CSO Online

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws

A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus through ...
CSO Online

Network security devices endanger orgs with ’90s era flaws

Built to defend enterprise networks, network edge security devices are becoming liabilities, with an alarming rise in ...
CSO Online

Threat actors are spreading malicious extensions via VS marketplaces

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to ...
CSO Online

US NSA alleged to have launched a cyber attack on a Chinese agency

WeChat posting says attack was on agency that sets time for critical infrastructure providers; there’s no public evidence of ...
CSO Online

Introducing MAESTRO: A framework for securing generative and agentic AI

MAESTRO provides a structured, layered, outcome-driven framework tailored to these realities. By applying it across data, ...
CSO Online

The expanding CISO role: From security operator to enterprise risk strategist

Security leaders are taking on bigger roles, adding new responsibilities, and gaining influence across the business, new ...
CSO Online

Critical ASP.NET core vulnerability earns Microsoft’s highest-ever severity score

The Kestrel web server flaw allows request smuggling attacks, but the actual risk depends on the application code and ...
CSO Online

‘Zero Disco’ campaign hits legacy Cisco switches with fileless rootkit payloads

Researchers warn of fileless payloads, memory hooks, and a UDP-based C2 controller that complicate detection and remediation.
CSO Online

CISOs must rethink the tabletop, as 57% of incidents have never been rehearsed

Security experts believe many cyber tabletops try to be too specific, while others argue they should focus on smaller, more ...
CSO Online

North Korean threat actors turn blockchains into malware delivery servers

EtherHiding’: Nation-state and cybercriminal groups are leveraging smart contracts as command-and-control servers for ...
CSO Online

Government considered destroying its data hub after decade-long intrusion

A Chinese-sponsored cyber attack was so damaging that it was briefly proposed that an entire data hub be destroyed, according ...
CSO Online

Source code and vulnerability info stolen from F5 Networks

IT and security leaders should install latest patches from the application delivery and security vendor after suspected ...