CSO Online

CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory

The guidance gives CISOs a way to press vendors on AI transparency, but analysts say the hard part will be proving that ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...
Hosted on MSN

CISA flags critical Linux flaw as ESPHome boosts local smart homes

CISA's addition of the 'Copy Fail' vulnerability to its KEV list signals urgent concern for federal systems and beyond. The flaw, affecting most Linux distributions released since 2017, can be ...
The Hacker News

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities ...
The Hacker News

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong.
The Verge

Anthropic’s Mythos rollout has missed America’s cybersecurity agency

CISA, embattled under the Trump administration, reportedly hasn’t gotten Anthropic’s powerful AI. CISA, embattled under the Trump administration, reportedly hasn’t gotten Anthropic’s powerful AI. is a ...
Wired

The US Government Will Ask Data Centers How Much Power They Use

The US federal government’s central energy information agency is planning to implement a mandatory nationwide survey of data centers focused on their energy use, according to a letter seen by WIRED.