CSO Online

The innovative CISO’s bucket list: Human-led transformation at the core

Today’s CISOs want less firefighting and more impact, using AI to clear busywork, unite teams and refocus security on people ...
CSO Online

WhatsApp accounts targeted in ‘GhostPairing’ attack

A new attack abusing a legitimate device pairing feature of the app could be used to penetrate employee WhatsApp Groups.
CSO Online

Cisco confirms zero-day exploitation of Secure Email products

The unpatched flaw affects AsyncOS-based Secure Email appliances, with Cisco investigating scope and urging rebuilds in ...
CSO Online

Human-in-the-loop isn’t enough: New attack turns AI safeguards into exploits

Human-in-the-loop (HITL) safeguards that AI agents rely on can be subverted, allowing attackers to weaponize them to run ...
CSO Online

HPE OneView vulnerable to remote code execution attack

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately.
CSO Online

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
CSO Online

D&O liability protection rising for security leaders — unless you’re a midtier CISO

Smaller firms are less likely to protect CISOs from personal liability for security breaches, ‘which can deter highly ...
CSO Online

Microsoft warns MSMQ may fail after update, breaking apps

A security update issued on December Patch Tuesday changes the MSMQ security model, causing failures in programs ranging from ...
CSO Online

The devil of proposed SEC AI disclosure rule is in the details

The proposed rule from an SEC committee will force CIOs, CISOs, and other execs to analyze and report all manner of AI ...
CSO Online

JumpCloud agent turns uninstall into a system shortcut

The bug lets attackers with local access elevate to “system” or destabilize machines through unsafe privilege file operations ...
CSO Online

‘Ink Dragon’ threat group targets IIS servers to build stealthy global network

A Chinese-linked threat group identified as “Ink Dragon” is targeting common weaknesses in Internet Information Services (IIS ...
CSO Online

The mistold story of a software failure that grounded 6,000 jets

The impact on the Airbus A320 fleet and the airlines that have deployed them would be widespread. Potentially, 6,000 planes ...