News

CSO Online2h
How phishers are weaponizing SVG images in zero-click, evasive campaigns
Seemingly harmless SVGs are packed with malicious JavaScript for a phishing redirect to actor-controlled URLs.
CSO Online8h
How defenders use the dark web
Gathering threat intelligence, finding the perpetrators of cyber attacks and bringing down whole ransomware gangs are some of ...
CSO Online8h
AI poisoning and the CISO’s crisis of trust
The CISO’s role has always been to protect the organization from threats it does not yet understand. AI poisoning requires ...
CSO Online21h
The 10 most common IT security mistakes
In practice, incident response teams repeatedly encounter the same weaknesses. What are they and how can they be resolved?
CSO Online15h
8 tough trade-offs every CISO must navigate
Increasing responsibilities and greater need to align with business objectives have security leaders facing greater risks — ...
CSO Online1d
New Grok-4 AI breached within 48 hours using ‘whispered’ jailbreaks
Just days after launch, Elon Musk’s Grok-4 is compromised by researchers using a stealthy blend of Echo Chamber and Crescendo ...
CSO Online1d
Putting AI-assisted ‘vibe hacking’ to the test
Valuable tools for experienced attackers and researchers, LLMs are not yet capable of creating exploits at a prompt, ...
CSO Online4d
Anatomy of a Scattered Spider attack: A growing ransomware threat evolves
The cybercriminal group has broadened its attack scope across several new industries, bringing valid credentials to bear on ...
CSO Online5d
MCP is fueling agentic AI — and introducing new security risks
MCP allows AI agents and chatbots to connect to data sources, tools, and other services, but they pose significant risks for ...
CSO Online4d
AMD discloses new CPU flaws that can enable data leaks via timing attacks
Four newly revealed vulnerabilities in AMD processors, including EPYC and Ryzen chips, expose enterprise systems to ...
CSO Online3d
McDonald’s AI hiring tool’s password ‘123456’ exposed data of 64M applicants
A security flaw in McHire allowed access to sensitive applicant data via default admin credentials and a vulnerable API. The ...
CSO Online4d
US Treasury Department sanctions individuals and entities over illegal IT worker scheme
Russians and North Koreans contributed to the scheme to provide illegal remote IT workers to US companies to fund the North ...