News

CSO Online2d
Hardcoded root credentials in Cisco Unified CM trigger max-severity alert
Static root credentials left in limited Unified Communications Manager builds could let attackers gain full control over ...
CSO Online2d
Second espionage-linked cyberattack hits ICC, exposing persistent threats to global justice systems
The breach, discovered during a high-profile NATO summit, highlights the ICC’s growing exposure to nation-state cyber ...
CSO Online5d
US DOJ makes progress combatting North Korean remote IT worker schemes
Two indictments, one arrest, and other actions across 16 states puts a dent in the illicit remote work schemes targeting US ...
CSO Online2d
Hunters International shuts ransomware operations, reportedly becomes an extortion-only gang
The report says that, unlike Hunters International, which combined data encryption with extortion, World Leaks operates as an ...
CSO Online1d
Verified, but vulnerable: Malicious extensions exploit IDE trust badges
Once thought to be a reliable indicator of trust, the blue ‘check’ icon next to an extension’s name can now be spoofed.
CSO Online2d
North Korean crypto thieves deploy custom Mac backdoor
Researchers warn that recent attack campaigns against Web3 and crypto startups by a North Korean APT group have leveraged a ...
CSO Online2d
Critical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacks
A misconfigured default in the MCP inspector tool allows attackers to execute arbitrary commands via CSRF and legacy browser ...
CSO Online13d
10 tough cybersecurity questions every CISO must answer
From anticipating new threats to balancing risk management and business enablement, CISOs face a range of complex challenges ...
CSO Online5d
AI supply chain threats loom — as security practices lag
Recent findings of AI ecosystem insecurities and attacks show how important MLSecOps is to securing AI strategies from ...
CSO Online4d
LLMs are guessing login URLs, and it’s a cybersecurity time bomb
Netcraft’s research shows AI-generated brand URLs are often wrong, with some pointing to phishing sites. Experts call for ...
CSO Online10d
Akamai proposes tool to defang cryptomining botnets
XMRogue would let defenders submit invalid mining job results from infected computers to get a proxy server banned from the ...
CSO Online8d
Don’t trust that email: It could be from a hacker using your printer to scam you
New research reveals a simple way threat actors are using Microsoft 365 Direct Send to phish employees, without even having ...