CSO US First Look
The day's top cybersecurity news and in-depth coverage
May 22, 2025
Top 12 US cities for cybersecurity job and salary growth
These dozen cities stand out as the most promising destinations for cybersecurity professionals due to their strong job growth, rising salaries, and long-term career potential.
Read more
BadSuccessor: Unpatched Microsoft Active Directory attack enables domain takeover
Unprivileged users with permission to create objects inside an Active Directory organizational unit can abuse the new Delegated Managed Service Accounts (dMSA) feature to elevate their privilege to domain administrator.
GitHub package limit put law firm in security bind
A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and respond.
Critical flaw in OpenPGP.js raises alarms for encrypted email services
It could pose a serious risk to services like Proton Mail that use OpenPGP.js for client-side encryption.
Trust becomes an attack vector in the new campaign using trojanized KeePass
The attackâs success hinged on exploiting the assumed safety of open-source tools and the ease of impersonating legitimate software online.
