CSO Online

Possible software supply chain attack through AWS CodeBuild service blunted

Wiz researchers investigated and found the core of the flaw, a threat actor ID bypass due to unanchored regexes, and notified ...
CSO Online

Researchers warn of long‑running FortiSIEM root exploit vector as new CVE emerges

The latest phMonitor vulnerability continues a multiyear pattern of unauthenticated command‑injection flaws in Fortinet’s ...
CSO Online

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, ...
CSO Online

Ransomware gangs extort victims by citing compliance violations

Ransomware attacks remain among the most common attack methods. As recent analyses show, cyber gangs are increasingly ...
CSO Online

One click is all it takes: How ‘Reprompt’ turned Microsoft Copilot into data exfiltration tools

A new one-click attack flow discovered by Varonis Threat Labs researchers underscores this fact. ‘Reprompt,’ as they’ve ...
CSO Online

Palo Alto Networks patches firewalls after discovery of a new denial-of-service flaw

A previous virtually identical zero day DoS vulnerability was targeted in the wild, and there's already a PoC for this one.
CSO Online

Output from vibe coding tools prone to critical security flaws, study finds

The assessment, which it conducted in December 2025, compared five of the best-known vibe coding tools — Claude Code, OpenAI ...
CSO Online

US cybersecurity weakened by congressional delays despite Plankey renomination

Sean Plankey’s renomination as CISA director offers some relief, but stalled legislation on cyber threat information sharing ...
CSO Online

Top 10 vendors for AI-enabled security — according to CISOs

Weighing innovation, reputation, business value, cost, integration overhead, and peer use, among other criteria, CISOs list ...
CSO Online

Iran’s partial internet shutdown may be a windfall for cybersecurity intel

With only government agencies allowed internet access, the signal to noise ratio in that country is flipped, which could ...
CSO OnlineOpinion

Cybersecurity at the state and local level: Washington has the framework, it’s time to act

Washington finally set up the rules and money for state and local cybersecurity — now the real risk is waiting too long to ...
CSO Online

CISOs’ top 10 cybersecurity priorities for 2026

AI’s ongoing rise — both as a threat and a means for defense — is reshaping security execs’ agendas, which also include added ...