CSO Online

The CISO’s greatest risk? Department leaders quitting

A security exec’s job is not just to manage cyber risk. Protecting personnel from burnout, championing cyber’s business value ...
CSO Online

Ransomware gangs seize a new hostage: your AWS S3 buckets

Researchers warn that attackers are moving beyond on-prem systems and now using AWS’s own encryption and key management ...
CSO OnlineOpinion

Selling to the CISO: An open letter to the cybersecurity industry

The industry has stopped rewarding what works in favor of what sells. But as security leaders with very real risks on the ...
CSO Online

Rethinking identity for the AI era: CISOs must build trust at machine speed

Human-centered identity systems were never designed for the coming wave of autonomous AI agents. CISOs face a reckoning over ...
CSO Online

WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform

Researchers have uncovered a WhatsApp privacy flaw that allowed them to discover the 3.5 billion mobile numbers using the app ...
CSO Online

Akira ransomware expands to Nutanix AHV, raising stakes for enterprise security

Once focused on SMBs, Akira has shifted to large enterprises across manufacturing, IT, healthcare, and finance, leveraging ...
CSO Online

Azure blocks record 15 Tbps DDoS attack as IoT botnets gain new firepower

Microsoft says the attack, sourced from more than 500,000 compromised IPs, exposes deep weaknesses in home IoT and raises ...
CSO Online

From code to boardroom: A GenAI GRC approach to supply chain risk

GenAI GRC flips supply chain risk from paperwork to real-time smarts, helping CISOs spot trouble early and keep the board ...
CSO Online

FCC reversal removes federal cyber safeguards targeting telecom weaknesses post-Salt Typhoon attacks

Security leaders call the rollback ‘shockingly incompetent,’ warning it removes critical controls implemented after one of ...
CSO Online

Fortinet’s silent patch sparks alarm as a critical FortiWeb flaw is exploited in the wild

Researchers say the flaw, affecting thousands of internet-facing FortiWeb instances, was exploited long before Fortinet ...
CSO OnlineOpinion

Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment

CISA has ordered agencies to patch the FortiWeb web application firewall within seven days after news of exploits emerged.
CSO Online

China‑linked PlushDaemon hijacks DNS via ‘EdgeStepper’ to weaponize software updates

A router implant is redirecting DNS traffic to attacker-controlled infrastructure, turning trusted update channels into ...