CSOonline
@csoonline.bsky.social
CSO empowers enterprise security leaders with critical insights to stay ahead of threats. Covering #cybersecurity from #riskmanagement to #networkdefense, we provide the expertise needed to defend against cybercrime.
What’s on the modern CISO’s bucket list? Hint: It’s not more firefighting. Discover how leaders are reclaiming time, leveraging AI, and driving human-led transformation.
spr.ly/63321CTnnb
#FoundryExpert #CISO #Cybersecurity
spr.ly/63321CTnnb
#FoundryExpert #CISO #Cybersecurity
The innovative CISO's bucket list: Human-led transformation at the core
Today’s CISOs want less firefighting and more impact, using AI to clear busywork, unite teams and refocus security on people and business value.
spr.ly
December 19, 2025 at 11:12 PM
What’s on the modern CISO’s bucket list? Hint: It’s not more firefighting. Discover how leaders are reclaiming time, leveraging AI, and driving human-led transformation.
spr.ly/63321CTnnb
#FoundryExpert #CISO #Cybersecurity
spr.ly/63321CTnnb
#FoundryExpert #CISO #Cybersecurity
WatchGuard has issued an urgent patch alert for its Firebox firewall appliances after discovering a critical-rated vulnerability that is under exploit by threat actors.
www.csoonline.com/article/4109...
www.csoonline.com/article/4109...
WatchGuard fixes ‘critical’ zero-day allowing firewall takeover
“Threat actors are actively attempting to exploit this vulnerability in the wild,” warns vendor.
www.csoonline.com
December 19, 2025 at 6:43 PM
WatchGuard has issued an urgent patch alert for its Firebox firewall appliances after discovering a critical-rated vulnerability that is under exploit by threat actors.
www.csoonline.com/article/4109...
www.csoonline.com/article/4109...
A maximum severity remote code execution vulnerability in the HPE OneView network and systems management suite is “bad” and needs to be patched immediately, says a cybersecurity expert.
www.csoonline.com/article/4109...
www.csoonline.com/article/4109...
HPE OneView vulnerable to remote code execution attack
An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately.
www.csoonline.com
December 19, 2025 at 6:25 PM
A maximum severity remote code execution vulnerability in the HPE OneView network and systems management suite is “bad” and needs to be patched immediately, says a cybersecurity expert.
www.csoonline.com/article/4109...
www.csoonline.com/article/4109...
A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user’s conversations in real time by manipulating the app’s device pairing or linking routine.
www.csoonline.com/article/4108...
www.csoonline.com/article/4108...
WhatsApp accounts targeted in ‘GhostPairing’ attack
A new attack abusing a legitimate device pairing feature of the app could be used to penetrate employee WhatsApp Groups.
www.csoonline.com
December 18, 2025 at 7:37 PM
A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user’s conversations in real time by manipulating the app’s device pairing or linking routine.
www.csoonline.com/article/4108...
www.csoonline.com/article/4108...
Human-in-the-loop (HITL) safeguards that AI agents rely on can be subverted, allowing attackers to weaponize them to run malicious code, new research from CheckMarx shows.
www.csoonline.com/article/4108...
www.csoonline.com/article/4108...
Human-in-the-loop isn’t enough: New attack turns AI safeguards into exploits
Checkmarx research shows how “Lies-in-the-Loop” (LITL) can forge approval dialogs, tricking users into greenlighting malicious code.
www.csoonline.com
December 18, 2025 at 7:36 PM
Human-in-the-loop (HITL) safeguards that AI agents rely on can be subverted, allowing attackers to weaponize them to run malicious code, new research from CheckMarx shows.
www.csoonline.com/article/4108...
www.csoonline.com/article/4108...
Smaller firms are far less likely than multinationals to protect their CISOs from personal liability for security breaches, according to a study by RSAC.
www.csoonline.com/article/4107...
www.csoonline.com/article/4107...
D&O liability protection rising for security leaders — unless you’re a midtier CISO
Smaller firms are less likely to protect CISOs from personal liability for security breaches, ‘which can deter highly qualified professionals from accepting these roles,’ lawyer tells CSO.
www.csoonline.com
December 18, 2025 at 7:35 PM
Smaller firms are far less likely than multinationals to protect their CISOs from personal liability for security breaches, according to a study by RSAC.
www.csoonline.com/article/4107...
www.csoonline.com/article/4107...
Cisco has warned that a China-linked hacking group is actively exploiting a previously unknown vulnerability in its Secure Email appliances to gain persistent access.
www.csoonline.com/article/4108...
www.csoonline.com/article/4108...
Cisco confirms zero-day exploitation of Secure Email products
The unpatched flaw affects AsyncOS-based Secure Email appliances, with Cisco investigating scope and urging rebuilds in confirmed compromise cases.
www.csoonline.com
December 18, 2025 at 7:35 PM
Cisco has warned that a China-linked hacking group is actively exploiting a previously unknown vulnerability in its Secure Email appliances to gain persistent access.
www.csoonline.com/article/4108...
www.csoonline.com/article/4108...
AI can transform cybersecurity—but without guardrails, it can mislead fast. Governance, human oversight, and smart frameworks aren’t optional; they’re essential. Here’s what every leader needs to know about managing AI risk.
spr.ly/63323CMbpJ
#FoundryExpert #AIinCybersecurity
spr.ly/63323CMbpJ
#FoundryExpert #AIinCybersecurity
December 16, 2025 at 8:35 PM
AI can transform cybersecurity—but without guardrails, it can mislead fast. Governance, human oversight, and smart frameworks aren’t optional; they’re essential. Here’s what every leader needs to know about managing AI risk.
spr.ly/63323CMbpJ
#FoundryExpert #AIinCybersecurity
spr.ly/63323CMbpJ
#FoundryExpert #AIinCybersecurity
When software fails, the ripple effect can be massive—like grounding 6,000 jets. This isn’t just an aviation story; it’s a wake-up call for software assurance and cybersecurity. Learn what went wrong and why it matters.
spr.ly/63328CMZxi
#FoundryExpert #CyberResilience
spr.ly/63328CMZxi
#FoundryExpert #CyberResilience
December 16, 2025 at 8:19 PM
When software fails, the ripple effect can be massive—like grounding 6,000 jets. This isn’t just an aviation story; it’s a wake-up call for software assurance and cybersecurity. Learn what went wrong and why it matters.
spr.ly/63328CMZxi
#FoundryExpert #CyberResilience
spr.ly/63328CMZxi
#FoundryExpert #CyberResilience
Security researchers have found that Urban VPN Proxy, a widely used free browser VPN extension with millions of installs, has been collecting and exporting full AI chat conversations from users’ browsers. www.csoonline.com/article/4106...
‘Featured’ Urban VPN caught stealing private AI chats
The browser extension injects scripts to capture AI prompts and responses even when the VPN features are disabled.
www.csoonline.com
December 16, 2025 at 3:00 PM
Security researchers have found that Urban VPN Proxy, a widely used free browser VPN extension with millions of installs, has been collecting and exporting full AI chat conversations from users’ browsers. www.csoonline.com/article/4106...
AI is rewriting the CISO playbook. The leaders who win won’t just automate—they’ll master power skills like data storytelling, ethics, and influence. Here’s what separates oversight from insight in the AI era.
spr.ly/63329CKr83
#FoundryExpert #CISOLeadership #AIinSecurity
spr.ly/63329CKr83
#FoundryExpert #CISOLeadership #AIinSecurity
December 15, 2025 at 8:59 PM
AI is rewriting the CISO playbook. The leaders who win won’t just automate—they’ll master power skills like data storytelling, ethics, and influence. Here’s what separates oversight from insight in the AI era.
spr.ly/63329CKr83
#FoundryExpert #CISOLeadership #AIinSecurity
spr.ly/63329CKr83
#FoundryExpert #CISOLeadership #AIinSecurity
One hacked port could disrupt America’s orange juice supply. If malware is already lurking in our docks, what else is at risk? Discover why one ship exposes a maritime cybersecurity crisis.
spr.ly/63320CKuAC
#FoundryExpert #CyberSecurity #SupplyChainRisk
spr.ly/63320CKuAC
#FoundryExpert #CyberSecurity #SupplyChainRisk
December 15, 2025 at 8:48 PM
One hacked port could disrupt America’s orange juice supply. If malware is already lurking in our docks, what else is at risk? Discover why one ship exposes a maritime cybersecurity crisis.
spr.ly/63320CKuAC
#FoundryExpert #CyberSecurity #SupplyChainRisk
spr.ly/63320CKuAC
#FoundryExpert #CyberSecurity #SupplyChainRisk
As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2025. www.csoonline.com/article/4102...
Cybersecurity leaders’ top seven takeaways from 2025
The year was marked by the acceleration of AI adoption by both defenders and attackers, greater third-party risks, and intensified governance pressure.
www.csoonline.com
December 15, 2025 at 2:43 PM
As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2025. www.csoonline.com/article/4102...
CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately.
www.csoonline.com/article/4106...
www.csoonline.com/article/4106...
CISA orders immediate patching as GeoServer flaw faces active exploitation
Federal agencies told to fix critical XXE vulnerability (CVE-2025-58360) in GeoServer after attackers gain a head start.
www.csoonline.com
December 15, 2025 at 2:40 PM
CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately.
www.csoonline.com/article/4106...
www.csoonline.com/article/4106...
Cybersecurity isn’t underfunded—it’s undermanaged. In this Foundry Expert Contributor article, discover why CISOs need a new leadership narrative to drive smarter security strategies at the top.
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
December 11, 2025 at 10:42 PM
Cybersecurity isn’t underfunded—it’s undermanaged. In this Foundry Expert Contributor article, discover why CISOs need a new leadership narrative to drive smarter security strategies at the top.
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
Read here: spr.ly/63324CDHZ8
#FoundryExpert #CyberSecurity #CISOLeadership
Researchers uncovered an unexpected behavior of HTTP client proxies when created in .NET code, potentially allowing attackers to write malicious code to arbitrary files. Microsoft does not plan to fix this issue in the .NET Framework. www.csoonline.com/article/4104...
Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix
Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy classes also accept non-HTTP URLs, a behavior developers are responsible to g...
www.csoonline.com
December 11, 2025 at 6:15 PM
Researchers uncovered an unexpected behavior of HTTP client proxies when created in .NET code, potentially allowing attackers to write malicious code to arbitrary files. Microsoft does not plan to fix this issue in the .NET Framework. www.csoonline.com/article/4104...
Ivanti has patched a critical vulnerability in Endpoint Manager that enables attackers to hijack administrator sessions without authentication and potentially control thousands of enterprise devices.
www.csoonline.com/article/4104...
www.csoonline.com/article/4104...
Hundreds of Ivanti EPM systems exposed online as critical flaw patched
Unauthenticated attackers can hijack admin sessions at companies managing enterprise endpoints
www.csoonline.com
December 11, 2025 at 6:13 PM
Ivanti has patched a critical vulnerability in Endpoint Manager that enables attackers to hijack administrator sessions without authentication and potentially control thousands of enterprise devices.
www.csoonline.com/article/4104...
www.csoonline.com/article/4104...
Adversaries aren’t just hacking—they’re hustling. These breach case studies reveal motives, missteps, and methods that matter for your defense. Learn why understanding attacker intent is now mission-critical.
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
December 11, 2025 at 12:18 AM
Adversaries aren’t just hacking—they’re hustling. These breach case studies reveal motives, missteps, and methods that matter for your defense. Learn why understanding attacker intent is now mission-critical.
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
spr.ly/63323CBYjt
#FoundryExpert #InfoSecLeadership #CyberRisk
Staff+ security engineers can transform enterprise security—if they scale their impact. Learn how to lead strategically and multiply outcomes without adding workload.
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
December 10, 2025 at 11:08 PM
Staff+ security engineers can transform enterprise security—if they scale their impact. Learn how to lead strategically and multiply outcomes without adding workload.
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
spr.ly/63320CBgNk
#FoundryExpert #CyberLeadership #SecurityStrategy
Quantum + AI = power and risk. As Q-Day looms, CISOs must brace for a new era of cybersecurity challenges. Here’s what’s coming.
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
December 10, 2025 at 11:02 PM
Quantum + AI = power and risk. As Q-Day looms, CISOs must brace for a new era of cybersecurity challenges. Here’s what’s coming.
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
spr.ly/63321CBgYS
#FoundryExpert #Cybersecurity #QuantumComputing
Yes, attackers are experimenting with LLMs. Yes, AI can aid malware development or produce superficial polymorphism. But the narrative that AI automatically produces sophisticated malware or fundamentally breaks defenses is misleading. www.csoonline.com/article/4101...
Polymorphic AI malware exists — but it’s not what you think
Understanding AI malware and how to separate real operational risk from vendor hype.
www.csoonline.com
December 10, 2025 at 1:33 PM
Yes, attackers are experimenting with LLMs. Yes, AI can aid malware development or produce superficial polymorphism. But the narrative that AI automatically produces sophisticated malware or fundamentally breaks defenses is misleading. www.csoonline.com/article/4101...
Although cybersecurity is referenced hundreds of times across the NDAA, the legislation contains provisions that, once the law becomes effective, will mark significant shifts in how the US military manages major cybersecurity tasks. www.csoonline.com/article/4103...
Key cybersecurity takeaways from the 2026 NDAA
A 4.1% increase in military cyber funding in the FY2026 NDAA budget underpins new requirements for hardened mobile devices, AI security frameworks, and expanded DoD cyber workforce authorities.
www.csoonline.com
December 10, 2025 at 1:33 PM
Although cybersecurity is referenced hundreds of times across the NDAA, the legislation contains provisions that, once the law becomes effective, will mark significant shifts in how the US military manages major cybersecurity tasks. www.csoonline.com/article/4103...
Think your failover plan is bulletproof? Think again. Outages hit harder than ever, and redundancy myths won’t save you. Learn how smart policies, automation, and testing keep traffic flowing when chaos strikes.
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
December 9, 2025 at 10:41 PM
Think your failover plan is bulletproof? Think again. Outages hit harder than ever, and redundancy myths won’t save you. Learn how smart policies, automation, and testing keep traffic flowing when chaos strikes.
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity
spr.ly/633247hNue
#FoundryExpert #CyberResilience #ITSecurity