CSO Online

White House moves to give federal agencies access to Anthropic’s Claude Mythos

The move would allow civilian agencies to access a modified version of Anthropic’s powerful vulnerability‑hunting AI, under ...
CSO Online

Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances

The U.S. tech giant Palo Alto Networks is one of the few companies selected by the AI firm Anthropic to participate in the ...
CSO Online

Caught, Quarantined, Re-installed: RedSun turns Microsoft Defender on itself

New PoC shows how Microsoft Defender can be tricked into rewriting malicious files into protected locations, enabling ...
CSO Online

Cisco Webex SSO flaw needs manual certificate update to fix

The cloud-based Webex service has already been patched, but admins must replace an identity provider certificate in Webex ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
CSO Online

NIST cuts down CVE analysis amid vulnerability overload

The agency will only add enrichment details to CVEs in limited cases going forward, prioritizing known exploited flaws and vaguely defined ‘critical software.’ ...
CSO OnlineOpinion

The endless CISO reporting line debate — and what it says about cybersecurity leadership

It’s 2026 and we’re still arguing about who the CISO reports to. The truth? The chart matters less than whether the CISO has ...
CSO Online

Insurance carriers quietly back away from covering AI outputs

Many insurers have begun to exempt AI workloads from cybersecurity and errors and omissions coverage, saying their outputs ...
CSO Online

Behind the Mythos hype, Glasswing has just one confirmed CVE

As hype builds around Anthropic’s offensive AI model, VulnCheck’s analysis finds just one confirmed CVE tied directly to ...
CSO Online

Microsoft’s Windows Recall still allows silent data extraction

A cybersecurity researcher says Recall’s redesigned security model does not stop same-user malware from accessing plaintext ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...
CSO Online

The need for a board-level definition of cyber resilience

Boards are now legally on the hook for cyber resilience, but nobody agrees on what it actually means. It’s time to stop ...