Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

How QR code attacks work and how to protect yourself
While QR codes are convenient, they also present significant risks. In the past few years, cybercriminals have increasingly turned to these codes as a tool to carry out scams.

The CISO’s bookshelf: 10 must-reads for security leaders
Discover essential reads for CISOs in this curated list of books covering cybersecurity leadership, risk management, zero trust, board communication, and more.

Can AI-powered gamified simulations help cybersecurity teams keep up?
Traditional training often lacks the hands-on experience cybersecurity teams need to counter advanced threats. AI-powered gamified simulations combine artificial intelligence with interactive learning to enhance their skills.

AI threats and workforce shortages put pressure on security leaders
In this Help Net Security video, John Grancarich, Fortra’s Chief Strategy Officer, discusses the 2025 Fortra State of Cybersecurity Survey and highlights escalating concerns among security professionals about AI-driven threats and a shortage of cybersecurity skills.

Why multi-cloud security needs a fresh approach to stay resilient
As enterprises expand their multi-cloud strategies to drive agility and scalability, CISOs must prioritize cyber resilience across diverse cloud platforms. The complexities of securing multi-cloud environments demand innovative solutions to maintain a strong security posture.

Scammers take over social media
In this Help Net Security video, Luis Corrons, Security Evangelist at Gen, discusses a new Gen report that highlights a troubling trend: social media has become a prime target for cybercriminals, who are leveraging AI-driven scams, malvertising, and phishing tactics to exploit users at scale.

CISO vs. CIO: Where security and IT leadership clash (and how to fix it)
The dynamic between CISOs and CIOs has always been complex. While both roles are essential to an organization’s success, their priorities often put them at odds.

Why a push for encryption backdoors is a global security risk
Governments in the UK, US, and Europe are pressuring tech companies to weaken encryption in the name of security. The latest push from the UK government demanding Apple create a backdoor to encrypted iCloud data is just one example, one that should alarm privacy advocates, businesses, and governments.

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation
In this Help Net Security interview, Matthew Darlage, CISO at Citizens, discusses key strategies for strengthening cyber resilience in banks.

Innovation vs. security: Managing shadow AI risks
In this Help Net Security video, Tim Morris, Chief Security Advisor at Tanium, shares practical best practices to help organizations balance innovation and security while leveraging AI.

Review: The Chief AI Officer’s Handbook
The Chief AI Officer’s Handbook is a comprehensive resource for professionals navigating AI implementation and strategy. It is particularly valuable for Chief AI Officers (CAIOs), offering guidance on defining their role and executing AI-driven business strategies.

Online crime-as-a-service skyrockets with 24,000 users selling attack tools
The growth of AI-based technology has introduced new challenges, making remote identity verification systems more vulnerable to attacks, according to iProov.

Commix: Open-source OS command injection exploitation tool
Commix is an open-source penetration testing tool designed to automate the detection and exploitation of command injection vulnerabilities, streamlining security assessments for researchers and ethical hackers.

The 5 stages of incident response grief
Whether we recognize it or not, anytime an incident occurs, it sets off the grieving process. But grief isn’t a bad thing: it’s how we process our emotional reactions and move on.

Fix Inventory: Open-source cloud asset inventory tool
Fix Inventory is an open-source tool for detecting compliance and security risks in cloud infrastructure accounts.

Prioritizing data and identity security in 2025
For both businesses and individuals, the need for stronger data protection has never been clearer—but many aren’t sure where to begin.

89% of enterprise AI usage is invisible to the organization
Organizations have zero visibility into 89% of AI usage, despite security policies according to a LayerX report.

How to prevent data leakage in collaboration tools like Slack and Teams
In recent years, collaboration tools have become an absolute necessity for remote and hybrid work. This primarily increased during the COVID-19 pandemic due to the impossibility of communicating in person. So, tools like Slack, Microsoft Teams, and Zoom surged in popularity, enabling employees to stay connected despite physical distances.

Cybersecurity jobs available right now: March 4, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field, with opportunities available both in the USA and around the world. Check out this weekly selection of cybersecurity jobs available right now.

eBook: What does it take to be a full-fledged virtual CISO?
This eBook provides answers gleaned from some of the best vCISOs in the world – people who have successfully scaled their vCISO services without adding personnel or expensive infrastructure. It explains the minimal requirements for a vCISO practice.

New infosec products of the week: March 7, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Outpost24, Palo Alto Networks, Red Canary, and Sonatype.