New US House privacy bills raise hard questions about enterprise data collection
It states that a controller, namely any entity that is processing personal data, may not process the sensitive data of a teen without obtaining verifiable…
Category: CISOOnline
Scattered Spider co-conspirator pleads guilty
However, there are members of the Scattered Spider group still active: last year it branched out and attacked a number of other businesses, including Marks…
The curious case of Sean Plankey’s derailed CISA nomination
CSO contacted Scholten’s office multiple times seeking comment, but received no response. CSO also received no response to the questions surrounding this letter from either…
3 practical ways AI threat detection improves enterprise cyber resilience
Why “more alerts” isn’t the same as better security If you run security in an enterprise environment, you already know the problem. Generic detection tools…
Security-KPIs und -KRIs: So messen Sie Cybersicherheit
Cybersicherheit zu messen, ist kein Kinderspiel. Foto: Ultraskrip – shutterstock.com Eine wichtige Säule jedes ausgereiften Cyberrisk-Programms ist die Fähigkeit, die Performance der IT-Security und registrierte…
Bitwarden CLI password manager trojanized in supply chain attack
Attackers target cloud and development credentials The trojanized Bitwarden CLI version 2026.4.0 contained a custom loader called bw_setup.js that checks if the bun package manager…
Google gets agent-ready for the Mythos age
Wiz, AI-BOMs, and securing the AI development sprawl Google has expanded its Wiz portfolio to tackle the chaos of AI development and multi-cloud risk. Wiz…
Offer customers passkeys by default, UK’s NCSC tells enterprises
The NCSC said its analysis examines common techniques, including phishing, credential reuse, and session hijacking, and evaluates how credentials are exposed across their lifecycle, from…
Microsoft taps Anthropic’s Mythos to strengthen secure software development
“Using Mythos in Microsoft’s Security Development Lifecycle could help strengthen and harden products like Windows, Azure, Microsoft 365, and developer tools,” Shah said. “Every enterprise…
CNAPP – ein Kaufratgeber | CSO Online
Palo Alto Networks Cortex Cloud Fokus: IT-Security Form: Einheitliche Plattform mit verschiedenen Produkten; Besondere Features/Integrationen: CDR, AppSec-Integration, Laufzeitschutz und DSPM, Support für IBM und Akamai…
Top techniques attackers use to infiltrate your systems today
Identity-based attacks Attackers are increasingly impersonating legitimate users, machines, or services to gain access to systems, data, or infrastructure. The technique is on the upswing…
Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core
When embedded in applications, these long-lived tokens confer the sort of power attackers quickly jump on. “If an attacker used forged payloads to authenticate as…