CSO Online

Warning: React2Shell vulnerability already being exploited by threat actors

It has been seen spreading cryptojacking malware and in attempts to steal cloud credentials from compromised machines.
CSO Online

Insecure use of Signal app part of wider Department of Defense problem, suggests Senate report

The Signalgate scandal that enveloped US Secretary of Defense Pete Hegseth in March appears to be symptomatic of a wider lax ...
CSO Online

Chinese cyberspies target VMware vSphere for long-term persistence

CISA and the NSA warn that Chinese state-sponsored attackers are deploying malware dubbed BRICKSTORM on VMware servers to ...
CSO Online

Hardening browser security with zero-trust controls

Modern attacks hit the browser first, so zero trust flips the script — verify identity, check the device and lock down each ...
CSO Online

AI in CI/CD pipelines can be tricked into behaving badly

Malicious content in issues or pull requests can trick AI agents in CI/CD workflows into running privileged commands in an ...
CSO OnlineOpinion

Avoiding the next technical debt: Building AI governance before it breaks

AI is moving fast, but without early guardrails, it’ll cause the same messy debt we faced with cloud and APIs.
CSO Online

Cloudflare firewall reacts badly to React exploit mitigation

That vulnerability, tracked as CVE-2025-55182, enables attackers to remotely execute code on web servers running the React 19 ...