In this month’s round-up, discover why CISOs are burning out under impossible pressure, how AI is shaking up cybersecurity on both sides of the fight, and why the human factor remains the biggest vulnerability, even the strongest defenses can’t ignore it.

Why CISOs are burned out and what we can do about it

Source: The Chanel Co, UK

Our CISO Advisor, Rinki Sethi, sheds light on the growing burnout among CISOs, driven not just by workload but by a deep disconnect between responsibility and authority. She highlights how security leaders are expected to manage business-wide risk without the influence, clarity, or resources to do it effectively. This is not a personal failing but a systemic issue that requires cultural, structural, and leadership-level change. Her message is a call to rethink how we define, support, and sustain security leadership.

AI-powered attacks rise as CISOs prioritize AI security risks

Source: Cybersecurity Dive

AI is shaking up cybersecurity in a big way. One in four CISOs faced AI-powered attacks last year pushing AI risks to the top of their watchlists. These sneaky threats mimic human behavior so well they slip past traditional defenses leaving security teams scrambling to lock down their own AI tools and keep employee use in check. But here is the twist. CISOs are not just on defense. They are eager to put AI on offense betting it will revolutionize security tasks like SOC monitoring penetration testing and threat modeling. With nearly 70 percent of companies already using AI agents many built in-house cybersecurity is rapidly evolving into an AI-driven battleground where risks and opportunities collide.

CISA warns hackers are actively exploiting critical CitrixBleed 2

Source: Tech Radar

A new critical threat is shaking up federal and enterprise security teams - CitrixBleed 2. Discovered just weeks ago, this vulnerability (CVE-2025-5777) is already being actively exploited to steal sensitive data like session tokens and credentials from unpatched Citrix NetScaler ADC and Gateway devices. The flaw, caused by poor input validation, allows attackers to extract memory contents without even needing to log in. CISA isn’t taking any chances—it added the bug to its Known Exploited Vulnerabilities catalog and gave federal agencies just 24 hours to patch, instead of the usual 21 days. With major firms observing a spike in scanning activity, this is a red-alert moment for CISOs to ensure their systems are secured before attackers strike.

The CISO’s challenge: Getting colleagues to understand what you do

Source: CSO Online

CISOs carry significant responsibility for cybersecurity but frequently lack the authority to match, leading to confusion about their role within organizations. Their duties vary widely based on the company’s cybersecurity maturity, ranging from technical problem-solving to strategic leadership. This inconsistency creates misunderstandings, misaligned expectations, and potential legal risks. Because formal power is often limited, successful CISOs define their own roles, tailor communication to different stakeholders’ priorities, build trust through collaboration, and focus on enabling risk management across the business rather than trying to control every decision. Clear role definition and strong relationships are essential for CISOs to effectively protect their organizations.'

Qantas attack reveals one phone call is all it takes to crack cybersecurity’s weakest link: humans

Source: The Guardian

The Qantas cyberattack exposed the personal data of up to 6 million customers after hackers used a social engineering tactic known as vishing, a phone-based scam targeting an offshore IT call center. By impersonating staff, the attackers gained access to a third-party system despite existing security measures. This breach highlights how even sophisticated cybersecurity defenses can be bypassed through human manipulation. It underscores the urgent need for stronger controls and training around third-party access and social engineering risks.