CSO Online

Microsoft flips security script: ‘In scope by default’ makes all vulnerabilities fair game for bug bounties

The company’s new approach is that anything touching Microsoft services is eligible for a bug bounty, regardless of its ...
CSO Online

Gladinet servers file-sharing servers allow remote code execution

Static AES keys are enabling attackers to decrypt access tokens and reach remote code execution, triggering urgent patch ...
CSO Online

OpenAI expands ‘defense in depth’ security to stop hackers using its AI models to launch cyberattacks

The AI giant is setting up an advisory group of ‘experienced cyber defenders and security practitioners’ to advise it on ...
CSO OnlineOpinion

Cybersecurity isn’t underfunded — It’s undermanaged

Of course, cybersecurity projects are often complex because they need to reach across corporate silos and geographies to ...
CSO Online

Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix

Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy ...
CSO Online

SAML authentication broken almost beyond repair

Multiple hacking techniques allow researchers to bypass XML signature validation while still presenting valid SAML ...
CSO Online

Quantum meets AI: The next cybersecurity battleground

As AI and quantum collide, we get huge leaps in power — along with a scramble to secure our data, trust the results and brace ...
CSO Online

Battering RAM hardware hack breaks secure CPU enclaves

Low-cost hardware hack opens the door to supply chain attacks against confidential computing servers in cloud environments.
CSO Online

Fortinet admins urged to update software to close FortiCloud SSO holes

Vulnerabilities could allow an attacker to bypass single sign-on login protection; users should disable SSO until patching is ...
CSO Online

CISO Reality: Record Pay, Rising Pressure, and Retention Risk

In this edition of Cyber Sessions, host Joan Goodchild talks with IANS researcher Nick Kakolowski about why midmarket CISOs ...
CSO Online

Ignoring AI in the threat chain could be a costly mistake, experts warn

While some researchers dismiss reports of AI-driven cyberattacks as merely marketing messages, threat intel experts counter ...
CSO Online

Apache Tika hit by critical vulnerability thought to be patched months ago

CVE-2025-54988 is a weakness in the tika-parser-pdf-module used to process PDFs in Apache Tika from version 1.13 to and ...