资讯

CSO Online4 天
June Patch Tuesday advice for CSOs: Defense-in-depth needed to stop RCEs
CVE-2025-47172 , a remote code execution vulnerability in Microsoft SharePoint Server. With a CVSS score of 8.8, he said this ...
CSO Online2 天
Fog ransomware gang abuses employee monitoring tool in unusual multi-stage attack
While Symantec couldn’t identify the initial infection vector used in the attack, Fog ransomware actors have used critical ...
CSO Online3 天
Smaller organizations nearing cybersecurity breaking point
Strained budgets, overstretched teams, and a rise in sophisticated threats is leading to plummeting security confidence among ...
CSO Online2 天
‘Dangerous’ vulnerability in GitLab Ultimate Enterprise Edition
A new vulnerability in GitLab’s Ultimate Enterprise Edition used for managing source code is “dangerous” and needs to be ...
CSO Online3 天
Phishing sites posing as DeepSeek downloads drop a proxy backdoor
BrowserVenom is a malicious implant that reroutes and manipulates web traffic to collect sensitive browsing data.
CSO Online3 天
Major infostealer network taken down in Interpol raid
Interpol, together with 26 countries and several cybersecurity companies, has carried out a major international operation ...
CSO Online3 天
CSO Awards 2025 showcase world-class security strategies
Winners will be recognized in-person at the CSO Conference + Awards at the Grand Hyatt Indian Wells Resort & Villas, Indian ...
CSO Online5 天
New npm threats can erase production systems with a single request
The packages carry backdoors that first collect environment information and then delete entire application directories.
CSO Online4 天
Forgotten patches: The silent killer
Blame often falls on individuals when systems go unpatched. But more often, it reflects a process failure. A silent patch ...
CSO Online5 天
Is attacker laziness enabled by genAI shortcuts making them easier to catch?
An OpenAI report details a variety of techniques that the model maker is deploying against various attack methods, especially ...
CSO Online6 天
Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
Chrome extensions were spotted leaking sensitive browser data like API keys, secrets, and tokens via unguarded HTTP ...
CSO Online3 天
FIN6 exploits HR workflows to breach corporate defenses
FIN6’s latest campaign combines professional rapport-building with cloud-hosted malware delivery to target sensitive HR ...