CSO Online

OpenAI responds to White House executive order on AI governance

The company is willing to have its frontier AI models evaluated by federal experts before release, but it wants AI developers ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
CSO Online

US government report slams NIST for NVD backlog

NIST’s lack of strategic planning and decisive action have allowed the backlog of unprocessed vulnerabilities to continue ...
CSO Online

Infected Red Hat npm packages expose developer credentials

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through ...
CSO Online

Microsoft identifies seven new ways AI agents can be hacked

The more you look at AI agents, the more it seems can go wrong with them, so Microsoft has extended its taxonomy of failure ...
CSO Online

Claude Code has an MCP security problem — and your developers are already using it

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...
CSO Online

Beware the ‘son of Mythos,’ security experts warn

As access to vulnerability discovery tools from Anthropic and OpenAI expands, Infosecurity Europe speakers warn of the next ...
CSO Online

AI tools becoming hot commodities on ransomware marketplaces

Offers of weaponized and abused AI capabilities have erupted across underground ransomware forums, while criminal operators ...
CSO Online

AI may finally unlock the cyber budgets CISOs have wanted for years

Autonomous AI systems are reshaping enterprise security, creating an unprecedented expansion of risk just as business leaders ...
CSO Online

Trump revives parts of canceled AI order with cybersecurity-focused directive

Less than two weeks after canceling a broader AI executive order, the White House issued a directive focused on cybersecurity ...
CSO Online

Microsoft wants to put AI agents on a short leash

At Build 2026, Microsoft unveiled a new containment framework for autonomous AI agents, expanded its MDASH vulnerability ...
CSO Online

Two-year old Oracle WebLogic Server vulnerability is being exploited

Its inclusion in the US CISA catalog of known exploited vulnerabilities is a warning to admins that patching is needed now.