CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
CSO Online

AWS leans on prior ingenuity to face future AI and quantum threats

Amazon Web Services has launched numerous security innovations in its first two decades. Three in particular will play key ...
CSO Online

Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years

Targeting high-precision floating-point arithmetic operations in engineering modeling software, Fast16 may now be the ...
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...
CSO Online

Stopping AiTM attacks: The defenses that actually work after authentication succeeds

AiTM attacks don't steal passwords; they copy the result of a real login. You need to watch what happens after the user logs ...
CSO Online

AI is reshaping DevSecOps to bring security closer to the code

Accelerated use of AI in software development is rapidly altering the scope, skills, and strategies involved in securing code ...
CSO Online

Critical Cursor bug could turn routine Git into RCE

A flaw in Cursor’s AI agent lets malicious repositories trigger arbitrary code execution through routine Git operations, now ...
CSO Online

The ‘manager of agents’: How AI evolves the SOC analyst role

AI isn't taking over the SOC; it’s turning analysts into "managers of agents" who oversee automated investigations instead of ...
CSO Online

Securing RAG pipelines in enterprise SaaS

Connecting an LLM to your proprietary data via RAG is a massive liability; without document-level access controls, your AI is ...
CSO Online

Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor

Admins are being warned by cyber experts from the US and UK that this is part of continuing campaign to crack Cisco firewalls ...
CSO Online

Microsoft patched an ‘agent-only’ role that was not

A mis-scoped Agent ID Administrator role in Entra ID allowed users to take ownership of unrelated service principals, ...
CSO Online

New US House privacy bills raise hard questions about enterprise data collection

The SECURE Data Act and GUARD Financial Data Act are unlikely to pass, but they preview the privacy fights CIOs, CISOs, and ...