CSO Online

Anthropic bets on EPSS for the coming bug surge

As Anthropic’s Mythos signals a shift to unprecedented machine-speed vulnerability discovery, EPSS is gaining renewed ...
CSO Online

Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered

Now that an attacker can use an LLM to weaponize a bug the minute it's found, taking 12 days to patch ‘is essentially a ...
CSO Online

Why identity is the driving force behind digital transformation

Identity isn't just about logging in anymore; it’s the "invisible engine" that helps teams move faster, keeps data secure, ...
CSO Online

Azure SRE Agent flaw let outsiders silently eavesdrop on enterprise cloud operations

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...
CSO Online

Top techniques attackers use to infiltrate your systems today

Popular tool abuse, ClickFix, and identity-based attacks are among the most prevalent techniques bad actors are deploying ...
CSO Online

Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook

Microsoft details a cross-tenant social engineering technique that tricks employees into granting remote access and enables ...
CSO Online

CISOs reshape their roles as business risk strategists

The AI era has accelerated the need for CISOs to function as key risk management players across the business. Here’s how to ...
CSO Online

Hackers exploit Vercel’s trust in AI integration

Compromised Context.ai integration let attackers inherit Vercel employee access and reach internal systems, exposing a ...
CSO Online

Behind the Mythos hype, Glasswing has just one confirmed CVE

As hype builds around Anthropic’s offensive AI model, VulnCheck’s analysis finds just one confirmed CVE tied directly to ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
CSO Online

White House moves to give federal agencies access to Anthropic’s Claude Mythos

The move would allow civilian agencies to access a modified version of Anthropic’s powerful vulnerability‑hunting AI, under ...