CSO Online

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...
CSO Online

Why some security fixes never reach your vulnerability dashboard

CVE was built to track code flaws with fixes. It’s now being stretched to cover malware and supply chain incidents that don’t ...
CSO Online

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

The latest SHub macOS infostealer variant abandons Terminal-based ClickFix tactics for AppleScript execution, using fake ...
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today ...
CSO Online

GitHub scales back bug bounties, reminds users security is their responsibility too

The cloud code repository asks security researchers to cut out the AI-generated noise and focus on reporting security ...
CSO Online

Contractor’s public GitHub account exposed GovCloud and CISA credentials

This kind of exposure happens with alarming frequency,’ said an expert; here’s what CSOs and CIOs should do to protect ...
CSO Online

Microsoft May security patch fails for some due to boot partition size glitch

Consultants see the problem eating away at valuable patch resources because of a lack of Microsoft update hygiene ...
CSO Online

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
CSO Online

‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit

Elevation of privilege flaw in Cloud Filter driver reappears, raising concerns over regression vulnerabilities in Windows.
CSO Online

Internet Explorer may be dead, but its ghost still runs malware

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...
CSO Online

7 tips for accelerating cyber incident recovery

Speed is of the essence when recovering from a cyberattack. Cyber experts offer tips to help your organization rebound from ...
CSO Online

New image-based prompt injection attack targets multimodal AI models

Researchers say the technique can manipulate how vision-language models interpret both images and user prompts.