New ‘StoatWaffle’ malware auto‑executes attacks on developers
A newly disclosed malware strain dubbed “StoatWaffle” is giving fresh teeth to the notorious, developer-targeting “Contagious Interview” threat campaign. Acc...
CSO Online
14 articles
Autonomous AI adoption is on the rise, but it’s risky
Two AI releases early this year are prompting users to give up control and let autonomous agentic tools complete tasks on their behalf. IT leaders should be ...
Streamline physical security to enable data center growth in the era of AI
AI is the new space race for data centers, and consistency at speed is the rocket fuel that colocation and hyperscale providers need to reach orbit. Everythi...
Why CISOs should embrace AI honeypots
The nightmare begins with our protagonist trying to find a way inside to get to the firm’s files, but every door is bolted shut. Then they spot a back entran...
ISO und ISMS: Darum gehen Security-Zertifizierungen schief
Mit einer ISO 27001-Zertifizierung weisen Unternehmen nach, dass sie ein wirksames Informationssicherheits-Managementsystems (ISMS) betreiben. Lesen Sie, wes...
Palo Alto updates security platform to discover AI agents
As CISOs worry about AI agent sprawl, Palo Alto Networks has announced an update to its Prisma AIRS security platform and enterprise browser to include the a...
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape
Mandiant’s M-Trends 2026 report, released today at the RSA Conference, shows that attackers are moving faster, operating more collaboratively, and increasing...
Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies
A new infostealer is bypassing Chrome’s Application-Bound Encryption (ABE), using a debugger-based technique researchers say hasn’t been seen in the wild bef...
Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire
The North Korea fake IT worker scheme has become a pernicious threat across several industries. While best practices emphasize precautions throughout the hir...
Why US companies must be ready for quantum by 2030: A practical roadmap
Last year, I asked a room of infrastructure, identity and application leaders a simple question: “Where in our environment do we rely on RSA or elliptic curv...
The insider threat rises again
Insider threats are coming back in a consequential way. According to the State of Human Risk Report from Mimecast, 42% of organizations have experienced an i...
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Attackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub A...
Are nations ready to be the cybersecurity insurers of last resort?
A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organization...
Water utilities strengthen cybersecurity through cooperation
Water utilities are finding that letting information flow can flush out cybersecurity problems. The water industry has a security issue: Many utilities opera...