CSO Online

AI may finally unlock the cyber budgets CISOs have wanted for years

Autonomous AI systems are reshaping enterprise security, creating an unprecedented expansion of risk just as business leaders ...
CSO Online

Lessons from the Canvas cyberattack

While these remain useful, the Canvas incident demonstrates that such controls alone do not guarantee operational security ...
CSO Online

Microsoft wants to put AI agents on a short leash

At Build 2026, Microsoft unveiled a new containment framework for autonomous AI agents, expanded its MDASH vulnerability ...
CSO Online

Two-year old Oracle WebLogic Server vulnerability is being exploited

Its inclusion in the US CISA catalog of known exploited vulnerabilities is a warning to admins that patching is needed now.
CSO Online

Trump revives parts of canceled AI order with cybersecurity-focused directive

Less than two weeks after canceling a broader AI executive order, the White House issued a directive focused on cybersecurity ...
CSO Online

Infected Red Hat npm packages expose developer credentials

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through ...
CSO Online

Anthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructure

As the number of vulnerabilities identified soars, analysts see a patch development bottleneck as the big problem; vendors ...
CSO Online

HP Poly VoIP vulnerability sets the stage for executive voice deepfakes

The remote code execution flaw enables root access and voice attacks on HP Poly VoIP phones, including eavesdropping and the ...
CSO Online

Attackers exploit Palo Alto GlobalProtect flaw days after disclosure

The credential-less authentication bypass offers attackers a stealthy route into enterprise networks without malware, ...
CSO Online

7 tabletop exercise mistakes that sabotage incident response

Tabletop scenarios offer the opportunity to test incident response playbooks and develop decision-making skills, but only ...
CSO Online

Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’

Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to ...
CSO Online

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...