CSO Online

Top techniques attackers use to infiltrate your systems today

Popular tool abuse, ClickFix, and identity-based attacks are among the most prevalent techniques bad actors are deploying ...
CSO Online

Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise ...

Microsoft details a cross-tenant social engineering technique that tricks employees into granting remote access and enables ...
CSO Online

Hackers exploit Vercel’s trust in AI integration

Compromised Context.ai integration let attackers inherit Vercel employee access and reach internal systems, exposing a ...
CSO Online

CISOs reshape their roles as business risk strategists

The AI era has accelerated the need for CISOs to function as key risk management players across the business. Here’s how to ...
CSO Online

White House moves to give federal agencies access to Anthropic’s Claude Mythos

The move would allow civilian agencies to access a modified version of Anthropic’s powerful vulnerability‑hunting AI, under ...
CSO Online

Behind the Mythos hype, Glasswing has just one confirmed CVE

As hype builds around Anthropic’s offensive AI model, VulnCheck’s analysis finds just one confirmed CVE tied directly to ...
CSO Online

Cisco Webex SSO flaw needs manual certificate update to fix

The cloud-based Webex service has already been patched, but admins must replace an identity provider certificate in Webex ...
CSO Online

Another Microsoft Defender privilege escalation bug emerges days after patch

New PoC shows how Microsoft Defender can be tricked into rewriting malicious files into protected locations, enabling ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
CSO Online

The deepfake dilemma: From financial fraud to reputational crisis

The "familiar voice" test is dead. Now that AI can mimic a CEO in seconds, businesses need to treat every unauthenticated ...
CSO Online

Insurance carriers quietly back away from covering AI outputs

Many insurers have begun to exempt AI workloads from cybersecurity and errors and omissions coverage, saying their outputs ...
CSO Online

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

This month’s threat landscape is ‘defined by immediate, real-world exploitation rather than just theoretical vulnerabilities, ...