CSO Online

Max-severity RCE flaw found in Google Gemini CLI

Security researchers warn that a vulnerability in the widely used Gemini CLI could allow remote code execution in CI/CD ...
CSO Online

ODNI to CISOs on threat assessments: You’re on your own

The 2026 Annual Threat Assessment from the ODNI marks a departure from systemic state-actor tracking, signaling that the ...
CSO Online

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
CSO Online

Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators

The US Cybersecurity and Infrastructure Security Agency (CISA) has asked owners and operators of operational technology to ...
CSO OnlineOpinion

Stopping the quiet drift toward excessive agency with re-permissioning

Treating AI agents like "harmless helpers" is a disaster in the making. If you don't audit their access now, your automation ...
CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
CSO Online

AWS leans on prior ingenuity to face future AI and quantum threats

Amazon Web Services has launched numerous security innovations in its first two decades. Three in particular will play key ...
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...
CSO Online

Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years

Targeting high-precision floating-point arithmetic operations in engineering modeling software, Fast16 may now be the ...
CSO Online

What CISOs need to get right as identity enters the agentic era

Dustin Wilcox, senior VP and CISO at S&P Global, and Michael Adams, Docusign CISO, share advice for CISOs on securing the ...
CSO Online

Critical Cursor bug could turn routine Git into RCE

A flaw in Cursor’s AI agent lets malicious repositories trigger arbitrary code execution through routine Git operations, now ...
CSO Online

Stopping AiTM attacks: The defenses that actually work after authentication succeeds

AiTM attacks don't steal passwords; they copy the result of a real login. You need to watch what happens after the user logs ...