CSO Online

Stopping AiTM attacks: The defenses that actually work after authentication succeeds

AiTM attacks don't steal passwords; they copy the result of a real login. You need to watch what happens after the user logs ...
CSO Online

What CISOs need to get right as identity enters the agentic era

Dustin Wilcox, senior VP and CISO at S&P Global, and Michael Adams, Docusign CISO, share advice for CISOs on securing the ...
CSO Online

Microsoft patched an ‘agent-only’ role that was not

A mis-scoped Agent ID Administrator role in Entra ID allowed users to take ownership of unrelated service principals, ...
CSO Online

The ‘manager of agents’: How AI evolves the SOC analyst role

AI isn't taking over the SOC; it’s turning analysts into "managers of agents" who oversee automated investigations instead of ...
CSO Online

Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor

Admins are being warned by cyber experts from the US and UK that this is part of continuing campaign to crack Cisco firewalls ...
CSO Online

AI is reshaping DevSecOps to bring security closer to the code

Accelerated use of AI in software development is rapidly altering the scope, skills, and strategies involved in securing code ...
CSO Online

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...
CSO Online

Microsoft taps Anthropic’s Mythos to strengthen secure software development

Microsoft plans to integrate Anthropic’s Mythos AI model into its Security Development Lifecycle, a move that suggests ...
CSO Online

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...
CSO Online

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Patching is not enough: applications embedding the insecure library will need to be rebuilt, and affected tokens and cookies ...
CSO Online

The curious case of Sean Plankey’s derailed CISA nomination

Sean Plankey backed out of his CISA director nomination, but why he faced resistance is not a straightforward story.
CSO Online

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

The AI exposed hundreds of bugs in Mozilla’s web browser, raising hopes around defensive advantage, alongside fears of ...