LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
NOYB has a history of taking on tech companies. In 2025, Google was hit by a €325 million ($381 million) fine by French privacy regulator,…
Category: CISOOnline
Your refresh plan has a CVE blind spot
The conversation is straightforward, but the problem behind it is not. The customer bought servers in 2017 and typically refresh every five to six years.…
Pen tests show AI security flaws far more severe than legacy software bugs
LLM vulnerabilities also have the lowest resolution rate of all app types pen-tested, with just 38% of high-risk issues fixed, according to data collected during…
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
He was commenting on an advisory issued Thursday by Ivanti about the discovery of five holes in its Endpoint Manager Mobile (EPMM) suite. Updates for…
Your CTEM program is probably ignoring MCP. Here’s how to fix it
Introduced by Anthropic in late 2024, MCP acts as the plugin architecture for agentic AI. If your team isn’t scanning for, mapping or monitoring for…
Claude in Chrome is taking orders from the wrong extensions
LayerX is calling the flaw “ClaudeBleed.” “LayerX reported the flaw to Anthropic,” LayerX researcher Aviad Gispan said in a blog post. “Anthropic replied that they…
13 new critical holes in JavaScript sandbox allow execution of arbitrary code
In both cases, the highest-risk users are organizations that run untrusted JavaScript and assume vm2 is containing it. Those [application development] teams should patch immediately and add…
Become a millionaire by bug hunting on Android
Over the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that…
Ollama vulnerability highlights danger of AI frameworks with unrestricted access
Ollama provides an interface and REST API server for running and calling locally hosted large language models (LLMs). The application does not provide authentication by…
Critical Palo Alto Networks software bug hits exposed firewalls
The flaw only impacts PAN-OS deployments where User-ID Authentication Portal is enabled. Affected versions span multiple PAN-OS release branches, including 10.2,11.1, and 12.1 releases prior…
Bots in translation: Can AI really fix SIEM rule sprawl across vendors?
“SIEM rules encode not only syntax, but also detection intent,” Ming Xu, lead author of the paper, told CSO. Different SIEM platforms implement distinct field…
Ten years later, has the GDPR fulfilled its purpose?
“It’s important to remember that the GDPR recognized the right to data portability. However, in practice, it has been one of the most underutilized rights,…