Autonomous systems are finally working. Security is next
The problem was never detection For the last decade, the security industry has focused on detection. The emphasis has been on generating more alerts, improving…
Category: CISOOnline
Meet Fragnesia, the third Linux kernel vulnerability in a month
Similar to Dirty Frag, Fragnesia (CVE-2026-46300) is a local privilege escalation hole that exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory…
AI agent finds 18-year-old remote code execution flaw in Nginx
Nginx is one of the most popular web servers, powering almost one third of all websites on the internet, and is integrated into many commercial…
PraisonAI vulnerability gets scanned within 4 hours of disclosure
The bug involves a legacy Flask-based API server component “src/praisonai/api_server.py” in PraisonAI that shipped with authentication disabled by default. The issue affects versions 2.5.6 to…
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
The broader phishing ecosystem is evolving The campaign has targeted sectors including local government, logistics, retail, communications, and real estate, according to the report. Researchers…
What CISOs need to land a board role
The latter is the case for Jamie Norton, vice chair of the ISACA board. “As a long-term member, I had reached a stage in my…
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
The flaw in FortiAuthenticator, tracked as CVE-2026-44277, has a 9.1 CVSS severity score and is described as an improper access control issue. Successful exploitation allows…
Fired employee sought AI help to hide deletion of hosting firm’s customer data
A federal jury convicted Sohaib Akhter, 34, of Alexandria, Virgina, on charges of conspiracy to commit computer fraud, password trafficking, and possession of a firearm…
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what…
What happens when China’s AI catches up to Mythos?
And the access decisions themselves are already becoming geopolitical. The EU, notably, has still not been granted access to Mythos, even as OpenAI has moved…
CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory
For security leaders, the document puts AI risk more firmly inside enterprise supply-chain oversight. That could make AI SBOMs part of the same vendor-risk conversations…
May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
He added that for organizations using S/4HANA broadly across finance, procurement, supply chain, or HR-adjacent processes, this should be treated as an urgent remediation item.…