CSO Online

Claude in Chrome is taking orders from the wrong extensions

Security researchers warn that Anthropic’s Claude in Chrome extension can be abused by malicious extensions that exploit ...
CSO Online

Iranian state-backed spies pose as ransomware slingers in false flag attacks

MuddyWater is muddying the waters of incident response with a ruse to cover data exfiltration and cyber-sabotage, according ...
CSO Online

Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile

The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of ...
CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
CSO Online

Ollama vulnerability highlights danger of AI frameworks with unrestricted access

Dubbed Bleeding Llama, the flaw gives attackers direct access to sensitive data stored in the most popular framework for ...
CSO Online

Pen tests show AI security flaws far more severe than legacy software bugs

Penetration tests of AI systems expose significantly higher severe-flaw density when compared to legacy apps. New attack ...
CSOonline

Critical Palo Alto Networks software bug hits exposed firewalls

A critical PAN-OS vulnerability affecting the User-ID Authentication Portal is being actively exploited to achieve unauthenticated remote code execution with root privileges on exposed firewalls. Palo ...
CSO Online

Poisoned truth: The quiet security threat inside enterprise AI

Enterprise AI systems can be corrupted through data poisoned by accident, adversaries, or bad hygiene. Most organizations ...
CSOonline

Bots in translation: Can AI really fix SIEM rule sprawl across vendors?

Enterprises migrating between SIEM platforms often have to manually rewrite detection rules because vendors such as Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use different query ...
CSO Online

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A previously undocumented .NET trojan and its companion Pheno plugin allow attackers to capture mobile authentication codes ...