diagnostics business.
- The medical device company said in a statement posted to its websitethat there was unauthorized access to a limited number of internal systems in its cancer diagnostics business. There was no impact on other Abbott businesses, sites or systems.
- Abbott’s cancer diagnostics business includes Exact Sciences, which the company acquired in a $21 billion deal earlier this year. The legacy Exact Sciences systems are separate from Abbott’s, according to the statement.
- Beckers Health IT relates,
- “A cyberattack on New Jersey law firm Greenbaum Rowe Smith & Davis has exposed data on 12,801 patients across three health systems in the state.
- “Greenbaum discovered unauthorized access to its systems through a compromised user account in November 2025 and traced the intrusion to Nov. 25-27, 2025, according to the firm’s notification. Affected organizations include Edison, N.J.-based Hackensack Meridian Health, Morristown, N.J.-based Atlantic Health and Trinitas Regional Medical Center in Elizabeth, N.J., part of West Orange, N.J.-based RWJBarnabas Health.
- “An investigation completed in April found an unauthorized third party accessed patient names, addresses, medical record numbers, medical history, provider details, medical bill amounts and health insurance information. For a subset of individuals, Social Security numbers or dates of birth also were exposed, Greenbaum said.”
- Bleeping Computer tells us,
- “Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel.
- “According to the company, support tickets submitted through the platform may have included documents containing client tax information.
- “Ernst & Young (EY) is among the world’s four largest auditing and professional services providers, offering auditing, tax, consulting, and transaction advisory services to major organizations in more than 150 countries.” * * *
- “Ernst & Young says it secured its systems and notified federal law enforcement authorities, while it has assured that the unauthorized access has been removed.
- “The company also states that it is not aware of any misuse or further exposure of the stolen files and has no indication that particular individuals were targeted by the threat actors.”
- CISA added ten known exploited vulnerabilities to its catalog this week.
- July 13, 2026
- CVE-2008-4128 Cisco IOS Cross-Site Request Forgery Vulnerability
- Security Affairs discusses this KVE here.
- CVE-2008-4128 Cisco IOS Cross-Site Request Forgery Vulnerability
- July 14, 2026
- CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
- CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability
- CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
- CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
- July 15, 2026
- CVE-2023-4346 KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability
- CVE-2026-46817 Oracle E-Business Suite Improper Privilege Management Vulnerability
- The Hacker News discusses these KVEs here.
- July 16, 2026
- CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability
- CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability
- CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
- July 13, 2026
- The American Hospital Association News adds,
- “The Cybersecurity and Infrastructure Security Agency has issued an alert warning of four Microsoft SharePoint vulnerabilities being exploited by cyber threat actors. CISA said the vulnerabilities affect all supported on-premises versions of SharePoint Server, including the Subscription Edition, 2019 and 2016. Threat actors can establish remote code execution and perform other actions to deploy malware. CISA said organizations should monitor SharePoint Servers closely for any signs of exploitation or unusual activity. An additional vulnerability was found, but it is not yet known to have been exploited. Microsoft identified it as a potential risk if it is left unpatched. CISA urged organizations to apply the latest patches and security updates from Microsoft, among other recommendations.
- “Nearly everyone using Microsoft products is using SharePoint, the backbone of the Office suite,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “Hospitals with their SharePoint instances housed on premises should pay particular attention to this alert. The common vulnerabilities and exposures listed in the report have patches available, and they should be deployed as soon as possible. Hospitals should also verify that the security measures mentioned are in place.”
- and
- “The Cybersecurity and Infrastructure Security Agency and other U.S. and international agencies released a joint advisory July 13, warning of Russian cyber actors targeting vulnerable network devices, primarily routers, in critical infrastructure sectors globally, including healthcare. The advisory details how the threat actors primarily use scanning to identify poorly configured devices for exploitation. The actors then exfiltrate sensitive information and facilitate malicious activity. The advisory includes recommendations to help defend against potential threats.
- “This malicious cyber activity has been attributed to the Russian Federal Security Bureau, a foreign intelligence agency of the Russian government,” said John Riggi, AHA national advisor for cybersecurity and risk. “Therefore, this represents an advanced and persistent cyber threat targeting U.S. healthcare that should be prioritized. The first step in mitigating this threat and other nation-state cyber threas is to install the latest network router encryption standard, Simple Network Management Protocol v3.”
- Cybersecurity Dive tells us,
- “Businesses should be on guard for a hacking campaign in which attackers spoof OAuth client IDs to collect information about targets’ user directories, the security firm Proofpoint said on Monday.
- “The security firm said it had observed “multiple campaigns at scale abusing spoofed OAuth application identifiers, with distinct tooling, infrastructure, and execution patterns indicating independent adoption by multiple threat actors.”
- “The report explains how organizations should monitor their networks for this reconnaissance technique.”
- Cyberscoop points out,
- “Cyberstalkers are increasingly exploiting a feature in Google Chrome meant for mobile phone user convenience, but can give intruders broad access to a device owner’s private information, according to researchers.
- “Certo Software said in a blog post Tuesday that stalkers are making use of Chrome’s sync capability — meant to make it so signing into Chrome on one device makes it easier to do so on other devices, too — to spy on a phone owner’s browsing history and gain access to their stored passwords.”
- Bleeping Computer adds,
- “A flaw in Anthropic’s Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude’s access to connected services such as Gmail, Google Docs, Google Calendar, and Salesforce.
- ‘The issue was discovered by Ax Sharma of Manifold Security, who says it stems from how the Claude extension determines whether a user intentionally requested one of its built-in tasks.
- “Chrome extensions with permission to run on a website can inject JavaScript into the page, allowing them to read and modify its contents. This includes changing page elements, reading information displayed on a site, and generating click and keyboard events programmatically.
- “According to Manifold’s report, the Claude extension listens for click events on a specific page element that launches one of its built-in AI workflows. These workflows are predefined tasks that allow Claude to perform actions in connected services such as Gmail, Google Docs, Google Calendar, and Salesforce.”
From the ransomware front,
- Cybersecurity Dive reports,
- “Coca-Cola on Thursday said it is investigating a ransomware attack that impacted its Fairlife dairy unit and has suspended production at the company’s U.S. production facilities.
- “In a filing with the Securities and Exchange Commission, the company said it trying to determine the full scope of the attack and what impact it might have on its business. Coca-Cola said the attack has had no effect on the quality and safety of its Fairlife products, which include ultra-filtered, lactose-free milk as well as protein and nutritional shakes.”
- Per a Sophos news release,
- “This year’s data has a few eyebrow-raising departures from the patterns of past State of Ransomware reports. Exploited vulnerabilities lost their three-year grip on the top root-cause spot. Median ransom demands and payments both dropped, yet the average recovery bill still climbed. And small organizations (100-250 employees) are falling further behind their larger peers on the one metric that matters most: stopping the attack before data gets encrypted.
- “The seventh annual Sophos State of Ransomware report is based on a vendor-agnostic survey of 2,158 IT and security leaders whose organizations were hit by ransomware in the last 12 months.
- “Click here to access the full report now.”
- Dark Reading adds,
- “According to Sophos’ survey, malicious email (26%) and phishing (24%) dethroned the three-year reign of vulnerabilities (18%, down from 32%) as the top root cause of ransomware attacks. Two-thirds (67%) of victims also said the ransomware attack they suffered was their most significant identity attack over the past year.
- “With phishing and malicious email now accounting for half of all ransomwareroot causes in this report, organizations should deploy advanced email filtering, implement DMARC/DKIM/SPF protocols, and invest in regular phishing awareness training,” Sophos said. “The shift toward email-based attacks suggests that technical vulnerability patching alone is insufficient.”
- “The third most common root cause of ransomware attacks was also identity related, with compromised credentials used in 23% of cases. This is particularly significant because of one of the most startling findings: Multifactor authentication (MFA) was deployed for 97% of instances where compromised credentials were the root cause of ransomware attacks.” * * *
- While staying patched remains important as always, it appears the fight against ransomware is moving from patch management to identity protection.
- “Organizations should prioritize identity threat detection and response (ITDR), enforce multifactor authentication across all access points, and regularly audit both human and non-human identity credentials,” Sophos said. The vendor stopped short of recommending a specific type of MFA, suggesting the biggest failure wasn’t MFA itself but rather incomplete deployment or perhaps a lack of comprehensive inventorying.”
- InfoSecurity Magazine lets us know,
- “The number of ransomware attacks which target government departments and agencies has risen to the extent that one has its services restricted by encryption every single day.
- “The figure comes from analysis by researchers at Comparitech, who studied ransomware incidents which targeted government entities between January and June 2026.
- The research, published on July 16, recorded that 187 government organizations were hit with ransomware during the first six months of 2026. That represents a 13% increase on the 165 ransomware attacks recorded during the second half of 2025.
- “The increase in recorded ransomware events is notable because the figure of 187 incidents across 182 days means that the average number of ransomware attacks against government bodies now stands at an average of one every day.
- “Of those 187 recorded incidents, just over half (89) were publicly confirmed by the organization which was hit.”
- Bleeping Computers warns
- “A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours.
- “The attack occurred in June and breached an IT services firm in South Asia after compromising an Internet Information Services (IIS) server exposed on the public web.” * * *
- “Symantec’s report provides network indicators and file hashes associated with the documented Spirals attack to help organizations worldwide set up defenses against this threat group.”
From the cybersecurity business and defenses front,
- The Wall Street Journal reports
- “Cybersecurity mergers and acquisitions reached 219 in the first half of 2026, putting the sector on track to surpass last year’s 400 deals.
- “The rush to acquire artificial-intelligence capabilities is driving the surge in cybersecurity dealmaking.
- “Technology and cybersecurity companies accounted for 88% of disclosed cyber acquisition spending in the first half of the year.”
- Cybersecurity Dive relates,
- “Enterprise security teams are incorporating AI into their programs at a faster rate than ever before, but a significant gap exists in the governance policies that are designed to support that expansion, according to a report released Monday by the SANS Institute.
- “Four out of 10 security practitioners said there is no formal policy in their organization for AI adoption, according to the report. More than six of 10 practitioners said they have no visibility into where AI models are being used or what kind of information is being exposed.
- “About 75% of security practitioners have a governance role related to enterprise AI, yet more than half of respondents said there are no established frameworks for AI audits, the report showed.”
- Dark Reading adds,
- “Having completed its $32 billion acquisition of Wiz earlier this year, Google is fulfilling its plan to automate threat detection, investigation, and remediation with a new “agentic defense” platform built around intelligent security agents.
- “Wiz, founded in 2020, quickly became one of the fastest-growing cloud security companies by introducing graph-based analysis to correlate cloud assets, identities, vulnerabilities, and exposures across multicloud environments. The acquisition gives Google a cloud-native security platform that supplements its existing artificial intelligence (AI), threat intelligence, and incident response features.
- “On Monday [July 13], Google revealed it had integrated Wiz attack surface management (ASM) and Google Threat Intelligence (TI). When Wiz ingests posture and workload telemetry from Google Cloud, it enriches detections in real time with Google TI and pushes prioritized exposure data directly into SecOps playbooks and cases, enabling SOC teams to investigate and respond to cloud‑native risks without switching between tools.
- “The integration builds on Google’s AI Threat Defense, launched in May, and other automation capabilities that combine Gemini with Wiz’s scanning, simulation, and remediation to counter AI-powered threats. It leverages the reasoning capabilities of its Gemini AI modeling platform and other frontier models alongside Wiz’s contextual risk prioritization capabilities. Google AI Threat Defense uses Gemini’s code remediation features and CodeMender, along with expertise from Mandiant.”
- Cyberscoop notes,
- “As AI-enabled hacking becomes a bigger threat for cybersecurity and national security, public attention has focused on mainly a few leading frontier AIcompanies developing more powerful large language models.
- “These models, and the billions of dollars behind them matter, but they’re only part of a larger shift. Enterprises are now building their own technology platforms that take these general-purpose LLMs and turn them into bespoke cybersecurity tools.
- “Industry professionals refer to these tools as a “harness.” They control the model’s behavior, limit its risks, and connect it to internal IT systems and networks so it can work reliably at scale.
- “New research from Cato Networks shared exclusively with CyberScoop shows how much power can come from a harness. It paired OpenAI’s ChatGPT 5.5 and GPT 5.5-Cyber models with its own tool and tested the abilities of the agent to hack into a victim network with as little human direction as possible.” * * *
- “Dan Rapp, chief AI and data officer at Proofpoint, said their harness, “Satori,” has become a critical tool for keeping their agentic AI on track while giving humans the ability to step in when things go awry.
- “I think what you’re seeing in the foundation of frontier models is you have raw intelligence, raw reasoning power, but to get these systems to perform the way you want to, both context engineering – the content provided ensuring that its accurate and relevant – and the harness engineering are essential to actually get the systems to perform well,” Rapp told CyberScoop.”
- Dark Reading explains how to “Manage Vendor Risk in a Few Practical Steps.”
- “Risk tolerance, exposure visibility, board oversight — handling third-party risk is complicated but achievable with disciplined, precise governance.”
- Tech Target highlights “Multifactor authentication: 5 examples and strategic use cases.”
- “Before implementing MFA, conduct a careful study to determine which security factors offer the strongest protection. Passwords and PINs aren’t cutting it any longer.”
- Here’s a link to Dark Reading’s CISO Corner.
