CSO Online

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...
CSO Online

Why some security fixes never reach your vulnerability dashboard

CVE was built to track code flaws with fixes. It’s now being stretched to cover malware and supply chain incidents that don’t ...
CSO Online

Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix

Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to ...
CSO Online

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

The latest SHub macOS infostealer variant abandons Terminal-based ClickFix tactics for AppleScript execution, using fake ...
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today ...
CSO Online

GitHub scales back bug bounties, reminds users security is their responsibility too

The cloud code repository asks security researchers to cut out the AI-generated noise and focus on reporting security ...
CSO Online

Contractor’s public GitHub account exposed GovCloud and CISA credentials

This kind of exposure happens with alarming frequency,’ said an expert; here’s what CSOs and CIOs should do to protect ...
CSO Online

Microsoft May security patch fails for some due to boot partition size glitch

Consultants see the problem eating away at valuable patch resources because of a lack of Microsoft update hygiene ...
CSO Online

‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit

Elevation of privilege flaw in Cloud Filter driver reappears, raising concerns over regression vulnerabilities in Windows.
CSO Online

Internet Explorer may be dead, but its ghost still runs malware

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...
CSO Online

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
CSO Online

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to ...