CSO US First Look
The day's top cybersecurity news and in-depth coverage
June 19, 2025
Third-party risk management is broken â but not beyond repair
TPRM today prioritizes fear of penalty over pursuit of real security. By investing in a comprehensive, targeted approach, organizations can reclaim TPRM as an essential part of their security strategies.
Read more
Critical flaw in AI agent dev tool Langflow under active exploitation
The vulnerability allows unauthenticated users to execute arbitrary Python code on servers through an unprotected API endpoint.
WormGPT returns: New malicious AI variants built on Grok and Mixtral uncovered
Cybercriminals are hijacking mainstream LLM APIs like Grok and Mixtral with jailbreak prompts to relaunch WormGPT as potent phishing and malware tools.
GitHub Actions attack renders even security-aware orgs vulnerable
Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk found out.
