CSO Online

Ivanti patches critical Sentry flaws that lead to full device takeover

Two vulnerabilities in the secure mobile gateway appliance allow unauthenticated attackers to bypass authentication and ...
CSO Online

Autonomous AI agents duped into leaking sensitive data in phishing test

Security researchers show email-enabled agents shared AWS keys and CRM exports despite built-in safety prompts.
CSO Online

CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice

A new CISA directive moves federal agencies beyond severity scores and toward a risk-based patching model that prioritizes ...
CSO Online

Microsoft feud escalates as researcher drops new Windows zero-day

The long-running feud between Microsoft and security researcher Nightmare Eclipse has entered a new chapter. Eclipse, who has ...
CSO Online

June Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’

AI discovery is increasing the count of zero days and other CVEs, so enterprises should prepare for larger Patch Tuesdays in ...
CSO Online

AI red teaming comes of age

As enterprises rush to deploy copilots and autonomous agents, security teams are discovering that testing AI systems requires ...
CSO Online

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
CSO Online

Anthropic releases Mythos-class Fable 5 model with safeguards for cyber risks

Claude Fable 5 brings previously restricted Mythos-class AI capabilities to general users with automated guardrails to ...
CSO Online

UK move to filter photos and messages triggers encryption worries for CISOs

Whether or not encrypted data would be put at risk comes down to one unknown: Would this analysis happen solely on the device ...
CSO Online

Enterprises know AI-generated code is vulnerable; they’re shipping it anyway

As AI systems discover and exploit flaws at unprecedented speed, organizations are still deploying software they know ...
CSO Online

AI worm prototype shows attackers don’t need Mythos to take over your network

University of Toronto researchers demonstrate how open-weight local LLMs can be used to autonomously exploit flaws and ...
CSO Online

Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol

Organizations that delayed retiring the legacy IKEv1 VPN protocol are now facing an actively exploited authentication bypass ...