CSOonline
@csoonline.bsky.social
CSO empowers enterprise security leaders with critical insights to stay ahead of threats. Covering #cybersecurity from #riskmanagement to #networkdefense, we provide the expertise needed to defend against cybercrime.
Pinned
Think your failover plan is bulletproof? Think again. Outages hit harder than ever, and redundancy myths won’t save you. Learn how smart policies, automation, and testing keep traffic flowing when chaos strikes.
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
Cybersecurity isn’t underfunded—it’s undermanaged. In this Foundry Expert Contributor article, discover why CISOs need a new leadership narrative to drive smarter security strategies at the top.
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
December 11, 2025 at 10:42 PM
Cybersecurity isn’t underfunded—it’s undermanaged. In this Foundry Expert Contributor article, discover why CISOs need a new leadership narrative to drive smarter security strategies at the top.
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
Researchers uncovered an unexpected behavior of HTTP client proxies when created in .NET code, potentially allowing attackers to write malicious code to arbitrary files. Microsoft does not plan to fix this issue in the .NET Framework. www.csoonline.com/article/4104...
Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix
Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy classes also accept non-HTTP URLs, a behavior developers are responsible to g...
www.csoonline.com
December 11, 2025 at 6:15 PM
Researchers uncovered an unexpected behavior of HTTP client proxies when created in .NET code, potentially allowing attackers to write malicious code to arbitrary files. Microsoft does not plan to fix this issue in the .NET Framework. www.csoonline.com/article/4104...
Ivanti has patched a critical vulnerability in Endpoint Manager that enables attackers to hijack administrator sessions without authentication and potentially control thousands of enterprise devices.
www.csoonline.com/article/4104...
www.csoonline.com/article/4104...
Hundreds of Ivanti EPM systems exposed online as critical flaw patched
Unauthenticated attackers can hijack admin sessions at companies managing enterprise endpoints
www.csoonline.com
December 11, 2025 at 6:13 PM
Ivanti has patched a critical vulnerability in Endpoint Manager that enables attackers to hijack administrator sessions without authentication and potentially control thousands of enterprise devices.
www.csoonline.com/article/4104...
www.csoonline.com/article/4104...
Adversaries aren’t just hacking—they’re hustling. These breach case studies reveal motives, missteps, and methods that matter for your defense. Learn why understanding attacker intent is now mission-critical.
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
December 11, 2025 at 12:18 AM
Adversaries aren’t just hacking—they’re hustling. These breach case studies reveal motives, missteps, and methods that matter for your defense. Learn why understanding attacker intent is now mission-critical.
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
Staff+ security engineers can transform enterprise security—if they scale their impact. Learn how to lead strategically and multiply outcomes without adding workload.
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
December 10, 2025 at 11:08 PM
Staff+ security engineers can transform enterprise security—if they scale their impact. Learn how to lead strategically and multiply outcomes without adding workload.
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
Quantum + AI = power and risk. As Q-Day looms, CISOs must brace for a new era of cybersecurity challenges. Here’s what’s coming.
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
December 10, 2025 at 11:02 PM
Quantum + AI = power and risk. As Q-Day looms, CISOs must brace for a new era of cybersecurity challenges. Here’s what’s coming.
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
Yes, attackers are experimenting with LLMs. Yes, AI can aid malware development or produce superficial polymorphism. But the narrative that AI automatically produces sophisticated malware or fundamentally breaks defenses is misleading. www.csoonline.com/article/4101...
Polymorphic AI malware exists — but it’s not what you think
Understanding AI malware and how to separate real operational risk from vendor hype.
www.csoonline.com
December 10, 2025 at 1:33 PM
Yes, attackers are experimenting with LLMs. Yes, AI can aid malware development or produce superficial polymorphism. But the narrative that AI automatically produces sophisticated malware or fundamentally breaks defenses is misleading. www.csoonline.com/article/4101...
Although cybersecurity is referenced hundreds of times across the NDAA, the legislation contains provisions that, once the law becomes effective, will mark significant shifts in how the US military manages major cybersecurity tasks. www.csoonline.com/article/4103...
Key cybersecurity takeaways from the 2026 NDAA
A 4.1% increase in military cyber funding in the FY2026 NDAA budget underpins new requirements for hardened mobile devices, AI security frameworks, and expanded DoD cyber workforce authorities.
www.csoonline.com
December 10, 2025 at 1:33 PM
Although cybersecurity is referenced hundreds of times across the NDAA, the legislation contains provisions that, once the law becomes effective, will mark significant shifts in how the US military manages major cybersecurity tasks. www.csoonline.com/article/4103...
Think your failover plan is bulletproof? Think again. Outages hit harder than ever, and redundancy myths won’t save you. Learn how smart policies, automation, and testing keep traffic flowing when chaos strikes.
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
December 9, 2025 at 10:41 PM
Think your failover plan is bulletproof? Think again. Outages hit harder than ever, and redundancy myths won’t save you. Learn how smart policies, automation, and testing keep traffic flowing when chaos strikes.
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
Cheaper security feels good—until a breach wipes out the savings. Learn why resilience must be baked into procurement decisions, not treated as an afterthought.
spr.ly/633277CepX
#FoundryExpert #Security #Budgeting
spr.ly/633277CepX
#FoundryExpert #Security #Budgeting
December 8, 2025 at 10:55 PM
Cheaper security feels good—until a breach wipes out the savings. Learn why resilience must be baked into procurement decisions, not treated as an afterthought.
spr.ly/633277CepX
#FoundryExpert #Security #Budgeting
spr.ly/633277CepX
#FoundryExpert #Security #Budgeting
A security flaw in the widely-used Apache Tika XML document extraction utility, originally made public last summer, is wider in scope and more serious than first thought, the project’s maintainers have warned.
www.csoonline.com/article/4102...
www.csoonline.com/article/4102...
Apache Tika hit by critical vulnerability thought to be patched months ago
The scope of an old PDF parsing flaw has been widened to include more Tika modules.
www.csoonline.com
December 8, 2025 at 10:55 PM
A security flaw in the widely-used Apache Tika XML document extraction utility, originally made public last summer, is wider in scope and more serious than first thought, the project’s maintainers have warned.
www.csoonline.com/article/4102...
www.csoonline.com/article/4102...
Reposted by CSOonline
AI browsers including Perplexity Comet and OpenAI’s ChatGPT Atlas present security risks that cannot be adequately mitigated, and enterprises should prevent employees using them, according to Gartner.
www.computerworld.com/article/4102...
www.computerworld.com/article/4102...
Keep AI browsers out of your enterprise, warns Gartner
They’re already in use but may lead to “irreversible and untraceable” data loss, analysts said.
www.computerworld.com
December 8, 2025 at 7:29 PM
AI browsers including Perplexity Comet and OpenAI’s ChatGPT Atlas present security risks that cannot be adequately mitigated, and enterprises should prevent employees using them, according to Gartner.
www.computerworld.com/article/4102...
www.computerworld.com/article/4102...
We’ve seen this movie before. Rapid adoption without governance leads to risk, complexity, and costly cleanup. AI is no different. Here’s how to set the rules before the tech runs wild.
spr.ly/633247C1sq
#FoundryExpert #RiskManagement #Security
spr.ly/633247C1sq
#FoundryExpert #RiskManagement #Security
December 8, 2025 at 4:28 PM
We’ve seen this movie before. Rapid adoption without governance leads to risk, complexity, and costly cleanup. AI is no different. Here’s how to set the rules before the tech runs wild.
spr.ly/633247C1sq
#FoundryExpert #RiskManagement #Security
spr.ly/633247C1sq
#FoundryExpert #RiskManagement #Security
Your browser is the new battleground. Modern attacks start there—and zero trust is your best defense. Learn how identity checks, device validation, and session lockdowns can stop threats before they spread.
spr.ly/633227CE7E
#BrowserSecurity #EndpointProtection #Security
spr.ly/633227CE7E
#BrowserSecurity #EndpointProtection #Security
December 8, 2025 at 4:18 PM
Your browser is the new battleground. Modern attacks start there—and zero trust is your best defense. Learn how identity checks, device validation, and session lockdowns can stop threats before they spread.
spr.ly/633227CE7E
#BrowserSecurity #EndpointProtection #Security
spr.ly/633227CE7E
#BrowserSecurity #EndpointProtection #Security
"The legislators behind NIS2 have failed to develop uniform and pragmatic security rules for implementation across Europe," says Raphael Reiß, CISO at EU HVAC giant Vaillant Group. www.csoonline.com/article/4101...
Vaillant CISO: NIS2 complexity and lack of clarity endanger its mission
Raphael Reiß, CISO at EU HVAC giant Vaillant Group, explains what cyber challenges his industry faces, including how to operate in a complex regulatory environment.
www.csoonline.com
December 8, 2025 at 2:11 PM
"The legislators behind NIS2 have failed to develop uniform and pragmatic security rules for implementation across Europe," says Raphael Reiß, CISO at EU HVAC giant Vaillant Group. www.csoonline.com/article/4101...
A growing number of CISOs see are building up offensive capabilities and integrating them into their security processes to ensure the information revealed during offensive exercises leads to improvements in their overall security posture. www.csoonline.com/article/4101...
Offensive security takes center stage in the AI era
A growing percentage of CISOs see OffSec as a must-have for improving their overall security posture — especially as AI cyber threats and threats to AI infrastructure rise.
www.csoonline.com
December 8, 2025 at 2:09 PM
A growing number of CISOs see are building up offensive capabilities and integrating them into their security processes to ensure the information revealed during offensive exercises leads to improvements in their overall security posture. www.csoonline.com/article/4101...
Chinese state-sponsored threat actors are backdooring VMware vCenter and VMware ESXi servers with a malware program written in Go, allowing them to maintain long-term persistence in victim networks. www.csoonline.com/article/4101...
Chinese cyberspies target VMware vSphere for long-term persistence
CISA and the NSA warn that Chinese state-sponsored attackers are deploying malware dubbed BRICKSTORM on VMware servers to perform lateral movement inside victim networks.
www.csoonline.com
December 8, 2025 at 2:04 PM
Chinese state-sponsored threat actors are backdooring VMware vCenter and VMware ESXi servers with a malware program written in Go, allowing them to maintain long-term persistence in victim networks. www.csoonline.com/article/4101...
Researchers at Greynoise said they are seeing “opportunistic, largely automated exploitation attempts” trying to take advantage of the unsafe deserialization vulnerability in React Server Components (RSC). www.csoonline.com/article/4101...
Warning: React2Shell vulnerability already being exploited by threat actors
It has been seen spreading cryptojacking malware and in attempts to steal cloud credentials from compromised machines.
www.csoonline.com
December 8, 2025 at 2:03 PM
Researchers at Greynoise said they are seeing “opportunistic, largely automated exploitation attempts” trying to take advantage of the unsafe deserialization vulnerability in React Server Components (RSC). www.csoonline.com/article/4101...
A prolonged lack of management of valid authentication keys for signed access tokens issued to authenticators is believed to be the root cause of over 30 million accounts being exposed externally by ecommerce giant Coupang. www.csoonline.com/article/4101...
Coupang breach of 33.7 million accounts allegedly involved engineer insider
South Korea’s worst data breach in over a decade raises concerns about poor authentication key management and a potential insider threat.
www.csoonline.com
December 5, 2025 at 1:57 PM
A prolonged lack of management of valid authentication keys for signed access tokens issued to authenticators is believed to be the root cause of over 30 million accounts being exposed externally by ecommerce giant Coupang. www.csoonline.com/article/4101...
Johannes Ullrich, dean of research at the SANS Institute, says his organization’s honeypots last month detected a curious amount of traffic with server requests that include CDN-related headers. www.csoonline.com/article/4101...
Suspicious traffic could be testing CDN evasion, says expert
SANS Institute honeypots recently captured curious requests with CDN-related headers.
www.csoonline.com
December 5, 2025 at 1:55 PM
Johannes Ullrich, dean of research at the SANS Institute, says his organization’s honeypots last month detected a curious amount of traffic with server requests that include CDN-related headers. www.csoonline.com/article/4101...
The zero trust approach cybersecurity access control is more than 15 years old but organizations continue to struggle with its implementation due in large part to fragmented tooling and legacy infrastructure.
www.csoonline.com/article/4101...
www.csoonline.com/article/4101...
15 years in, zero trust remains elusive — with AI rising to complicate the challenge
Technology rethink urged as enterprises still struggle to achieve the full benefits of zero trust access control.
www.csoonline.com
December 5, 2025 at 1:52 PM
The zero trust approach cybersecurity access control is more than 15 years old but organizations continue to struggle with its implementation due in large part to fragmented tooling and legacy infrastructure.
www.csoonline.com/article/4101...
www.csoonline.com/article/4101...
Feeds tell you what’s out there. Flows tell you what’s coming for you. ULM transforms threat intelligence from static lists into actionable insight. Here’s how CISOs can operationalize intel for real defense:
spr.ly/6332474OHq
#FoundryExpert
spr.ly/6332474OHq
#FoundryExpert
December 4, 2025 at 11:02 PM
Feeds tell you what’s out there. Flows tell you what’s coming for you. ULM transforms threat intelligence from static lists into actionable insight. Here’s how CISOs can operationalize intel for real defense:
spr.ly/6332474OHq
#FoundryExpert
spr.ly/6332474OHq
#FoundryExpert
A longstanding problem with the way Windows handles LNK shortcut files, which attackers have been abusing for years to hide malicious commands in plain sight, may finally have been fixed, with more than one patch now available to users.
www.csoonline.com/article/4101...
www.csoonline.com/article/4101...
Windows shortcuts’ use as a vector for malware may be cut short
A third-party patch management company is cutting short attackers’ use of LNK files to smuggle in malicious commands, while Microsoft prefers to tell the whole story.
www.csoonline.com
December 4, 2025 at 3:59 PM
A longstanding problem with the way Windows handles LNK shortcut files, which attackers have been abusing for years to hide malicious commands in plain sight, may finally have been fixed, with more than one patch now available to users.
www.csoonline.com/article/4101...
www.csoonline.com/article/4101...
Reposted by CSOonline
Developers using the React 19 library for building application interfaces are urged to immediately upgrade to the latest version because of a critical vulnerability that can be easily exploited by an attacker to remotely run their own code. www.infoworld.com/article/4100...
Developers urged to immediately upgrade React, Next.js
Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert.
www.infoworld.com
December 4, 2025 at 3:39 PM
Developers using the React 19 library for building application interfaces are urged to immediately upgrade to the latest version because of a critical vulnerability that can be easily exploited by an attacker to remotely run their own code. www.infoworld.com/article/4100...