Beware the ‘son of Mythos,’ security experts warn
LONDON — Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to t...
CSO Online
20 articles
Hole in GitHub’s browser-based VSCode editor could lead to stolen token
A vulnerability in GitHub’s browser-based VSCode editor could lead to the theft of a developer’s token under certain circumstances, says a researcher. The is...
Enterprise Spotlight: Rethinking cloud strategy in the age of AI
Cloud computing has reached a crossroads. The high cost and data sensitivity of AI workloads are raising the appeal of private clouds, even as neoclouds and ...
Microsoft wants to put AI agents on a short leash
As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from ...
AI may finally unlock the cyber budgets CISOs have wanted for years
For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state i...
Lessons from the Canvas cyberattack
Canvas cyberattack: Who, what, when, how? What and when?
Anthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructure
Anthropic on Tuesday announced that it was adding 150 more companies to its Project Glasswing AI-based vulnerability hunting initiative, with a particular fo...
Two-year old Oracle WebLogic Server vulnerability is being exploited
US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could all...
HP Poly VoIP vulnerability sets the stage for executive voice deepfakes
HP has released patches for a critical buffer overflow vulnerability in multiple IP-enabled conference phones from its Poly Voice line. The flaw allows unaut...
Trump revives parts of canceled AI order with cybersecurity-focused directive
US President Donald Trump signed an executive order aimed at strengthening cybersecurity defenses and establishing a voluntary framework for cooperation betw...
Infected Red Hat npm packages expose developer credentials
Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers ...
Attackers exploit Palo Alto GlobalProtect flaw days after disclosure
A Palo Alto Networks vulnerability that allows attackers to establish unauthorized VPN access into corporate networks is being actively exploited in the wild...
Attack targeting OpenAI Codex users exposes AI software supply chain risks
A malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published c...
7 tabletop exercise mistakes that sabotage incident response
Discussion-based, low-stress simulations during which IT, legal, and other key leadership stakeholders walk through theoretical scenarios to test their prepa...
Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’
Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that ...
Flowise’s MCP implementation can run ghost commands
Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Research...
6 critical security gaps every CISO must address
CISOs acknowledge that no organization is completely safe, but many also admit their security measures aren’t where they’d like them to be. One-third of CISO...
Press Release: CSO30 ASEAN & Hong Kong Awards 2026 open for nominations
>The CSO30 ASEAN & Hong Kong Awards return in 2026, as an important moment to recognise the cybersecurity leaders and teams who are making resilience measura...
Russia-aligned crime group Greyvibe extensively uses AI in attacks
Researchers have uncovered a previously undocumented Russian group that makes extensive use of large language models (LLMs) in its attacks against private, g...
Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty
Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cyber...