CSO Online

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
CSO Online

Top 5 real-world AI security threats revealed in 2025

Security researchers uncovered a range of cyber issues targeting AI systems that users and developers should be aware of — ...
CSO Online

Agentic AI already hinting at cybersecurity’s pending identity crisis

An estimated 95% of enterprises have not deployed identity protections for their autonomous agents — not a great start for ...
CSO Online

High severity flaw in MongoDB could allow memory leakage

Document database vendor MongoDB has advised customers to update immediately following the discovery of a flaw that could ...
CSO Online

What CISOs should know about the SolarWinds lawsuit dismissal

The SEC’s dismissal of its lawsuit against SolarWinds and its CISO brought widespread relief to cybersecurity leaders and ...
CSO Online

MacSync Stealer malware bypasses macOS Gatekeeper security warnings

MacSync Stealer, by contrast, is downloaded from an ordinary-looking utility URL as a code-signed and notarized Swift ...
CSO OnlineOpinion

Why outsourced cyber defenses create systemic risks

Outsourcing security may feel efficient, but one weak vendor can spill risk everywhere — turning a smart shortcut into a ...
CSO Online

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Proofpoint has warned about phishing campaigns abusing legitimate device authorization flow to bypass MFA and gain persistent ...
CSO Online

7 SASE certifications to validate converged network and security skills

For IT professionals, SASE certifications can demonstrate hands-on experience with cloud-based network and ...
CSO Online

CERN: how does the international research institution manage risk?

The European Laboratory for Elementary Particle Physics is one of the world's leading scientific institutions. Securing it ...
CSO Online

HPE OneView vulnerable to remote code execution attack

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately.
CSO Online

South Korean firm hit with US investor lawsuit over data breach disclosure failures

Federal securities class action alleges that the ecommerce giant failed to report a data breach under SEC cybersecurity rules ...