News
NPM ecosystem hit with two new supply chain compromises
1+ day, 14+ hour ago (493+ words) Attacks targeting developer ecosystems are increasing in frequency and sophistication, with Node.js developers firmly in this week’s crosshairs, as multiple npm packages belonging to the open-source AsyncAPI and Jscrambler Code Integrity were poisoned with malware following compromised development credentials....
New Windows Bind Link techniques let attackers evade EDR, security controls
9+ hour, 13+ min ago (524+ words) Attackers who already have administrator privileges on a Windows machine have newer ways to slip past endpoint security without exploiting a vulnerable driver or modifying trusted binaries. Bitdefender researchers have warned against three techniques that abuse Windows Bind Links, a…...
New bugs in Claude for Chrome allow extensions to abuse AI privileges
11+ hour, 57+ min ago (366+ words) Two vulnerabilities found in Anthropic’s Claude for Chrome extension remain exploitable months after they were reported to the company, a research by Manifold Security noted. According to the researchers, the flaws can allow a malicious browser extension to trigger Claude…...
When 80,000 fans log on at once: The 2026 World Cup's unique cybersecurity issues
19+ hour, 49+ min ago (472+ words) With the World Cup in full swing, stadiums across North America are currently accommodating thousands of fans every match day. That said, the stadiums’ biggest security challenge isn’t of a physical nature. In this article, we’ll examine the World Cup…...
Cybersecurity needs more prevention and less reliance on cure
5+ day, 12+ hour ago (722+ words) Ask any medical doctor, and they’ll tell you that prevention is better than cure. It’s more cost-effective and it has better outcomes. The same is true in cybersecurity. But we believe that our industry has veered too far away from…...
Patch Tuesday roundup: Microsoft fixes a monthly record 569 holes; SAP patches a critical memory corruption bug
1+ day, 12+ hour ago (808+ words) Earlier this month Microsoft warned that, because the latest AI models can now help discover vulnerabilities, CSOs will see a higher volume of security updates every month. It wasn’t kidding. Today the company issued a record number of patches, with…...
Phishing for dummies: Forg365 lowers barrier to M365 account takeovers
1+ day, 12+ hour ago (639+ words) A newly documented phishing-as-a-service platform distributed through Telegram is lowering the technical barrier to Microsoft 365 account takeovers by giving less-skilled attackers automated tools to evade some authentication controls and retain access after compromise. Forg365 was offered with a five-day free trial,…...
Governments to enterprises: Improve your router security hygiene
1+ day, 21+ hour ago (631+ words) Global security agencies say enterprises must clean up their act as Russian government-sponsored attackers exploit weaknesses in routers. They then transfer configuration files to servers they control. These files, containing plaintext or weakly-encoded information like credentials, or details about the…...
Vendors and Providers
11+ mon, 3+ day ago (286+ words) | News, how-tos, features, reviews, and videos With AI and generative AI capabilities on the rise, a shift toward consolidation and platforms over point solutions is redefining the IT security market — as well as its leading vendors. With the two new…...
SASE in the spotlight as businesses prioritize edge network security
2+ day, 11+ hour ago (547+ words) Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller…...