angry face emoji on mobile phone

Russia points finger at US for iPhone exploit campaign that also hit Kaspersky Lab

The Operation Triangulation surveillance campaign infects Apple iPhones without the need for user action and is difficult to detect.

green tree python

Attackers use Python compiled bytecode to evade detection

Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software.

A broken link in a digital chaing / weakness / vulnerability

MOVEit Transfer vulnerability appears to be exploited widely

A SQL injection vulnerability has been found in the MOVEit Transfer web application, allowing an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.


shutterstock deal merger acquisition

Top cybersecurity M&A deals for 2023

Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A...

A man and woman sit on opposite sides of an office desk, in discussion.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

Time-lapse photography of busy pedestrian traffic on a city street.

ISACA pledges to help grow cybersecurity workforce in Europe

ISACA will provide 20,000 free memberships to students across Europe and support the identification of qualified cybersecurity candidates for organizations.

data scientist analytics cybersecurity

BigID wants to let you tweak your data classifications manually

Sailing the seas of enterprise data may get easier, with BigID’s latest release. The company hopes to make discovery simpler by letting individual users tune its automated discovery engine to their own needs.

hacker handcuffs laptop cybercrime cyber crime arrested

What is the Cybercrime Atlas? How it can help disrupt cybercrime

The Cybercrime Atlas aims to map the cybercriminal ecosystem worldwide and allow global law enforcement agencies to access that information when fighting cybercrime.

05 malware

Gigabyte firmware component can be abused as a backdoor

Attackers can abuse the UEFI firmware to inject executable malware code into the Windows kernel, compromising systems.


Inactive, unmaintained Salesforce sites vulnerable to threat actors

Research highlights the risks posed by inactive Salesforce sites that continue to pull sensitive business data and can be easily exploited by malicious actors.



Trellix, Netskope announce new Amazon Security Lake support to enhance threat detection, remediation

Trellix expands XDR support for Amazon Security Lake while Netskope integrates its SSE platform with AWS’ centralized security data service.


Barracuda patches zero-day vulnerability exploited since October

The vulnerability stemmed from incomplete input validation of user-supplied .tar files.

InfoSec4TC Platinum Membership: Cyber Security Training Lifetime Access

What is federated Identity? How it works and its importance to enterprise security

Federated identity can be hugely beneficial for creating a solid user experience and better security, but it can be more costly and complex to implement.

fishing phishing survival competition different point of view

Phishing remained the top identity abuser in 2022: IDSA report

The survey revealed phishing as the most common identity-related incident in 2022, with “emails” as the most popular type.

major cyber attack global international cybersecurity

AI-automated malware campaigns coming soon, says Mikko Hyppönen

The industry pioneer also expects cybersecurity to remain a growth business for years and sees Russian hacktivists as demoralizing European infosec teams.