News

CSO Online1h
PoisonSeed outsmarts FIDO keys without touching them
The novel technique exploits the cross-device sign-in option on FIDO to create an authenticated session controlled by ...
CSO Online2h
Microsoft SharePoint zero-day breach hits on-prem servers
CISA has mandated immediate mitigation for federal agencies, while analysts urge enterprises to accelerate cloud migration ...
CSO Online7h
Is AI here to take or redefine your cybersecurity role?
With job postings for some cybersecurity positions already in decline, industry observers debate the extent to which AI is ...
CSO Online6h
From hardcoded credentials to auth gone wrong: Old bugs continue to break modern systems
In an era obsessed with AI threats and zero-day exploits, it is the age-old security slip-ups, forgotten scaffolding, brittle ...
CSO Online2d
Cisco warns of another critical RCE flaw in ISE, urges immediate patching
The newly disclosed flaw affects a specific API that suffers from insufficient input validation to allow unauthenticated RCE ...
CSO Online4d
How AI is changing the GRC strategy
CISOs find themselves at a pinch-point needing to manage AI risks while supporting organizational innovation. The way forward ...
CSO Online1d
Threat actors scanning for apps incorporating vulnerable Spring Boot tool
GreyNoise said over 2,000 IP addresses have scanned for Spring Boot Actuator endpoints in the past 90 days. Of them, 1,582 ...
CSO Online2d
Novel malware from Russia’s APT28 prompts LLMs to create malicious Windows commands
Recent attacks by the state-run cyberespionage group against Ukrainian government targets included malware capable of ...
CSO Online5d
Salt Typhoon hacked the US National Guard for 9 months, and accessed networks in every state
Chinese hackers stole network diagrams, credentials, and personnel data in a breach that poses a threat to critical ...
CSO Online5d
7 obsolete security practices that should be terminated immediately
Bad habits can be hard to break. Yet when it comes to security, an outdated practice is not only useless, but potentially ...
CSO Online9d
McDonald’s AI hiring tool’s password ‘123456’ exposed data of 64M applicants
A security flaw in McHire allowed access to sensitive applicant data via default admin credentials and a vulnerable API. The ...
CSO Online10d
Anatomy of a Scattered Spider attack: A growing ransomware threat evolves
The cybercriminal group has broadened its attack scope across several new industries, bringing valid credentials to bear on ...