CSO Online

Human-in-the-loop isn’t enough: New attack turns AI safeguards into exploits

Human-in-the-loop (HITL) safeguards that AI agents rely on can be subverted, allowing attackers to weaponize them to run ...
CSO Online

Cisco confirms zero-day exploitation of Secure Email products

The unpatched flaw affects AsyncOS-based Secure Email appliances, with Cisco investigating scope and urging rebuilds in ...
CSO Online

JumpCloud agent turns uninstall into a system shortcut

The bug lets attackers with local access elevate to “system” or destabilize machines through unsafe privilege file operations ...
CSO Online

The devil of proposed SEC AI disclosure rule is in the details

The proposed rule from an SEC committee will force CIOs, CISOs, and other execs to analyze and report all manner of AI ...
CSO Online

Microsoft warns MSMQ may fail after update, breaking apps

A security update issued on December Patch Tuesday changes the MSMQ security model, causing failures in programs ranging from ...
CSO Online

‘Ink Dragon’ threat group targets IIS servers to build stealthy global network

A Chinese-linked threat group identified as “Ink Dragon” is targeting common weaknesses in Internet Information Services (IIS ...
CSO Online

The Raspberry Pi wakeup call: Why enterprises must rethink physical security

Analysts argue that many enterprises cut corners in physical security that they would never consider in the virtual world, ...
CSO Online

Russian APT group pivots to network edge device misconfigurations

According to Amazon’s telemetry, the group’s infrastructure has overlaps with Sandworm, a group also known as APT44 and ...
CSO OnlineOpinion

Demystifying risk in AI

AI can supercharge work, but without guardrails it can mislead fast — so humans, governance and smart frameworks still need ...
CSO Online

The mistold story of a software failure that grounded 6,000 jets

The impact on the Airbus A320 fleet and the airlines that have deployed them would be widespread. Potentially, 6,000 planes ...
CSO Online

‘Featured’ Urban VPN caught stealing private AI chats

The browser extension injects scripts to capture AI prompts and responses even when the VPN features are disabled.