CSO US First Look
The day's top cybersecurity news and in-depth coverage
May 15, 2025
CISA adds the notorious TeleMessage flaw to KEV list
TeleMessage TM SGNL, a version of the Signal messaging app, contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.
Read more
Spain to vet power plantsâ cybersecurity for âgreat blackoutâ cause
The Spanish government is gathering information on the cybersecurity measures of the countryâs small electricity generating companies to assess whether malicious actors exploited them to take down the countryâs electricity grid, according to Financial Times.
Ivanti patches two EPMM flaws exploited in the wild
The vulnerabilities located in third-party open-source libraries impact Ivantiâs mobile device management appliance and can lead to unauthenticated remote code execution.
Patch Tuesday for May: Five zero day vulnerabilities CISOs should focus on
Five of the Microsoft 70 vulnerabilities already under attack, and SAP and Zoom flaws are equally critical.
Deepfake attacks are inevitable. CISOs canât prepare soon enough.
Security leaders must develop a multi-layered strategy to defend against deepfake voice and video attacks, which experts expect to increase quickly in volume and effectiveness.
