CSO Online

What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan

Perfect zero trust doesn't fit tough OT environments, so use a practical action plan to secure the entry points and keep ...
CSO Online

Hackers exploit critical PTC Windchill PLM software flaw

The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...
CSO Online

Proposed US law would make AI risk reporting a legal obligation

The bill seeks to close oversight gaps by forcing developers to disclose dangerous model behavior and security threats.
CSO Online

Cyberattacks pose a ‘threat to life’ in Australia

It’s impossible to exaggerate the danger that the country is facing from cyberattacks on its infrastructure, he said, ...
CSO Online

GDPR at 10: Landmark data protections, increasing business burden

While the enforcement of the GDPR is becoming significantly stricter in Europe, Europe’s data protection rules are facing ...
CSO Online

Trump sets post-quantum crypto deadlines, launches broader federal quantum initiative

New executive orders direct agencies to accelerate quantum-resistant encryption efforts and lay the groundwork for contractor ...
CSO Online

Rethinking the balance between AI oversight and innovation

CIOs face mounting pressure to support AI adoption across at speed — but at what risk? IT leaders shed light on how they’re ...
CSO OnlineOpinion

GRC is broken. FedRAMP 20x might fix it

The team behind FedRAMP 20x are attempting to address exactly that problem, pushing assurance towards automation, ...
CSO Online

Change your cyber risk strategy to meet AI threats, Five Eyes countries warn CSOs

The urgency is clear,’ says the statement from cyber security agencies, but some experts say the advice is too general and ...
CSO Online

Klue breach exposed Salesforce CRM data through stolen OAuth tokens

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
CSO Online

How a malicious AI agent skill passed security checks and reached 26,000 users

AIR says static scanning failed to detect a skill that redirected to a controlled domain and later altered its payload.
CSO Online

Attackers exploit Cisco Unified CM flaw weeks after patch release

New activity targets CVE‑2026‑20230, an SSRF bug that can allow unauthenticated file writes and potential root‑level access ...