CSO Online

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
CSO Online

Keenadu: Android malware that comes preinstalled and can’t be removed by users

Keenadu infiltrated devices by posing as legitimate system components, prompting calls for tighter controls on firmware ...
CSO Online

Discipline is the new power move in cybersecurity leadership

Turns out the real power move in security isn’t a bigger budget — it’s cutting the clutter and proving what actually reduces ...
CSO OnlineOpinion

A new approach for GenAI risk protection

GenAI isn’t the real problem — unmanaged data is. Smarter XDR-based protection lets teams innovate without leaking what ...
CSO Online

The new paradigm for raising up secure software engineers

The new challenge for CISOs in the age of AI developers is securing code. But what does developer security awareness even ...
CSO Online

Why 2025’s agentic AI boom is a CISO’s worst nightmare

AI agents may work smarter than chatbots, but with tool access and memory, they can also leak data, loop endlessly or act ...
CSO Online

Cyber attacks enabled by basic failings, Palo Alto analysis finds

In the fastest attacks analyzed, threat actors moved from initial access to data exfiltration in 72 minutes, down from nearly five hours in 2024. Increasingly, this is explained by AI’s ability to ...
CSO Online

Leaky Chrome extensions with 37M installs caught divulging your browsing history

Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside servers, in some cases tied to data brokers and unknown operators.
CSO Online

With CISOs stretched thin, re-envisioning enterprise risk may be the only fix

Security leaders’ ever-expanding jurisdictions are increasingly spreading beyond what any single executive can handle. A ...
CSO Online

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT ...
CSO Online

CISO Julie Chatman wants to help you take control of your security leadership role

Chatman, who grew her career from medical diagnostics to a cybersecurity and risk leader at the FBI, has been a mentor to ...
CSO Online

ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit

Researchers said the openly available spyware enables surveillance, credential theft, and financial targeting across a wide range of mobile OS versions.