CSO Online

CISOs must separate signal from noise as CVE volume soars

FIRST forecasts a record surge in disclosed vulnerabilities in 2026, but security researchers say most will not translate ...
CSO Online

The hard part of purple teaming starts after detection

Purple teaming should be the discipline that reveals these realities, but the current model rarely does. Service providers tend to focus on the bypass, the exploit, the “win.” Clients focus on closing ...
CSO Online

Single prompt breaks AI safety in 15 major language models

The GRP‑Obliteration technique reveals that even mild prompts can reshape internal safety mechanisms, raising oversight ...
CSO Online

BeyondTrust fixes critical RCE flaw in remote access tools

Enterprises are urged to patch self-hosted versions of both Remote Support and Privileged Remote Access due to a 9.9-severity ...
CSO Online

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

Researchers revealed a Phorpiex-distributed phishing campaign using malicious LNK files to deploy Global Group ransomware ...
CSO Online

69% of CISOs open to career move — including leaving role entirely

Behind those numbers are executives who are frustrated with an ever-expanding job without the budget and authority to match.
CSO Online

OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks

The AI agent platform has added a Google-owned threat intelligence service to the ClawHub marketplace, following the ...
CSO Online

Schrödinger’s cat and the enterprise security paradox

If you haven’t really looked, your company is both secure and hacked at the same time — and dashboards alone won’t tell you ...
CSO OnlineOpinion

Never settle: How CISOs can go beyond compliance standards to better protect their organizations

With scenarios, you start with a broader view of the risk and map associated controls. You can also define custom risk ...
CSO Online

Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments

Going passwordless isn’t a switch flip — it’s a full identity rethink. This piece walks through what actually breaks, works ...
CSO Online

New APT group breached gov and critical infrastructure orgs in 37 countries

Security researchers from Palo Alto Networks believe the likely Asia-based group is expanding its activities, which include ...
CSO Online

Software supply chain risks join the OWASP top 10 list, access control still on top

There were some changes to the recently updated OWASP Top 10 list, including the addition of supply chain risks. But old ...