CSOonline
@csoonline.bsky.social
CSO empowers enterprise security leaders with critical insights to stay ahead of threats. Covering #cybersecurity from #riskmanagement to #networkdefense, we provide the expertise needed to defend against cybercrime.
Pinned
Think your failover plan is bulletproof? Think again. Outages hit harder than ever, and redundancy myths won’t save you. Learn how smart policies, automation, and testing keep traffic flowing when chaos strikes.
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
AI can transform cybersecurity—but without guardrails, it can mislead fast. Governance, human oversight, and smart frameworks aren’t optional; they’re essential. Here’s what every leader needs to know about managing AI risk.
spr.ly/63323CMbpJ
#FoundryExpert #AIinCybersecurity
spr.ly/63323CMbpJ
#FoundryExpert #AIinCybersecurity
December 16, 2025 at 8:35 PM
AI can transform cybersecurity—but without guardrails, it can mislead fast. Governance, human oversight, and smart frameworks aren’t optional; they’re essential. Here’s what every leader needs to know about managing AI risk.
spr.ly/63323CMbpJ
#FoundryExpert #AIinCybersecurity
spr.ly/63323CMbpJ
#FoundryExpert #AIinCybersecurity
When software fails, the ripple effect can be massive—like grounding 6,000 jets. This isn’t just an aviation story; it’s a wake-up call for software assurance and cybersecurity. Learn what went wrong and why it matters.
spr.ly/63328CMZxi
#FoundryExpert #CyberResilience
spr.ly/63328CMZxi
#FoundryExpert #CyberResilience
December 16, 2025 at 8:19 PM
When software fails, the ripple effect can be massive—like grounding 6,000 jets. This isn’t just an aviation story; it’s a wake-up call for software assurance and cybersecurity. Learn what went wrong and why it matters.
spr.ly/63328CMZxi
#FoundryExpert #CyberResilience
spr.ly/63328CMZxi
#FoundryExpert #CyberResilience
Security researchers have found that Urban VPN Proxy, a widely used free browser VPN extension with millions of installs, has been collecting and exporting full AI chat conversations from users’ browsers. www.csoonline.com/article/4106...
‘Featured’ Urban VPN caught stealing private AI chats
The browser extension injects scripts to capture AI prompts and responses even when the VPN features are disabled.
www.csoonline.com
December 16, 2025 at 3:00 PM
Security researchers have found that Urban VPN Proxy, a widely used free browser VPN extension with millions of installs, has been collecting and exporting full AI chat conversations from users’ browsers. www.csoonline.com/article/4106...
AI is rewriting the CISO playbook. The leaders who win won’t just automate—they’ll master power skills like data storytelling, ethics, and influence. Here’s what separates oversight from insight in the AI era.
spr.ly/63329CKr83
#FoundryExpert #CISOLeadership #AIinSecurity
spr.ly/63329CKr83
#FoundryExpert #CISOLeadership #AIinSecurity
December 15, 2025 at 8:59 PM
AI is rewriting the CISO playbook. The leaders who win won’t just automate—they’ll master power skills like data storytelling, ethics, and influence. Here’s what separates oversight from insight in the AI era.
spr.ly/63329CKr83
#FoundryExpert #CISOLeadership #AIinSecurity
spr.ly/63329CKr83
#FoundryExpert #CISOLeadership #AIinSecurity
One hacked port could disrupt America’s orange juice supply. If malware is already lurking in our docks, what else is at risk? Discover why one ship exposes a maritime cybersecurity crisis.
spr.ly/63320CKuAC
#FoundryExpert #CyberSecurity #SupplyChainRisk
spr.ly/63320CKuAC
#FoundryExpert #CyberSecurity #SupplyChainRisk
December 15, 2025 at 8:48 PM
One hacked port could disrupt America’s orange juice supply. If malware is already lurking in our docks, what else is at risk? Discover why one ship exposes a maritime cybersecurity crisis.
spr.ly/63320CKuAC
#FoundryExpert #CyberSecurity #SupplyChainRisk
spr.ly/63320CKuAC
#FoundryExpert #CyberSecurity #SupplyChainRisk
As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2025. www.csoonline.com/article/4102...
Cybersecurity leaders’ top seven takeaways from 2025
The year was marked by the acceleration of AI adoption by both defenders and attackers, greater third-party risks, and intensified governance pressure.
www.csoonline.com
December 15, 2025 at 2:43 PM
As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2025. www.csoonline.com/article/4102...
CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately.
www.csoonline.com/article/4106...
www.csoonline.com/article/4106...
CISA orders immediate patching as GeoServer flaw faces active exploitation
Federal agencies told to fix critical XXE vulnerability (CVE-2025-58360) in GeoServer after attackers gain a head start.
www.csoonline.com
December 15, 2025 at 2:40 PM
CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately.
www.csoonline.com/article/4106...
www.csoonline.com/article/4106...
Cybersecurity isn’t underfunded—it’s undermanaged. In this Foundry Expert Contributor article, discover why CISOs need a new leadership narrative to drive smarter security strategies at the top.
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
December 11, 2025 at 10:42 PM
Cybersecurity isn’t underfunded—it’s undermanaged. In this Foundry Expert Contributor article, discover why CISOs need a new leadership narrative to drive smarter security strategies at the top.
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
Researchers uncovered an unexpected behavior of HTTP client proxies when created in .NET code, potentially allowing attackers to write malicious code to arbitrary files. Microsoft does not plan to fix this issue in the .NET Framework. www.csoonline.com/article/4104...
Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix
Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy classes also accept non-HTTP URLs, a behavior developers are responsible to g...
www.csoonline.com
December 11, 2025 at 6:15 PM
Researchers uncovered an unexpected behavior of HTTP client proxies when created in .NET code, potentially allowing attackers to write malicious code to arbitrary files. Microsoft does not plan to fix this issue in the .NET Framework. www.csoonline.com/article/4104...
Ivanti has patched a critical vulnerability in Endpoint Manager that enables attackers to hijack administrator sessions without authentication and potentially control thousands of enterprise devices.
www.csoonline.com/article/4104...
www.csoonline.com/article/4104...
Hundreds of Ivanti EPM systems exposed online as critical flaw patched
Unauthenticated attackers can hijack admin sessions at companies managing enterprise endpoints
www.csoonline.com
December 11, 2025 at 6:13 PM
Ivanti has patched a critical vulnerability in Endpoint Manager that enables attackers to hijack administrator sessions without authentication and potentially control thousands of enterprise devices.
www.csoonline.com/article/4104...
www.csoonline.com/article/4104...
Adversaries aren’t just hacking—they’re hustling. These breach case studies reveal motives, missteps, and methods that matter for your defense. Learn why understanding attacker intent is now mission-critical.
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
December 11, 2025 at 12:18 AM
Adversaries aren’t just hacking—they’re hustling. These breach case studies reveal motives, missteps, and methods that matter for your defense. Learn why understanding attacker intent is now mission-critical.
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
Staff+ security engineers can transform enterprise security—if they scale their impact. Learn how to lead strategically and multiply outcomes without adding workload.
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
December 10, 2025 at 11:08 PM
Staff+ security engineers can transform enterprise security—if they scale their impact. Learn how to lead strategically and multiply outcomes without adding workload.
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
Quantum + AI = power and risk. As Q-Day looms, CISOs must brace for a new era of cybersecurity challenges. Here’s what’s coming.
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
December 10, 2025 at 11:02 PM
Quantum + AI = power and risk. As Q-Day looms, CISOs must brace for a new era of cybersecurity challenges. Here’s what’s coming.
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
Yes, attackers are experimenting with LLMs. Yes, AI can aid malware development or produce superficial polymorphism. But the narrative that AI automatically produces sophisticated malware or fundamentally breaks defenses is misleading. www.csoonline.com/article/4101...
Polymorphic AI malware exists — but it’s not what you think
Understanding AI malware and how to separate real operational risk from vendor hype.
www.csoonline.com
December 10, 2025 at 1:33 PM
Yes, attackers are experimenting with LLMs. Yes, AI can aid malware development or produce superficial polymorphism. But the narrative that AI automatically produces sophisticated malware or fundamentally breaks defenses is misleading. www.csoonline.com/article/4101...
Although cybersecurity is referenced hundreds of times across the NDAA, the legislation contains provisions that, once the law becomes effective, will mark significant shifts in how the US military manages major cybersecurity tasks. www.csoonline.com/article/4103...
Key cybersecurity takeaways from the 2026 NDAA
A 4.1% increase in military cyber funding in the FY2026 NDAA budget underpins new requirements for hardened mobile devices, AI security frameworks, and expanded DoD cyber workforce authorities.
www.csoonline.com
December 10, 2025 at 1:33 PM
Although cybersecurity is referenced hundreds of times across the NDAA, the legislation contains provisions that, once the law becomes effective, will mark significant shifts in how the US military manages major cybersecurity tasks. www.csoonline.com/article/4103...
Think your failover plan is bulletproof? Think again. Outages hit harder than ever, and redundancy myths won’t save you. Learn how smart policies, automation, and testing keep traffic flowing when chaos strikes.
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
December 9, 2025 at 10:41 PM
Think your failover plan is bulletproof? Think again. Outages hit harder than ever, and redundancy myths won’t save you. Learn how smart policies, automation, and testing keep traffic flowing when chaos strikes.
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
Cheaper security feels good—until a breach wipes out the savings. Learn why resilience must be baked into procurement decisions, not treated as an afterthought.
spr.ly/633277CepX
#FoundryExpert #Security #Budgeting
spr.ly/633277CepX
#FoundryExpert #Security #Budgeting
December 8, 2025 at 10:55 PM
Cheaper security feels good—until a breach wipes out the savings. Learn why resilience must be baked into procurement decisions, not treated as an afterthought.
spr.ly/633277CepX
#FoundryExpert #Security #Budgeting
spr.ly/633277CepX
#FoundryExpert #Security #Budgeting
A security flaw in the widely-used Apache Tika XML document extraction utility, originally made public last summer, is wider in scope and more serious than first thought, the project’s maintainers have warned.
www.csoonline.com/article/4102...
www.csoonline.com/article/4102...
Apache Tika hit by critical vulnerability thought to be patched months ago
The scope of an old PDF parsing flaw has been widened to include more Tika modules.
www.csoonline.com
December 8, 2025 at 10:55 PM
A security flaw in the widely-used Apache Tika XML document extraction utility, originally made public last summer, is wider in scope and more serious than first thought, the project’s maintainers have warned.
www.csoonline.com/article/4102...
www.csoonline.com/article/4102...
Reposted by CSOonline
AI browsers including Perplexity Comet and OpenAI’s ChatGPT Atlas present security risks that cannot be adequately mitigated, and enterprises should prevent employees using them, according to Gartner.
www.computerworld.com/article/4102...
www.computerworld.com/article/4102...
Keep AI browsers out of your enterprise, warns Gartner
They’re already in use but may lead to “irreversible and untraceable” data loss, analysts said.
www.computerworld.com
December 8, 2025 at 7:29 PM
AI browsers including Perplexity Comet and OpenAI’s ChatGPT Atlas present security risks that cannot be adequately mitigated, and enterprises should prevent employees using them, according to Gartner.
www.computerworld.com/article/4102...
www.computerworld.com/article/4102...
We’ve seen this movie before. Rapid adoption without governance leads to risk, complexity, and costly cleanup. AI is no different. Here’s how to set the rules before the tech runs wild.
spr.ly/633247C1sq
#FoundryExpert #RiskManagement #Security
spr.ly/633247C1sq
#FoundryExpert #RiskManagement #Security
December 8, 2025 at 4:28 PM
We’ve seen this movie before. Rapid adoption without governance leads to risk, complexity, and costly cleanup. AI is no different. Here’s how to set the rules before the tech runs wild.
spr.ly/633247C1sq
#FoundryExpert #RiskManagement #Security
spr.ly/633247C1sq
#FoundryExpert #RiskManagement #Security
Your browser is the new battleground. Modern attacks start there—and zero trust is your best defense. Learn how identity checks, device validation, and session lockdowns can stop threats before they spread.
spr.ly/633227CE7E
#BrowserSecurity #EndpointProtection #Security
spr.ly/633227CE7E
#BrowserSecurity #EndpointProtection #Security
December 8, 2025 at 4:18 PM
Your browser is the new battleground. Modern attacks start there—and zero trust is your best defense. Learn how identity checks, device validation, and session lockdowns can stop threats before they spread.
spr.ly/633227CE7E
#BrowserSecurity #EndpointProtection #Security
spr.ly/633227CE7E
#BrowserSecurity #EndpointProtection #Security
"The legislators behind NIS2 have failed to develop uniform and pragmatic security rules for implementation across Europe," says Raphael Reiß, CISO at EU HVAC giant Vaillant Group. www.csoonline.com/article/4101...
Vaillant CISO: NIS2 complexity and lack of clarity endanger its mission
Raphael Reiß, CISO at EU HVAC giant Vaillant Group, explains what cyber challenges his industry faces, including how to operate in a complex regulatory environment.
www.csoonline.com
December 8, 2025 at 2:11 PM
"The legislators behind NIS2 have failed to develop uniform and pragmatic security rules for implementation across Europe," says Raphael Reiß, CISO at EU HVAC giant Vaillant Group. www.csoonline.com/article/4101...
A growing number of CISOs see are building up offensive capabilities and integrating them into their security processes to ensure the information revealed during offensive exercises leads to improvements in their overall security posture. www.csoonline.com/article/4101...
Offensive security takes center stage in the AI era
A growing percentage of CISOs see OffSec as a must-have for improving their overall security posture — especially as AI cyber threats and threats to AI infrastructure rise.
www.csoonline.com
December 8, 2025 at 2:09 PM
A growing number of CISOs see are building up offensive capabilities and integrating them into their security processes to ensure the information revealed during offensive exercises leads to improvements in their overall security posture. www.csoonline.com/article/4101...