CSO Online

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
CSO Online

Autonomous systems are finally working. Security is next

Security is having its "Waymo moment," moving past endless alerts to autonomous systems that investigate and fix threats ...
CSO Online

Cisco warns of an actively exploited SD-WAN flaw with max severity

The authentication bypass bug (CVE-2026-20182) in Catalyst SD-WAN gives remote attackers admin access, with no workaround ...
CSO Online

The economics of ransomware 3.0

Triple extortion tactics and why cyber insurance is no longer a substitute for a mature incident response architecture.
CSOonline

Google discovers weaponized zero-day exploits created with AI

The 2FA bypass exploit stemmed from a faulty trust assumption, providing evidence of AI reasoning that can discover high-level logic flaws. The Google Threat Intelligence Group (GTIG) today released ...
CSO Online

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...
CSOonline

New ‘Dirty Frag’ exploit targets Linux kernel for root access

The actively exploited flaw builds on Dirty Pipe and Copy Fail techniques to overwrite page cache and gain full system control. A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” ...
CSO Online

Meet Fragnesia, the third Linux kernel vulnerability in a month

Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new ...
CSO Online

Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs

Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows ...
CSO Online

Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched

Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day ...
CSO Online

What CISOs need to land a board role

Whether to spread cybersecurity knowledge, shape the tools of the future, or expand your professional repertoire, board ...