DNS-AID will make AI agents easier to discover, says Linux Foundation
As AI agents become more numerous and more communicative, keeping track of where to find them is becoming increasingly important. Numerous proprietary agent ...
CSO Online
20 articles
Certifiably random: Swiss researchers claim perfect random number source
Researchers in Switzerland claim to have built a perfect random number generator from two quantum superconducting chips, a 30-meter-long pipe, and some softw...
Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems
Two arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s...
The Gentlemen are coming for your files, and then your network
Ransomware operators have spent years refining the art of locking files. Now, some are working harder to get those lockers to every reachable system first.
Cybersecurity trends in SEC filings
In 2023, the Securities and Exchange Commission (SEC) required public companies to include a new section in their 10-K annual filings that is devoted to cybe...
GDPR set the tone for regulatory action — and the AI fine pushback to come
Big tech firms continue to push back against fines levied for alleged violations of European data protection law, in what could be a harbinger for AI regulat...
IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise
Open source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But op...
Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects
A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secur...
Indian CERT urges firms to contain exploited internet-facing flaws within 12 hours
India’s cybersecurity agency, CERT-In, has urged organizations to patch, mitigate, or isolate known exploited vulnerabilities affecting internet-facing “crow...
GlassWorm falls, but the repo problem is far from solved
Taking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers.
The AI governance imperative you can’t afford to ignore
CIOs rushing to roll out AI agents without real visibility into their decision-making processes are flirting with disaster. According to AI experts, deployin...
What the industrialization of exploitation means for defenders
For decades, cybersecurity was a battle of skill. Elite attackers versus elite defenders.
Employees are unknowingly inviting tech support impersonators into firms, says FBI
Online or telephone IT support scams have been tricking employees into downloading or clicking on malware for years. But according to the FBI, one group that...
Another IT governance headache: AI-enabled sanction evasion
Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries ...
AI models more vulnerable than claimed when faced with iterative attacks
CISOs relying on LLM runtime guardrails and official safety scores when making security decisions about their organizations’ AI usage and model selection are...
FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework
A single malformed character in a web request can let an unauthenticated attacker slip past the access controls that guard applications built on Starlette, t...
The NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrine
For most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at ident...
DSPM buyer’s guide: Top 10 data security posture management tools
Data security posture management (DSPM) explained Data security posture management (DSPM) tools help security teams examine their entire data environment to ...
Microsoft previews automatic device isolation in Defender for Endpoint
Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cybe...
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD ...