CSO Online

OpenAI responds to White House executive order on AI governance

The company is willing to have its frontier AI models evaluated by federal experts before release, but it wants AI developers ...
CSO Online

Beware the ‘son of Mythos,’ security experts warn

As access to vulnerability discovery tools from Anthropic and OpenAI expands, Infosecurity Europe speakers warn of the next ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
CSO Online

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...
CSO Online

Microsoft wants to put AI agents on a short leash

At Build 2026, Microsoft unveiled a new containment framework for autonomous AI agents, expanded its MDASH vulnerability ...
CSO Online

AI may finally unlock the cyber budgets CISOs have wanted for years

Autonomous AI systems are reshaping enterprise security, creating an unprecedented expansion of risk just as business leaders ...
CSO Online

Two-year old Oracle WebLogic Server vulnerability is being exploited

Its inclusion in the US CISA catalog of known exploited vulnerabilities is a warning to admins that patching is needed now.
CSO Online

Anthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructure

As the number of vulnerabilities identified soars, analysts see a patch development bottleneck as the big problem; vendors ...
CSO Online

Attackers exploit Palo Alto GlobalProtect flaw days after disclosure

The credential-less authentication bypass offers attackers a stealthy route into enterprise networks without malware, ...
CSO Online

Lessons from the Canvas cyberattack

While these remain useful, the Canvas incident demonstrates that such controls alone do not guarantee operational security ...
CSO Online

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...
CSO Online

Infected Red Hat npm packages expose developer credentials

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through ...