CSO Online

Patch windows collapse as time-to-exploit accelerates

AI and the industrialization of cybercrime are helping attackers double the number of high- and critical-severity known ...
CSO Online

Weak at the seams

We’ve spent billions on security tools, but we’re still falling behind because our systems are too tightly coupled. One tiny ...
CSO Online

New ClickFix variant bypasses Apple safeguards with one‑click script execution

Jamf finds a ClickFix variant that swaps copy-paste Terminal lures for Script Editor execution, tightening delivery of Atomic ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
CSO Online

Yael Nardi joins Minimus as Chief Business Officer to drive hyper-growth

Minimus, a provider of hardened container images and secure container images designed to reduce CVE risk, today announced the ...
CSO Online

Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites

Operational disruptions and financial losses have already been reported, and six federal agencies say the campaign is ongoing ...
CSO Online

The tabletop exercise grows up

The tabletop is ready to grow up. Whether your program is ready to grow with it depends less on the technology than on your ...
CSO Online

Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

By altering DNS settings on vulnerable devices, Forest Blizzard redirects users to malicious infrastructure to capture ...
CSO Online

Questions raised about how LinkedIn uses the petabytes of data it collects

A European company selling browser extensions that leverage LinkedIn data is accusing the Microsoft unit of using its data to ...
CSO Online

What Anthropic Glasswing reveals about the future of vulnerability discovery

A closed consortium including tech giants and top security vendors gets early access to a model Anthropic says can ...
CSO OnlineOpinion

LLM-generated passwords are indefensible. Your codebase may already prove it

Stop letting AI pick your passwords. They follow predictable patterns instead of being truly random, making them easy for ...
CSO Online

Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents

The open-source project maps directly to OWASP’s top 10 agentic AI threats, aiming to curb issues like prompt injection, ...