News

CSO Online7m
Verified, but vulnerable: Malicious extensions exploit IDE trust badges
Once thought to be a reliable indicator of trust, the blue ‘check’ icon next to an extension’s name can now be spoofed.
CSO Online6h
Cybersecurity in the supply chain: strategies for managing fourth-party risks
Third-party vendors are a well-known risk but they are often not the last point in the supply chain and cybersecurity leaders ...
CSO Online18h
Hardcoded root credentials in Cisco Unified CM trigger max-severity alert
Static root credentials left in limited Unified Communications Manager builds could let attackers gain full control over ...
CSO Online19h
Hunters International shuts ransomware operations, reportedly becomes an extortion-only gang called World Leaks
The report says that, unlike Hunters International, which combined data encryption with extortion, World Leaks operates as an ...
CSO Online17h
Second espionage-linked cyberattack hits ICC, exposing persistent threats to global justice systems
The breach, discovered during a high-profile NATO summit, highlights the ICC’s growing exposure to nation-state cyber ...
CSO Online1d
North Korean crypto thieves deploy custom Mac backdoor
Researchers warn that recent attack campaigns against Web3 and crypto startups by a North Korean APT group have leveraged a ...
CSO Online2d
Critical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacks
A misconfigured default in the MCP inspector tool allows attackers to execute arbitrary commands via CSRF and legacy browser ...
CSO Online2d
Scattered Spider shifts focus to airlines as strikes hit Hawaiian, WestJet — and now Qantas
Cybersecurity giants and the FBI warn that the notorious hacking group is now targeting the aviation sector with advanced ...
CSO Online4d
Microsoft hints at revoking access to the Windows kernel — eventually
A new Microsoft announcement suggests it has found a way to deliver kernel-level visibility and capabilities to apps running ...
CSO Online2d
How cybersecurity leaders can defend against the spur of AI-driven NHI
Non-human identities were already a challenge for security teams before AI agents came into the picture. Now, companies that ...
CSO Online1d
Sixfold surge of ClickFix attacks threatens corporate defenses
Less understood than phishing, the social engineering technique that tricks users into pasting malicious commands into tools ...
CSO Online2d
Why every company needs a travel security program
Business travel in an age of geopolitical conflict and control introduces new and greater risks for organizations of any size ...