22+ hour, 38+ min ago  (569+ words) Researchers have uncovered a previously undocumented Russian group that makes extensive use of large language models (LLMs) in its attacks against private, government, and military organizations in Ukraine. It uses a variety of attack vectors along with custom malware, with…...

23+ hour, 7+ min ago  (788+ words) Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026." A cybersecurity researcher going by the name Nightmare Eclipse, who has disclosed several cybersecurity…...

1+ day, 13+ hour ago  (430+ words) Two arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor's XML configuration files, with both flaws rated High at CVSS 7. 8. The flaws, tracked as CVE-2026-48778 and CVE…...

1+ day, 14+ hour ago  (28+ words) Analyzing SEC 10-K filings reveals that while CISOs handle cybersecurity under the CIO, companies rely on the NIST framework to address growing AI and supply chain risks....

1+ day, 14+ hour ago  (561+ words) Ransomware operators have spent years refining the art of locking files. Now, some are working harder to get those lockers to every reachable system first. "Modern ransomware is no longer just about encrypting files," said Paul Reid, vice president of…...

1+ day, 16+ hour ago  (898+ words) Big tech firms continue to push back against fines levied for alleged violations of European data protection law, in what could be a harbinger for AI regulations to come. While lawyers and experts quizzed by CSO broadly argue that big…...

1+ day, 21+ hour ago  (692+ words) Open source code is everywhere in the enterprise; it's estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But open source code is notoriously rife with vulnerabilities, and identifying and patching those bugs can be…...

2+ day, 10+ hour ago  (558+ words) Taking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers. The Glass Worm campaign disruption comes at a moment when attackers can quickly reconstitute, and defenders are increasingly grappling with a new…...

2+ day, 10+ hour ago  (436+ words) Exploitation timelines are reducing significantly," the agency warned in the advisory, adding that attacks are expected to become increasingly autonomous." Security analysts said the headline 12-hour expectation is likely to force enterprises to rethink traditional weekly or monthly patching cycles,…...

2+ day, 12+ hour ago  (1183+ words) CIOs rushing to roll out AI agents without real visibility into their decision-making processes are flirting with disaster. According to AI experts, deploying agents without observability processes and tools creates a ticking time bomb with the potential for huge negative…...