CSO Online

OpenAI launches Aardvark to detect and patch hidden bugs in code

Currently in private beta, the GPT-5-powered security agent scans, reasons, and patches software like a real researcher, ...
CSO Online

Claude AI vulnerability exposes enterprise data through code interpreter exploit

Security researcher demonstrates how attackers can hijack Anthropic’s file upload API to exfiltrate sensitive information, ...
CSO Online

The unified linkage model: A new lens for understanding cyber risk

Cyber threats don’t just hit your systems — they move through your connections. The ULM shows how those hidden links fuel ...
CSO Online

Tips for CISOs switching between industries

Moving between industries isn’t just about experience, it’s about transferring skills, understanding the business, and ...
CSO Online

Aembit Introduces Identity and Access Management for Agentic AI

Aembit developed IAM for Agentic AI through collaboration with large businesses, government organizations, and innovative ...
CSO Online

Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence

The vulnerability, dubbed Brash, can crash browsers within seconds by flooding the document.title API, and Google’s silence ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
CSO Online

Cybersecurity management for boards: Metrics that matter

If your cyber dashboard looks like a tech manual, you’re flying blind. Real leaders measure resilience, not patch counts.
CSO Online

Typo hackers sneak cross-platform credential stealer into 10 npm packages

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...
CSO Online

Atroposia malware kit lowers the bar for cybercrime — and raises the stakes for enterprise defenders

Researchers have discovered an inexpensive, full-featured malware-as-a-service kit combining vulnerability scanning, covert ...
CSO Online

Copilot diagrams could leak corporate emails via indirect prompt injection

A now patched flaw in Microsoft 365 Copilot let attackers turn its diagram tool, Mermaid, into a data exfiltration ...
CSO Online

Critical Microsoft WSUS flaw exploited in wild after insufficient patch

Enterprises are urged to apply out-of-band patches to a wide range of Windows Server versions aimed at fixing a Windows ...