CSO Online

AI agents can bypass guardrails and put credentials at risk, Okta study finds

An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent ...
CSOonline

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini ...
CSO Online

Max-severity RCE flaw found in Google Gemini CLI

Security researchers warn that a vulnerability in the widely used Gemini CLI could allow remote code execution in CI/CD ...
CSO Online

Windows shell spoofing vulnerability puts sensitive data at risk

A flaw remaining after the February patch of a zero day is already being exploited, and slow patch cycles in both government ...
CSO Online

ODNI to CISOs on threat assessments: You’re on your own

The 2026 Annual Threat Assessment from the ODNI marks a departure from systemic state-actor tracking, signaling that the ...
CSOonline

AWS leans on prior ingenuity to face future AI and quantum threats

Amazon Web Services has launched numerous security innovations in its first two decades. Three in particular will play key roles in how the hyperscaler responds to some of the most challenging cyber ...
CSO Online

AI is reshaping DevSecOps to bring security closer to the code

Accelerated use of AI in software development is rapidly altering the scope, skills, and strategies involved in securing code ...
CSO Online

Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators

The US Cybersecurity and Infrastructure Security Agency (CISA) has asked owners and operators of operational technology to ...
CSO Online

Managing OT risk at scale: Why OT cyber decisions are leadership decisions

Protecting industrial tech isn't just about better tools; it’s about leaders deciding in advance who calls the shots when a ...
CSO Online

Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years

Targeting high-precision floating-point arithmetic operations in engineering modeling software, Fast16 may now be the ...
CSO Online

Human-centric failures: Why BEC continues to work despite MFA

Hackers don't need to break your MFA if they can just trick your team into sending money, which is why your "unauthorized ...