What Anthropic Glasswing reveals about the future of vulnerability discovery
AI giant Anthropic has unveiled Project Glasswing, a cybersecurity initiative built around Claude Mythos Preview, a model it describes as “cybersecurity in the age of…
Category: CISOOnline
Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw
The new vulnerability is an authentication bypass issue that stems from improper access control in the FortiClient EMS API. It allows attackers to execute code…
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks
“While the threat actor typically uses N-day vulnerabilities, we have also observed Storm-1175 leveraging zero-day exploits, in some cases a full week before public vulnerability…
Zero‑click Grafana AI attack can enable enterprise data exfiltration
From there, attackers use indirect prompt injection techniques to manipulate the AI into executing malicious instructions. The model is tricked into generating requests that include…
Escaping the COTS trap | CSO Online
Over the years, enterprise cybersecurity environments have accumulated staggering numbers of commercial tools. Industry research converges on a consistent picture of tool proliferation that drives…
6 ways attackers abuse AI services to hack your business
“This is the AI equivalent of name-squatting a package registry, except there’s no central MCP authority verifying server identity and no cryptographic link between an…
Authentication is broken: Here’s how security leaders can actually fix it
1) Modular secure elements (SEs) embedded or in SIM form Device-bound cryptography, tamper resistance, ultra-low-power states and tighter OEM control over firmware and BIOS all…
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
“A .lnk file is how Windows handles shortcuts: Whenever you click on that Outlook icon on your desktop, you’re actually clicking on a separate file…
5 critical steps to achieve business resilience in cybersecurity
What does it really take to keep your organization running when attackers strike? The answer is business resilience—being able to detect, contain, and recover fast enough…
6 metrics IT leaders can’t afford to ignore for business resilience
If you’re in IT, you know: what we don’t measure puts business resilience at risk. In the face of rising threat volumes, scaling complexity, and board-level scrutiny, tracking the right operational metrics isn’t just…
6 critical mistakes that undermine cyber resilience (and how to fix them)
Silos are the enemy of business resilience. As IT leaders, we’ve all felt the pain: the backup administrator, SOC analyst, and endpoint engineer operating in…
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)
Business resilience starts at the endpoint. Between March and December 2025, the N-able SOC processed over 900,000 alerts—and a staggering 18% originated from network and perimeter exploits…