New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert
As categories, ADCs and VPNs are prime targets for threat actors because they are internet-facing. “Anything that organizations tend to heavily rely on and expose…
Category: CISOOnline
Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service
Opswat also discovered two other Catalyst 9300 vulnerabilities: CVE-2026-20112 (cross-site scripting) and CVE-2026-20113 (CRLF injection). These relate to the IOS XE IOx integration environment which…
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
“Repeated compromises of the same vendor in a short period suggest a persistent weakness,” said Cory Michal, CSO of SaaS security management company AppOmni. He…
6 key trends reshaping the IAM market
“Many enterprises are still in the early stages of deploying passkeys and FIDO2, and biometrics are often deployed as part of a broader MFA strategy,…
Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance
CISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten. earthphotostock – shutterstock.com In vielen Unternehmen stoßen IT-Sicherheitsrichtlinien auf Widerstand, da Mitarbeitende sie als hinderlich oder…
New ‘StoatWaffle’ malware auto‑executes attacks on developers
The RAT module maintains regular communication with an attacker-controlled C2 server, executing commands to terminate its own process, change the working directory, list files and…
HP launches TPM Guard to help defeat physical TPM attacks
The Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 11. It stores…
DDoS-Angriffe haben sich verdoppelt | CSO Online
Die Angriffsvolumina stiegen 2025 um den Faktor 5,5 gegenüber 2024. Gcore Radar Angriffsstruktur verändert sich Volumetrische Attacken auf Netzwerkebene fallen laut Gcore zunehmend kürzer und…
Autonomous AI adoption is on the rise, but it’s risky
Autonomous bots for everyone OpenClaw and Claude Cowork are at the forefront of this coming revolution, enabling users to enlist AI to automate workflows on…
ISO und ISMS: Darum gehen Security-Zertifizierungen schief
Mit einer ISO 27001-Zertifizierung weisen Unternehmen nach, dass sie ein wirksames Informationssicherheits-Managementsystems (ISMS) betreiben. Lesen Sie, weshalb der Zertifizierungsprozess häufig schief geht. Foto: mentalmind –…
Palo Alto updates security platform to discover AI agents
Recently, he said, there have been news reports that AI agents created by firms caused hacks within their own companies. He didn’t cite specific examples,…
Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies
Vojtěch Krejsa, the threat researcher at Gen who first flagged the stealer, calls VoidStealer’s bypass non-noisy. “The bypass requires neither privilege escalation nor code injection,…