CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
CSO Online

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to ...
CSO Online

Cisco warns of an actively exploited SD-WAN flaw with max severity

The authentication bypass bug (CVE-2026-20182) in Catalyst SD-WAN gives remote attackers admin access, with no workaround ...
CSO Online

Autonomous systems are finally working. Security is next

Security is having its "Waymo moment," moving past endless alerts to autonomous systems that investigate and fix threats ...
CSO Online

Meet Fragnesia, the third Linux kernel vulnerability in a month

Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new ...
CSO Online

Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs

Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows ...
CSO Online

PraisonAI vulnerability gets scanned within 4 hours of disclosure

A newly disclosed authentication bypass flaw (CVE-2026-44338) in PraisonAI drew near-instant probing, exposing risks from ...
CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
CSO Online

CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory

The guidance gives CISOs a way to press vendors on AI transparency, but analysts say the hard part will be proving that ...
CSO Online

2026 CSO Award winners showcase business-enabling cyber innovation

From revamping security culture to transformation threat hunting operations, 2026’s award-winning projects underscore the ...
CSO Online

OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos

OpenAI’s new cybersecurity platform aims to automate vulnerability detection, patch validation, and secure software ...
CSO Online

Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched

Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day ...