WhatsApp malware campaign uses malicious VBS files to gain persistent access
Microsoft is warning WhatsApp users of a new malware campaign that tricks them into executing malicious Visual Basic Script (VBS) files, ultimately enabling ...
CSO Online
20 articles
Hacker zielen auf Exilportal Iranwire
Unbekannte sollen das Exilportal Iranwire gehackt haben. PX Media – shutterstock.
9 ways CISOs can combat AI hallucinations
AI hallucinations are a well-known problem and, when it comes to compliance assessments, these convincing but inaccurate assessments can cause real damage wi...
Security awareness is not a control: Rethinking human risk in enterprise security
Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essen...
Im Fokus: IT-Leadership
Enterprise Spotlight: Setting the 2026 IT agenda
IT leaders are setting their operations strategies for 2026 with an eye toward agility, flexibility, and tangible business results. Download the January 2026...
Attack Surface Management – ein Kaufratgeber
Mit diesen Attack Surface Management Tools sorgen Sie im Idealfall dafür, dass sich Angreifer gar nicht erst verbeißen. Sergey Zaykov | shutterstock.
Anthropic employee error exposes Claude Code source
An Anthropic employee accidentally exposed the entire proprietary source code for its AI programming tool, Claude Code, by including a source map file in a v...
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
Attackers compromised the npm account of the lead maintainer of Axios, a widely used JavaScript HTTP client library, and used it to publish malicious version...
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentic...
OpenAI patches twin leaks as Codex slips and ChatGPT spills
OpenAI has fixed two flaws in its AI stack that could allow AI agents to move sensitive data in unintended ways. The issues, disclosed by researchers at Beyo...
8 ways to bolster your security posture on the cheap
As every CISO knows, maintaining a strong cybersecurity posture is costly. What’s not so well known is that there are many ways cybersecurity can be enhanced...
The external pressures redefining cybersecurity risk
Over the last four years, I’ve watched organizations get blindsided by threats that originated in a third-party network. More than 35% of data breaches are c...
6 key takeaways from RSA Conference 2026
Writing a conference preview is an act of professional speculation. You read the agenda, map the schedule session density, and make your personal best call a...
Fahndung nach Cyberkriminellen – 130 Firmen attackiert
130 Unternehmen und Institutionen gerieten ins Visier der Hacker. Tayler Derden | shutterstock.
Fortinet hit by another exploited cybersecurity flaw
Yet another critical flaw in a Fortinet product has come to light as attackers continue to target the company, this time by actively exploiting a critical SQ...
LangChain path traversal bug adds to input validation woes in AI pipelines
Security researchers are warning that applications using AI frameworks without proper safeguards can expose sensitive information in basic, yet critical, non...
Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases
Anthropic didn’t intend to introduce Mythos this way. Details of what it calls its most capable AI model yet surfaced through a data leak in its content mana...
APIs are the new perimeter: Here’s how CISOs are securing them
Recent breaches suggest attackers are shifting beyond traditional endpoints to target application programming interfaces (APIs). But typical perimeter protec...
Why Kubernetes controllers are the perfect backdoor
In my years securing cloud-native environments, I’ve noticed a recurring blind spot. We obsess over the “front doors” such as exposed dashboards, misconfigur...