News

CSO Online17h

Microsoft SharePoint zero-day breach hits on-prem servers

CISA has mandated immediate mitigation for federal agencies, while analysts urge enterprises to accelerate cloud migration ...
CSO Online17h

PoisonSeed outsmarts FIDO keys without touching them

The novel technique exploits the cross-device sign-in option on FIDO to create an authenticated session controlled by ...
CSO Online8h

UK blames Russia’s infamous ‘Fancy Bear’ group for Microsoft cloud hacks

Recent cyberattacks deploying the potent Authentic Antics malware tool to target Microsoft cloud accounts were the handiwork ...
CSO Online22h

Is AI here to take or redefine your cybersecurity role?

With job postings for some cybersecurity positions already in decline, industry observers debate the extent to which AI is ...
CSO Online21h

From hardcoded credentials to auth gone wrong: Old bugs continue to break modern systems

In an era obsessed with AI threats and zero-day exploits, it is the age-old security slip-ups, forgotten scaffolding, brittle ...
CSO Online5d

7 obsolete security practices that should be terminated immediately

Bad habits can be hard to break. Yet when it comes to security, an outdated practice is not only useless, but potentially ...
CSO Online3d

Novel malware from Russia’s APT28 prompts LLMs to create malicious Windows commands

Recent attacks by the state-run cyberespionage group against Ukrainian government targets included malware capable of ...
CSO Online3d

Cisco warns of another critical RCE flaw in ISE, urges immediate patching

The newly disclosed flaw affects a specific API that suffers from insufficient input validation to allow unauthenticated RCE ...
CSO Online10d

Anatomy of a Scattered Spider attack: A growing ransomware threat evolves

The cybercriminal group has broadened its attack scope across several new industries, bringing valid credentials to bear on ...
CSO Online6d

Google Gemini vulnerability enables hidden phishing attacks

Gemini parses the invisible directive and appends the attacker’s phishing warning to its summary output. If the user follows ...
CSO Online4d

China-linked hackers target Taiwan chip firms in a coordinated espionage campaign

Three threat groups conduct sophisticated phishing attacks against chip manufacturers and financial analysts between March ...
CSO Online2d

Threat actors scanning for apps incorporating vulnerable Spring Boot tool

GreyNoise said over 2,000 IP addresses have scanned for Spring Boot Actuator endpoints in the past 90 days. Of them, 1,582 ...