CSO Online

AI security needs a shift from models to systems, researchers argue

Enterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, researchers behind a paper published this ...
CSO Online

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
CSO Online

To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data

If you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would do. It’s a situation more companies ...
CSO Online

Contractor’s public GitHub account exposed GovCloud and CISA credentials

This kind of exposure happens with alarming frequency,’ said an expert; here’s what CSOs and CIOs should do to protect ...
CSO Online

Google folds CodeMender into agent ecosystem amid push for AI-led AppSec

Expansion beyond autonomous patching reflects growing emphasis on orchestration, governance, and enterprise trust ...
CSO Online

Microsoft patches two zero-day flaws in Defender

CISA has added the Microsoft Malware Protection Engine and Microsoft Defender Antimalware Platform vulnerabilities to its KEV ...
CSO Online

New image-based prompt injection attack targets multimodal AI models

Researchers say the technique can manipulate how vision-language models interpret both images and user prompts.
CSO Online

FBI warns of Kali Oauth stealers

The FBI has warned of the danger from a new wave of phishing attack s generated by a tool called Kali365. It enables cyber ...
CSO Online

GitHub scales back bug bounties, reminds users security is their responsibility too

The cloud code repository asks security researchers to cut out the AI-generated noise and focus on reporting security ...
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

In its warning, Drupal said a vulnerability in this API allows an attacker to send specially crafted requests resulting in ...
CSO Online

Microsoft May security patch fails for some due to boot partition size glitch

Consultants see the problem eating away at valuable patch resources because of a lack of Microsoft update hygiene ...