Palo Alto updates security platform to discover AI agents
Recently, he said, there have been news reports that AI agents created by firms caused hacks within their own companies. He didn’t cite specific examples,…
Category: CISOOnline
Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies
Vojtěch Krejsa, the threat researcher at Gen who first flagged the stealer, calls VoidStealer’s bypass non-noisy. “The bypass requires neither privilege escalation nor code injection,…
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape
Mandiant’s M-Trends 2026 report, released today at the RSA Conference, shows that attackers are moving faster, operating more collaboratively, and increasingly focusing on the systems…
Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire
When an admin from the organization activated the new hire’s EntraID account, the team observed that the new hire used an EntraID login from a…
Anthropic ban heralds new era of supply chain risk — with no clear playbook
“You need a full AI security solution,” he tells CSO, arguing that AI systems are dynamic, with models, data, and behaviors that change over time,…
Your MFA isn’t broken — it’s being bypassed, and your employees can’t tell the difference
2. We trust session cookies too much Once MFA is completed, most organisations treat the resulting session as sacred. The user proved who they are,…
5 key priorities for your RSAC 2026 agenda
RSA Conference 2026 arrives at a significant inflection point for the cybersecurity industry — one that will see its more than 43,000 attendees and 600-plus…
Beijing wants its own quantum-resistant encryption standards rather than adopt NIST’s
Sarkar explained the underlying concern. “Structured lattices have patterns that could potentially be exploited in the future,” he said. “It is like having a lock…
That cheap KVM device could expose your network to remote compromise
Researchers have found nine vulnerabilities in four popular low-cost KVM-over-IP devices, ranging from unauthenticated command injection to weak authentication defenses and insecure firmware updates. The…
Stop using AI to submit bug reports, says Google
Google will no longer accept AI-generated submissions to a program it funded to find bugs in open-source software. However, it is contributing to a separate…
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Multiple components backdoored Trivy, developed by Aqua Security, is one of the most widely used open-source vulnerability scanners, with over 32,000 GitHub stars and more…
Are nations ready to be the cybersecurity insurers of last resort?
A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organizations, this…