Cybersecurity

• Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. • This final Patch Tuesday of 2025 tackles one zero-day

• A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian u

• Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure Actions for Operational Technology Owners and Operators to Take Today to Mitiga

• China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday s

• a NIST blog Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on

• AI is rapidly becoming the backbone of our world, promising unprecedented productivity and innovation. • But as organizations deploy AI agents to unlock new opportunities and dri

• Preparing for Threats to Come: Cybersecurity Forecast 2026 Blog and Content Manager Visibility and context on the threats that matter most. • Every November, we make it our missi

• Space infrastructure is evolving from exclusive government and military operations into critical commercial applications - includingnavigation systems,satellite internet, andgeos

• a NIST blog Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. • Over the past few months, NIST

• CISA Shares Lessons Learned from an Incident Response Engagement Advisory at a Glance Executive Summary | CISA began incident response efforts at a U.S. • federal civilian execut

• Official websites use .govA.govwebsite belongs to an official government organization in the United States. • Secure .gov websites use HTTPSAlock(LockA locked padlock) orhttps://

• Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System Executive summary People’s Republic of China (PRC) state-sponsored cybe

• AWS Open Source Blog Powering AI-Driven Security with the Open Cybersecurity Schema Framework As organizations continue to innovate and scale their operations, security teams fac

• CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization Summary The Cybersecurity and Infrast

• #StopRansomware: Interlock Actions for Organizations to Take Today to Mitigate Cyber Threats Related to Interlock Ransomware Activity Prevent initial access by implementing domai

• Ransomware actors target unpatched SimpleHelp RMM to breach utility billing software provider customers. • Vulnerability CVE-2024-57727, a path traversal flaw, exploited in Simpl

• NICE Framework updated in 2020 to integrate emerging tech, especially AI, into cybersecurity workforce planning. • Stakeholder dialogues span federal agencies, industry, academia

• NIST held Cybersecurity & AI Profile Workshop to gather feedback on CSF and AI RMF profiles. • Profiles aim to guide adoption of AI in cybersecurity and defend against AI-enabled

• FBI & CISA issue joint advisory on LummaC2 infostealer targeting critical infrastructure. • Malware infiltrates networks, exfiltrates sensitive data via spearphishing links and a

• AI is accelerating threat sophistication, enabling attackers to craft more convincing phishing campaigns. • Machine‑learning models are used to generate polymorphic malware that

• NIST’s 2020 IoT Cybersecurity Improvement Act mandated five‑year guideline reviews. • IR 8259 set foundational cybersecurity activities for IoT manufacturers. • IR 8259A/B expand

• Russian GRU’s 85th GTsSS unit 26165 targets Western logistics and tech firms. • Campaign focuses on coordination, transport, delivery of foreign aid to Ukraine. • Uses known TTPs

• NIST celebrates National Small Business Week, spotlighting SMBs’ vital role in U.S. economy and cybersecurity. • 34.8 million SMBs, 99% of U.S. businesses, 81.7% having no paid e

• Yelp transitioned to fully remote, requiring secure, consistent access for a globally distributed workforce. • Existing VPN (Ivanti Pulse Secure) was unreliable, prompting a sear

• Fast flux hides malicious server locations by rapidly changing DNS records. • Enables cybercriminals and nation-state actors to evade detection and maintain C2. • Resilient, high

• Identify vendor security posture through comprehensive risk assessment. • Evaluate compliance with industry standards and regulatory requirements. • Assess data protection, acces

• Malware increasingly hides in legitimate app store listings, exploiting user trust for widespread infection. • Supply‑chain attacks target third‑party libraries, enabling attacke

• Commercial software proliferation expands attack surface, increasing vulnerability exposure across enterprises. • Open-source components in commercial stacks introduce hidden bac

• AI accelerates threat detection, enabling faster identification of malicious activity. • Adversarial AI allows attackers to craft evasive malware that bypasses traditional defens

• Universities face rising ransomware attacks targeting research data and student records. • Phishing campaigns exploit faculty credentials to gain network access. • Supply‑chain v

• Ransomware remains the top threat, targeting critical UK business data. • Phishing campaigns exploit remote working, increasing credential theft. • Supply‑chain attacks grow, com

• Sports organisations increasingly targeted by ransomware, phishing, and credential‑stealing attacks. • High‑profile events like the Olympics and World Cup attract sophisticated t

• US sanctions in May 2020 targeted Russian cyber actors and infrastructure. • NCSC identified increased threat actor activity following sanction announcements. • Sanctions disrupt

• UK telecoms face rising cyber threats, including ransomware targeting network infrastructure. • NCSC highlights supply chain risks from overseas vendors in 5G equipment. • Vulner

• BGP is critical for inter-ISP routing, requiring strict policy enforcement to prevent leaks and hijacks. • Implement prefix filtering and route origin validation to ensure only l

• Enterprise connected devices expand attack surface, enabling lateral movement across corporate networks. • Insider threats amplified as employees use personal devices for work, b

• Joint report reveals surge in publicly available hacking toolkits targeting critical infrastructure. • Analysts highlight increased ease of access via dark web marketplaces and o

• Over 1,200 cyber incidents reported across 30 countries, highlighting rising ransomware activity. • Ransomware attacks surged 35%, with CryptoLocker variants targeting healthcare

• Cybersecurity workforce remains 70% male, with women under 20% in technical roles. • Minority representation below 15%, limiting diverse threat perspective. • 2021 report links d

• Patch OS, software, firmware promptly to close known vulnerabilities across all systems. • Segment networks to limit lateral movement from infected devices and protect critical a

• One year since NIST released Cybersecurity Framework 2.0, boosting enterprise security readiness. • New 2025 resources offer tailored pathways for diverse audiences to implement

• NIST released 10+ new cybersecurity translations across six languages for global stakeholders. • International partners engaged through travel, sharing key NIST projects worldwid

• NIST’s 2020 IR 8259 outlines foundational cybersecurity activities for IoT device manufacturers. • The guide has 40,000+ downloads and is available in English, Spanish, and Portu

• Cybersecurity demand surges, yet no standardized entry path for professionals. • Registered apprenticeships offer paid, on‑the‑job training with real‑world experience. • Apprenti

• Verifiable digital credentials turn physical IDs into cryptographically verifiable digital tokens stored on smartphones. • Common buzzwords include ‘digital wallet,’ ‘mobile driv

• NIST launches Staff Stories Spotlight series during Cybersecurity Awareness Month to highlight diverse staff backgrounds. • Theme ‘Secure our World’ emphasizes global collaborati

• NIST launches Staff Stories Spotlight series for Cybersecurity Awareness Month, featuring Q&A with staff. • Theme ‘Secure our World’ underscores collective duty to protect digita

• Elastic AI Assistant for Security now offers chat and management APIs in Elastic Security 8.15. • APIs enable automated threat identification and data enrichment directly within

• Pinewood, a leading MSSP, deployed Elastic SIEM to centralize threat detection across finance, healthcare, retail, and government clients. • The platform aggregates logs, network

• Process Ghosting exploits the delay between process creation and thread notification, enabling pre‑scan tampering. • Attack writes malware to disk, deletes it, yet execution cont