CSO Online

Indian CERT urges firms to contain exploited internet-facing flaws within 12 hours

The cyber agency is pushing aggressive remediation windows, continuous exposure management, and AI governance controls in ...
CSO Online

GlassWorm falls, but the repo problem is far from solved

CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation, but experts say the broader ...
CSO Online

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...
CSO OnlineOpinion

The NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrine

The rise of autonomous AI in warfare has shifted cyber conflict from speed to scale, requiring a new doctrine focused on ...
CSO Online

The AI governance imperative you can’t afford to ignore

Organizations that deploy AI agents without observability processes and tools in place are disasters waiting to happen, some ...
CSO Online

Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise

Your patch management strategy may need an overhaul, as flaw exploitation significantly outpaces credential abuse as the ...
CSO Online

Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic

This means organizations that still treat patching as a quarterly exercise are operating with materially more risk than they ...
CSO Online

AI models more vulnerable than claimed when faced with iterative attacks

Cisco researchers show how leading AI models wither under realistic multi-turn attacks, calling into question the value of ...
CSO Online

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...
CSO Online

Microsoft patches two zero-day flaws in Defender

CISA has added the Microsoft Malware Protection Engine and Microsoft Defender Antimalware Platform vulnerabilities to its KEV ...
CSO Online

New image-based prompt injection attack targets multimodal AI models

Researchers say the technique can manipulate how vision-language models interpret both images and user prompts.
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...