CSO Online

Scammers try to trick LastPass users into giving up credentials by telling them they’re dead

Oddly worded pitch aimed at the living aims to get victims to click on a malicious link if they think the message isn’t for ...
CSO Online

Critical Microsoft WSUS flaw exploited in wild after insufficient patch

Enterprises are urged to apply out-of-band patches to a wide range of Windows Server versions aimed at fixing a Windows ...
CSO Online

UN agreement on cybercrime criticized over risks to cybersecurity researchers

The convention, up for ratification beginning this weekend, aims to improve response to cybercrime, but opponents say its ...
CSO Online

Lazarus group targets European drone makers in new espionage campaign

The latest phase of Operation Dreamjob is targeting European defense and UAV firms through fake job offers and trojanized ...
CSO Online

Quantum resistance and the Signal Protocol: From PQXDH to Triple Ratchet

Signal’s getting ahead of the quantum curve, adding new layers of encryption to keep your chats safe from tomorrow’s ...
CSO Online

Ransomware recovery perils: 40% of paying victims still lose their data

Paying the ransom is no guarantee of a smooth or even successful recovery of data. But that isn’t even the only issue ...
CSO Online

AI browsers can be abused by malicious AI sidebar extensions: Report

What SquareX discovered are malicious extensions that can spoof the legitimate AI sidebars people use for queries. Their goal ...
CSO Online

Google ‘Careers’ scam lands job seekers in credential traps

The phishing campaign impersonates Google’s recruiting team with fake “Book a Call” invites, using spoofed logins and HTML ...
CSO Online

Prompt hijacking puts MCP-based AI workflows at risk

An AI version of session hijacking can lead to attackers injecting malicious prompts into legitimate MCP communications.
CSO Online

Why must CISOs slay a cyber dragon to earn business respect?

Although one in four security leaders find themselves replaced after a ransomware attack, for example, other CISOs are ...
CSO Online

‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools

Researchers caution that the group’s rapid pivots and targeted filtering complicate detection and require behavior-based ...
CSO Online

Salesforce’s glaring Dreamforce omission: Vital security lessons from Salesloft Drift

Salesforce failed to address the massive wave of OAuth breaches at its Dreamforce conference, but securing third-party ...