CSO Online

Microsoft’s Windows Recall still allows silent data extraction

A cybersecurity researcher says Recall’s redesigned security model does not stop same-user malware from accessing plaintext ...
CSO Online

Behind the Mythos hype, Glasswing has just one confirmed CVE

As hype builds around Anthropic’s offensive AI model, VulnCheck’s analysis finds just one confirmed CVE tied directly to ...
CSO Online

Insurance carriers quietly back away from covering AI outputs

Many insurers have begun to exempt AI workloads from cybersecurity and errors and omissions coverage, saying their outputs ...
CSO OnlineOpinion

The endless CISO reporting line debate — and what it says about cybersecurity leadership

It’s 2026 and we’re still arguing about who the CISO reports to. The truth? The chart matters less than whether the CISO has ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...
CSO Online

The need for a board-level definition of cyber resilience

Boards are now legally on the hook for cyber resilience, but nobody agrees on what it actually means. It’s time to stop ...
CSO Online

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

This month’s threat landscape is ‘defined by immediate, real-world exploitation rather than just theoretical vulnerabilities, ...
CSO Online

Anthropic’s Mythos signals a structural cybersecurity shift

Claude Mythos Preview won’t break cybersecurity, but two new analyses shed light on how it is compressing exploit windows and ...
CSO Online

Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action

Built by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives ...
CSO Online

Copilot and Agentforce fall to form-based prompt injection tricks

Prompt injection flaws in Microsoft Copilot Studio and Salesforce Agentforce let attackers weaponize form inputs to override ...
CSO Online

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional authentication is incapable of securing AI agents, the company says, as it announces Access Intelligence.
CSO Online

The deepfake dilemma: From financial fraud to reputational crisis

The "familiar voice" test is dead. Now that AI can mimic a CEO in seconds, businesses need to treat every unauthenticated ...