News

CSO Online10h
BadSuccessor: Unpatched Microsoft Active Directory attack enables domain takeover
Unprivileged users with permission to create objects inside an Active Directory organizational unit can abuse the new ...
CSO Online15h
Critical flaw in OpenPGP.js raises alarms for encrypted email services
The flaw, identified as CVE-2025-47934 and assigned a critical severity rating, was discovered by Edoardo Geraci and Thomas ...
CSO Online18h
GitHub package limit put law firm in security bind
A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...
CSO Online22h
Threat intelligence platform buyer’s guide: Top vendors, selection advice
Threat intelligence platforms have evolved and became essential security defensive tools. Here is what you need to know ...
CSO Online16h
You’ve already been targeted: Why patch management is mission-critical
Every day you delay a patch is a day attackers gain the upper hand. Proactive defense starts with closing the doors they ...
CSO Online22h
Poor DNS hygiene is leading to domain hijacking
Threat actors continue to find ways of hijacking domains thanks to poor DNS record-keeping and misconfigurations by ...
CSO Online1d
CSO30 Australia Awards 2025: Nominations now open
Nominations are officially open for the 2025 CSO30 Australia Awards, celebrating the country’s most effective and inspiring ...
CSO Online1d
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
During Pwn2Own hacking contest, participants were asked to compromise Microsoft Windows 11, Mozilla Firefox, VMware ...
CSO Online1d
4 ways to safeguard CISO communications from legal liabilities
The SEC’s lawsuit against SolarWinds’ CISO highlights the legal liabilities CISOs can face when communicating. Here are four ...
CSO Online1d
Skitnet malware: The new ransomware favorite
The modular malware is tailor-made for ransomware as it features dedicated plugins for theft, encryption, and persistence.
CSO Online1d
A spoof antivirus makes Windows Defender disable security scans
In a proof-of-concept, a security researcher demonstrated how the Windows Security Center API can be used to block the scans ...
CSO Online6d
Google patches Chrome vulnerability used for account takeover and MFA bypass
In some environments, this could even give attackers the ability to bypass multi-factor authentication (MFA). The ...