9 ways CISOs can combat AI hallucinations
AI hallucinations are a well-known problem and, when it comes to compliance assessments, these convincing but inaccurate assessments can cause real damage with poor risk…
Category: CISOOnline
EvilTokens abuses Microsoft device code flow for account takeovers
The PhaaS toolkit is offering a host of features to its affiliates, including modules for access weaponization, email harvesting, reconnaissance capabilities, and a built-in webmail…
Cybersecurity in the age of instant software
Vulnerability economics Presumably, AIs will clean up the obvious stuff first, which means that any remaining vulnerabilities will be subtle. Finding them will take AI…
Tools, um MCP-Server abzusichern | CSO Online
Unabhängig davon, welche MCP-Server Unternehmen wofür einsetzen – “Unsicherheiten” sollten dabei außenvorbleiben. Gorodenkoff | shutterstock.com Model Context Protocol (MCP) verbindet KI-Agenten mit Datenquellen und erfreut…
Security awareness is not a control: Rethinking human risk in enterprise security
Under such conditions, expecting flawless human performance is unrealistic. Employees manage high volumes of communication while also combating deadlines and performance expectations. Senior leaders frequently…
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
“Opening a file in GNU Emacs can trigger arbitrary code execution through version control (git), most requiring zero user interaction beyond the file open itself.…
Hacker zielen auf Exilportal Iranwire
Unbekannte sollen das Exilportal Iranwire gehackt haben. PX Media – shutterstock.com Hacker haben nach Angaben der iranischen Justiz mutmaßlich Zugriff auf Daten eines bekannten Exilportals erlangt.…
WhatsApp malware campaign uses malicious VBS files to gain persistent access
These binaries retain their original metadata, but their altered names allow them to blend into the environment while performing malicious tasks like downloading additional payloads.…
Enterprise Spotlight: Setting the 2026 IT Agenda
IT leaders are setting their operations strategies for 2026 with an eye toward agility, flexibility, and tangible business results. Download the January 2026 issue of…
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
“When F5 CVE-2025-53521 first emerged last year as a denial-of-service issue, it didn’t immediately signal urgency, and many system administrators likely prioritized it accordingly,” Benjamin…
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
The attack follows a series of supply chain attacks that impacted multiple open-source projects across different package repositories over the past several weeks, most of…
OpenAI patches twin leaks as Codex slips and ChatGPT spills
ChatGPT’s hidden outbound channel leaks user data OpenAI has reportedly fixed a parallel bug in ChatGPT that goes beyond credential theft. Check Point researchers uncovered…