CSO Online

Why your AI strategy stops where the PLC starts: Hard lessons from the OT frontlines

High-tech AI dashboards are just expensive illusions if they ignore the unpatched legacy tech that keeps your entire ...
CSO Online

Identity as the primary attack surface: What modern breaches are really exploiting

Hackers aren't breaking through firewalls anymore; they are just logging in with stolen credentials, meaning your identity ...
CSO Online

Google folds CodeMender into agent ecosystem amid push for AI-led AppSec

Expansion beyond autonomous patching reflects growing emphasis on orchestration, governance, and enterprise trust ...
CSO Online

Microsoft patches two zero-day flaws in Defender

CISA has added the Microsoft Malware Protection Engine and Microsoft Defender Antimalware Platform vulnerabilities to its KEV ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
CSO Online

Microsoft releases open-source tools to operationalize AI agent safety

Rampart turns red-team findings into repeatable tests; Clarity documents and validates agent design assumptions before code ...
CSO Online

AI becoming an SOC imperative for curtailing emerging cyber threats

Security experts urge cyber leaders to evolve their operations from reactive monitoring to autonomous, real-time protection.
CSOonline

Critical vulnerability in Cisco Secure Workload rated at maximum severity

A critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling them to compromise ...
CSO Online

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...
CSO Online

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

The latest SHub macOS infostealer variant abandons Terminal-based ClickFix tactics for AppleScript execution, using fake ...
CSO Online

Why some security fixes never reach your vulnerability dashboard

CVE was built to track code flaws with fixes. It’s now being stretched to cover malware and supply chain incidents that don’t ...
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today ...