CSOonline
LightNews LightNews
csoonline.bsky.social
CSOonline
@csoonline.bsky.social
91 followers 22 following 240 posts
CSO empowers enterprise security leaders with critical insights to stay ahead of threats. Covering #cybersecurity from #riskmanagement to #networkdefense, we provide the expertise needed to defend against cybercrime.
Posts Media Videos Starter Packs
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 11h
Is your perimeter having an identity crisis?

Your biggest security risk might now sound exactly like your boss. AI clones identities so well that only zero-trust thinking can keep you safe.

Get the full story by #FoundryExpert Contributor, Chris Novak: spr.ly/633247Eajp

Headshot of a man with a beard wearing glasses, a suit jacket, and a patterned blue tie. He is smiling at the camera.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 17h
North Korea-aligned threat actor BlueNoroff, also known under aliases APT38 and TA444, has resurfaced with two new campaigns dubbed “GhostCall” and “GhostHire,” targeting executives, Web3 developers, and blockchain professionals.

www.csoonline.com/article/4081...
BlueNoroff reemerges with new campaigns for crypto theft and espionage
GhostCall and GhostHire use fake investor meetings and bogus recruiter tests to deliver cross-platform malware to blockchain and Web3 professionals.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 17h
The point at which quantum computers will be capable of breaking existing cryptographic algorithms — known as “Q-Day” — is approaching. Here's a rundown of the latest developments in post-quantum cryptography. www.csoonline.com/article/6548...
Notable post-quantum cryptography initiatives paving the way toward Q-Day
The security community is working toward cryptographic encryption that can withstand post-quantum threats as quantum’s ability to break existing algorithms looms. Here are the latest developments.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 18h
Is your organization ready to add agentic AI to its cybersecurity arsenal? Here are seven top use cases for your consideration.

www.csoonline.com/article/4079...
Top 7 agentic AI use cases for cybersecurity
Agentic AI is revolutionizing the IT world. Yet its greatest benefit may lie in strengthening cybersecurity.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 18h
Researchers at Varonis have discovered a turnkey plug-and-play toolkit, dubbed Atroposia, that even the least experienced threat actor can effectively use for just $200 a month.

www.csoonline.com/article/4080...
Atroposia malware kit lowers the bar for cybercrime — and raises the stakes for enterprise defenders
Researchers have discovered an inexpensive, full-featured malware-as-a-service kit combining vulnerability scanning, covert access, and DNS hijacking.
www.csoonline.com
2
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 1d
Volvo’s data scare shows how fast — and smart — you need to move after a breach, especially when the problem starts with a vendor.

Catch the full write-up by #FoundryExpert Contributor, Justin Tolman: spr.ly/633267Dtse

#Cyberattacks
#DataBreach
#IncidentResponse
A selfie of a man on an airplane, seated next to a window. Outside, the view includes airport tarmac, buildings, and a blue sky. The man has short hair and is wearing a dark-colored shirt.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 1d
Reactive security is dead. The ROC proves the future belongs to those who fuse cyber and finance before the next breach hits.

Catch the full write-up by #FoundryExpert Contributor, Vishaal Hariprasad: spr.ly/633277Dtgt

#Cyberattacks
#Malware
#Ransomware
Close-up of a smiling man with dark hair and a light complexion, wearing a blue suit jacket and a white shirt, standing in front of a reflective glass building.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 1d
As organizations increasingly rely on services providers to help manage critical systems and security operations – from cloud infrastructure and data platforms to managed security and AI services – the risk of exposure also grows.
www.csoonline.com/article/4075...
Do CISOs need to rethink service provider risk?
CISOs are charged with managing a vast ecosystem of MSPs and MSSPs, but are the usual processes fit for purpose as outsourced services become more complex and critical — and will AI force a rethink?
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 1d
Roughly 70% of security executives believe internal conflicts during a crisis cause more problems than the cyberattack itself.

www.csoonline.com/article/4079...
70% of CISOs say internal conflicts more damaging than cyberattacks
CISO-CEO tension and unclear authority under duress are imperiling incident response. CISOs must establish not only clear response plans but also leadership alliances centered on business value, advis...
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 1d
Days after cybersecurity analysts warned enterprises against installing OpenAI’s new Atlas browser, researchers have discovered a vulnerability that allows attackers to infect systems with malicious code, granting themselves access privileges, or deploy malware. www.csoonline.com/article/4080...
Atlas browser exploit lets attackers hijack ChatGPT memory
OpenAI’s Atlas browser is under scrutiny after researchers demonstrated how attackers can hijack ChatGPT memory and execute malicious code, without leaving traditional malware traces.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 2d
Go beyond data sovereignty promises to proof with five CSO controls: zero-trust, local keys, logs, validation and third-party attestation.

See what #FoundryExpert Contributor Michelle Buckner has to say: spr.ly/6332478dwG

#AccessControl
#Encryption
#ZeroTrust
Close-up of a woman with dark hair and a warm smile. She is wearing a black jacket over a red top. The background is plain white.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 2d
CISOs are dealing with rising risks, competing priorities, limited budgets, and more. Here, they cite the 10 issues that are top of mind today.

www.csoonline.com/article/4077...
The 10 biggest issues CISOs and cyber teams face today
From escalating AI-enabled threats to budgets that don’t scale alongside expanding threat landscapes, security leaders are reshaping their agendas to address several key long-standing and emerging con...
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 5d
Signal’s getting ahead of the quantum curve, adding new layers of encryption to keep your chats safe from tomorrow’s supercomputers.

Get the full story by #FoundryExpert Contributor, Sunil Gentyala: spr.ly/63321AhYfb

#Encryption #Security
A man with dark hair and sunglasses in a gray t-shirt. Behind him is blurred background with water and a cityscape. He's centered, looking directly at the camera with a neutral expression.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 5d
Detection’s not defense — if you can’t act in five minutes, you’re already losing the cyber war.

Get the full story by #FoundryExpert Contributor, Sean Heuer: spr.ly/63325AhYyJ

#CloudSecurity #CyberAttacks
A smiling man with short brown hair stands with arms crossed. He wears a blue polo shirt with "RESOLVE" on it and a smartwatch. A blurred city backdrop is visible.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 6d
As AI increasingly becomes the system of record for company meetings, adversarial techniques for manipulating the algorithm’s takeaways and actions items will sway business decisions and directions in subtle ways.

www.csoonline.com/article/4077...
Manipulating the meeting notetaker: The rise of AI summarization optimization
As AI increasingly becomes the system of record for company meetings, adversarial techniques for manipulating the algorithm’s takeaways and actions items will sway business decisions and directions in...
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 6d
Although one in four security leaders find themselves replaced after a ransomware attack, for example, other CISOs are finding incident-hardened experiences — with transparent and successful outcomes — to be increasingly sought after in the hiring market.

www.csoonline.com/article/4074...
Why must CISOs slay a cyber dragon to earn business respect?
Security leaders and industry experts weigh in on the complex calculus of CISOs’ internal clout.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 6d
Researchers at Edera say they have uncovered a critical boundary-parsing bug, dubbed TARmageddon (CVE-2025-62518), in the popular async-tar Rust library. And not only is it in this library, but also in its many forks, including the widely used tokio-tar.
www.csoonline.com/article/4077...
Serious vulnerability found in Rust library
Hole in the TAR library and its forks could lead to remote code execution.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 6d
Security researchers warn that MCP-based AI workflows can be vulnerable to malicious prompt injection attacks if session ID management was implemented insecurely on the MCP servers facilitating the connection. www.csoonline.com/article/4077...
Prompt hijacking puts MCP-based AI workflows at risk
An AI version of session hijacking can lead to attackers injecting malicious prompts into legitimate MCP communications.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 7d
Most GenAI pilots flop, but with better security, oversight and smart integration, enterprises can finally turn experiments into real impact.

Get expert perspective from #FoundryExpert Contributor, Virendra Singh Panwar spr.ly/63323A7LEL

#Privacy #APIs
A portrait of a young man with brown hair and a beard, wearing a light colored shirt against a gray background. He has brown eyes and a serious expression.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 7d
Security as a shared responsibility was a theme at Dreamforce, but what the conference didn’t address were weaknesses exposed by the recent spate of Salesforce-related breaches that affected more than 700 companies. www.csoonline.com/article/4076...
Salesforce’s glaring Dreamforce omission: Vital security lessons from Salesloft Drift
Salesforce failed to address the massive wave of OAuth breaches at its Dreamforce conference, but securing third-party authentication is paramount for the agentic future it seeks.
www.csoonline.com
1
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 7d
Cyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. Here are 12 tools to consider. www.csoonline.com/article/5747...
CAASM and EASM: Top 12 attack surface discovery and management tools
The main goal of cyber asset attack surface management (CAASM) and external attack surface management (EASM) tools is to protect information about a company’s security measures from attackers. Here ar...
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 7d
A month after a self-propagating worm was discovered in the open source NPM code repository, a similar worm has been found targeting Visual Studio Code extensions in open marketplaces.

www.csoonline.com/article/4076...
Self-propagating worm found in marketplaces for Visual Studio Code extensions
Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 8d
Privacy Sandbox, Google’s attempt to create an alternative to cookies, looks like it has reached the end of the line. The company has announced that it is discontinuing 11 Privacy Sandbox technologies — pretty much the entire gamut.
www.csoonline.com/article/4076...
Google kills its cookie killer
Privacy Sandbox discontinues most of its core technologies.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 8d
As ransomware attacks accelerate in speed and sophistication, 38% of security leaders rank AI-enabled ransomware as their top concern — the most frequently cited worry about AI-related security issues according to CSO’s new 2025 Security Priorities study. www.csoonline.com/article/4075...
AI-enabled ransomware attacks: CISO’s top security concern — with good reason
New surveys from CSO and CrowdStrike reveal growing fears that generative AI is accelerating ransomware attacks while defenders rush to harness the same technology to fight back.
www.csoonline.com
2 1
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 8d
Everyone’s worried about AGI, but the real threat’s already here — bots with keys to the kingdom. Until we secure them, creds remain the weak spot.

Don’t miss the full story from #FoundryExpert Contributor, Marc Manzano: spr.ly/63327AAcNt

#Cyberattacks
#Cybercrime
A man with short hair and a beard, wearing a gray hoodie, poses against a gray background. He has light skin, brown eyes, and ear piercings.