CSO Online

Microsoft flips security script: ‘In scope by default’ makes all vulnerabilities fair game for bug bounties

The company’s new approach is that anything touching Microsoft services is eligible for a bug bounty, regardless of its ...
CSO Online

Gladinet servers file-sharing servers allow remote code execution

Static AES keys are enabling attackers to decrypt access tokens and reach remote code execution, triggering urgent patch ...
CSO OnlineOpinion

Cybersecurity isn’t underfunded — It’s undermanaged

Of course, cybersecurity projects are often complex because they need to reach across corporate silos and geographies to ...
CSO Online

OpenAI expands ‘defense in depth’ security to stop hackers using its AI models to launch cyberattacks

The AI giant is setting up an advisory group of ‘experienced cyber defenders and security practitioners’ to advise it on ...
CSO Online

Quantum meets AI: The next cybersecurity battleground

As AI and quantum collide, we get huge leaps in power — along with a scramble to secure our data, trust the results and brace ...
CSO Online

SAML authentication broken almost beyond repair

Multiple hacking techniques allow researchers to bypass XML signature validation while still presenting valid SAML ...
CSO Online

Apache Tika hit by critical vulnerability thought to be patched months ago

CVE-2025-54988 is a weakness in the tika-parser-pdf-module used to process PDFs in Apache Tika from version 1.13 to and ...
CSO Online

Battering RAM hardware hack breaks secure CPU enclaves

Low-cost hardware hack opens the door to supply chain attacks against confidential computing servers in cloud environments.
CSO Online

December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Attacker with local access could escalate privileges, Microsoft warns; analyst calls it ‘the most urgent concern’ this month.
CSO Online

Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix

Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy ...
CSO Online

Ignoring AI in the threat chain could be a costly mistake, experts warn

While some researchers dismiss reports of AI-driven cyberattacks as merely marketing messages, threat intel experts counter ...
CSO Online

CISO Reality: Record Pay, Rising Pressure, and Retention Risk

In this edition of Cyber Sessions, host Joan Goodchild talks with IANS researcher Nick Kakolowski about why midmarket CISOs ...