CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...
CSO Online

Zero-day exploits hit Cisco ISE and Citrix systems in an advanced campaign

According to the Amazon Threat Intelligence team, attackers exploited bugs in Cisco and Citrix appliances before they were ...
CSO Online

What CISOs need to know about new tools for securing MCP servers

As MCP servers become more popular, so do the risks. To address some of the risks many vendors have started to offer products ...
CSO Online

Google asks US court to shut down Lighthouse phishing-as-a-service operation

Google is asking to a US court for help in dismantling the infrastructure behind the Lighthouse phishing-as-a-service ...
CSO Online

UK cybersecurity bill brings tougher rules for critical infrastructure

Healthcare, energy, transport, and digital services face stricter compliance rules as ministers gain powers to intervene ...
CSO Online

The security leaders who turned their frustrations into companies

Former CISOs share their experience after successfully founding security companies. CSO spoke to Paul Hadjy, Joe Silva, Chris ...
CSO Online

Enterprise network security blighted by legacy and unpatched systems

End-of-life devices remain a pervasive security concern in the enterprise, as do poorly segmented networks, unpatched systems ...
CSO Online

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
CSO Online

November Patch Tuesday: Zero day Windows kernel flaw in servers, controllers, and PCs

Also of importance are a Kerberos vulnerability in Active Directory, a Visual Studio Copilot extension, and a Microsoft ...
CSO Online

Beyond the checklist: Shifting from compliance frameworks to real-time risk assessments

Combine structured frameworks with a customizable assessment model to turn strategic fog into prioritized remediation plans ...
CSO Online

Senate moves to restore lapsed cybersecurity laws after shutdown

The continuing resolution would extend CISA 2015 and the Federal Cybersecurity Enhancement Act, reinstating liability shields ...
CSO Online

CISOs must prove the business value of cyber — the right metrics can help

CISOs still struggle to prove the value of their security programs using metrics that their business leaders so desperately ...