CSO US First Look
The day's top cybersecurity news and in-depth coverage
May 09, 2025
CVE funding crisis offers chance for vulnerability remediation rethink
Rising tide of vulnerabilities requires fresh approaches to risk mitigation. A sound security foundation, broad asset oversight, and threat intelligence supported by context can help.
Read more
The 8 security metrics that matter most
When it comes to assessing cybersecurity performance, the truth can be found in the numbers. Here are the essential KPIs to measure, monitor, and improve to ensure highly effective cyber operations.
Windows flaw exploited as zero-day by more groups than previously thought
Researchers found evidence that the CVE-2025-29824 privilege escalation flaw patched by Microsoft in April was known and used by the Play ransomware gang in addition to a group that Microsoft tracked as Storm-2460.
India-Pakistan conflict underscores your C-suiteâs need to prepare for war
Despite escalating geopolitical conflicts, most companies have not formalized up-to-date plans on how to navigate complex scenarios that could have dire impacts on their operations and business.
Security update causes new problem for Windows Hello for Business authentication
Second authentication glitch in a month affects a subset of Windows Hello for Business users.
Hackers booby trap NPM with cross-language imposter packages
Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node Package Manager registry instead of the original source.
