CSO Online

Press Release: CSO30 ASEAN & Hong Kong Awards 2026 open for nominations

The deadline for nominations: 31 July 2026. Due to the sensitive nature of cybersecurity work, project details will not be ...
CSO Online

GlassWorm falls, but the repo problem is far from solved

CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation, but experts say the broader ...
CSO Online

Indian CERT urges firms to contain exploited internet-facing flaws within 12 hours

The cyber agency is pushing aggressive remediation windows, continuous exposure management, and AI governance controls in ...
CSO Online

Microsoft previews automatic device isolation in Defender for Endpoint

The new capability will be added to the automatic attack disruption tool, however, new research warns that the tool has to be ...
CSO Online

DNS-AID will make AI agents easier to discover, says Linux Foundation

As AI agents become more numerous and more communicative, keeping track of where to find them is becoming increasingly important. Numerous proprietary agent registries are on the market, but the Linux ...
CSO Online

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...
CSO Online

Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic

This means organizations that still treat patching as a quarterly exercise are operating with materially more risk than they ...
CSO Online

Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise

Your patch management strategy may need an overhaul, as flaw exploitation significantly outpaces credential abuse as the ...
CSO Online

Microsoft patches two zero-day flaws in Defender

CISA has added the Microsoft Malware Protection Engine and Microsoft Defender Antimalware Platform vulnerabilities to its KEV ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
CSOonline

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows into thousands of public repositories. A large-scale automated GitHub ...