CSO Online

Hackers exploit critical PTC Windchill PLM software flaw

The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...
CSO OnlineOpinion

Mythos is a signal, not a siren: What frontier AI should change for CISOs

Don't panic about new AI threats; hackers are still using the same old security gaps to get in, so use AI to help your team ...
CSO Online

Change your cyber risk strategy to meet AI threats, Five Eyes countries warn CSOs

The urgency is clear,’ says the statement from cyber security agencies, but some experts say the advice is too general and ...
CSO Online

Trump sets post-quantum crypto deadlines, launches broader federal quantum initiative

New executive orders direct agencies to accelerate quantum-resistant encryption efforts and lay the groundwork for contractor ...
CSO Online

Klue breach exposed Salesforce CRM data through stolen OAuth tokens

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
CSO Online

What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan

Perfect zero trust doesn't fit tough OT environments, so use a practical action plan to secure the entry points and keep ...
CSO Online

Proposed US law would make AI risk reporting a legal obligation

The bill seeks to close oversight gaps by forcing developers to disclose dangerous model behavior and security threats.
CSO Online

Unpatched SharePoint servers opened the door to multiple attackers, Microsoft finds

Separate actors exploited the same exposure, creating overlapping intrusions that obscured detection and response.
CSO Online

Cyberattacks pose a ‘threat to life’ in Australia

It’s impossible to exaggerate the danger that the country is facing from cyberattacks on its infrastructure, he said, ...
CSO Online

How a malicious AI agent skill passed security checks and reached 26,000 users

AIR says static scanning failed to detect a skill that redirected to a controlled domain and later altered its payload.
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
CSO Online

Attackers exploit Cisco Unified CM flaw weeks after patch release

New activity targets CVE‑2026‑20230, an SSRF bug that can allow unauthenticated file writes and potential root‑level access ...