CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
CSO Online

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

Reclassified as a remote code execution flaw, the F5 BIG-IP APM vulnerability has been upgraded to CVSS 9.8, requiring ...
CSO Online

OpenAI patches twin leaks as Codex slips and ChatGPT spills

Command injection in Codex and a hidden outbound channel in ChatGPT exposed risks of credential theft and covert data ...
CSO OnlineOpinion

The external pressures redefining cybersecurity risk

Your security is only as strong as your sketchiest vendor; since 35% of breaches start with partners, it's time to worry ...
CSO Online

6 key takeaways from RSA Conference 2026

This year’s RSAC delivered on its anticipated emphasis on AI but with some surprises as to how CISOs should rethink ...
CSO Online

Anthropic employee error exposes Claude Code source

A version of the AI coding tool in Anthropic's npm registry included a source map file, which leads to the full proprietary ...
CSO Online

8 ways to bolster your security posture on the cheap

Cutting costs while boosting cybersecurity? What seems to be a contradiction can prove effective with the right approach.
CSO Online

Fortinet hit by another exploited cybersecurity flaw

A critical SQL injection flaw in FortiClient EMS allows remote code execution and data exfiltration, leaving thousands of ...
CSO Online

Your MFA isn’t broken — it’s being bypassed, and your employees can’t tell the difference

Hackers aren't "breaking" your MFA anymore — they’re just riding shotgun during your login to steal the session token right ...
CSO Online

The insider threat rises again

Insiders have always posed a risk, but modern technologies, tactics, and motivations have increased the threat, likelihood, ...
CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...
CSO Online

Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases

The draft blog post describes a compute‑intensive LLM with advanced reasoning that Anthropic plans to roll out cautiously, starting with enterprise security teams.