Tag: government
-
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops
A state of perpetual interference: To understand how proxy insurgent groups such as Handala fit within Iran’s modern-day intelligence ecosystem, we first need to look at the historical development of the country’s intelligence operations.In 1953, the United States and Britain (via conduit operations of the CIA and MI6, respectively) instigated a coup in Iran that…
-
SideWinder Spoofs Chrome PDF Viewer, Zimbra to Steal Government Webmail Logins
SideWinder is running an active credential”‘harvesting campaign that uses a fake Chrome PDF viewer and a pixel”‘perfect Zimbra clone on Cloudflare Workers to steal government webmail credentials from South Asian targets, including the Bangladesh Navy and Pakistan’s Ministry of Foreign Affairs. The campaign came to light after a Cloudflare Workers URL was spotted harvesting credentials…
-
Cyberattack at French identity document agency may have exposed personal data
A cyberattack targeting a French government website used to manage identity documents and driver’s licenses may have exposed users’ personal data, the Interior Ministry said. First seen on therecord.media Jump to article: therecord.media/france-cyberattack-agency-passports
-
Simplifying CMMC Compliance and Breaking Down Its Controls
Those seeking contracts with government agencies must meet many requirements and guidelines regarding cybersecurity. Each entity has its own, including the Department of Defense (DoD). Introduced in 2024 and being implemented in phases, Cybersecurity Maturity Model Certification 2.0 (CMMC) sets new rules around protecting controlled unclassified information (CUI) and federal contract information (FCI). CCCM First…
-
Why the Axios attack proves AI is mandatory for supply chain security
Two weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But beyond the sheer scale, the attack’s speed was just as worrisome a stark […]…
-
In Praise of CISA
Lately, the Cybersecurity and Infrastructure Security Agency (CISA) has been buried under troubling headlines. Steep workforce reductions. $700 million 2027 budget cut. Leadership uncertainty. Impacts from the months-long partial government shutdown. Canceled 2026 CyberCorps: Scholarship for Service program. But, to borrow and twist a phrase from Shakespeare’s Julius Caesar, “I come to praise CISA, not…The…
-
prompted 2026 Kinetic Risk: Securing And Governing Physical Al In The Wild
Author, Creator & Presenter: Padma Apparao, Architecting Al Solutions, Govt Agencies Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-kinetic-risk-securing-and-governing-physical-al-in-the-wild/
-
Man who hacked US Supreme Court filing system sentenced to probation
Nicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims’ personal data on Instagram under the handle @ihackedthegovernment. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/17/man-who-hacked-us-supreme-court-filing-system-sentenced-to-probation/
-
National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges
Under a new model announced by the National Institute of Standards and Technology, NVD will no longer enrich every CVE. Instead, enrichment efforts will focus on a defined subset, including vulnerabilities in the CISA KEV catalog, software used by the federal government, and software designated as critical. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/
-
When Geopolitics Writes Your Compliance Roadmap
Cyber policy has always lagged cyber reality. Regulations arrive after breaches, frameworks emerge after failures, and accountability structures materialize long after the damage lands on someone else’s balance sheet. NCC Group’s fifth edition of its Global Cyber Policy Radar suggests that cycle is finally breaking, not because governments have gotten smarter, but because the.. First…
-
With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance
Some lawmakers are calling for widespread reforms following years of surveillance scandals and abuses across successive U.S. administrations. But even if the spy law known as Section 702 expires in April, the government’s spy powers will not automatically lapse. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/17/with-us-spy-laws-set-to-expire-lawmakers-are-split-over-protecting-americans-from-warrantless-surveillance/
-
White House moves to give federal agencies access to Anthropic’s Claude Mythos
Tags: access, ai, control, cyber, defense, framework, government, military, risk, supply-chain, update, vulnerabilityEnterprise implications: Those same assurance questions translate directly to enterprise procurement. The OMB move signals that federal cyber defense is pivoting toward frontier models that can find vulnerabilities faster than human teams can patch them, and the rift between the Pentagon and the White House carries a lesson for private-sector buyers, Shah said.”The rift between…
-
In defeat for Trump, House extends electronic spying program for just 10 days
Tags: governmentThe House passed stopgap legislation to extend a warrantless government surveillance power for 10 days, following a failed lobbying campaign by the Trump administration. First seen on therecord.media Jump to article: therecord.media/fisa–trump-congress-extension-surveillance
-
Social media bans might steer kids into riskier corners of the internet
Governments are moving to block children under 16 from social media in the name of safety. But once these measures move from policy to practice, they raise a harder question: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/children-social-media-ban-cybersecurity-risks/
-
From clinics to government: UAC-0247 expands cyber campaign across Ukraine
CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilities, including clinics and emergency hospitals. The operation between March and April 2026, used malware designed to steal sensitive…
-
UK’s Sovereign AI supports supercomputing and drug discovery AI startups
The UK government’s £500m Sovereign AI fund announces first cohort of startups backed to boost economic growth and national security First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641874/UKs-Sovereign-AI-supports-supercomputing-and-drug-discovery-AI-startups
-
CYBERUK ’26: UK lagging on legal protections for cyber pros
Ahead of next week’s CYBERUK conference, the CyberUp Campaign for reform of the UK’s hacking laws urges the government to keep focus, and proposes a four-pillar framework that would protect cyber professionals from prosecution. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641875/CYBERUK-26-UK-lagging-on-legal-protections-for-cyber-pros
-
UK businesses must face up to AI threat, says government
Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of Anthropic’s new frontier model, Mythos First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government
-
UK businesses must face up to AI threat, says government
Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of Anthropic’s new frontier model, Mythos First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government
-
UK businesses must face up to AI threat, says government
Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of Anthropic’s new frontier model, Mythos First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government
-
Anthropic tests user trust with ID and selfie checks for Claude
Anthropic announced identity verification for Claude using government ID and selfie checks, becoming the first major AI chatbot to do so, a move that may prove unpopular with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/anthropic-claude-identity-verification-government-id/
-
UK Government Sound Alarm Over AI Security Risk
This week, UK government leaders and cyber officials are sounding an increasingly urgent alarm over the security risks posed by artificial intelligence, warning that the technology is both amplifying existing cyber threats and reshaping the balance between attackers and defenders. In a joint open letter to business leaders, ministers and the National Cyber Security Centre…
-
CISA cancels prestigious summer internships, citing government shutdown
Experts worry that recent chaos in the scholarship program could undermine vital workforce-development efforts. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-cybercorps-internships-canceled/817701/
-
New AgingFly malware used in attacks on Ukraine govt, hospitals
A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-agingfly-malware-used-in-attacks-on-ukraine-govt-hospitals/
-
NIST cuts down CVE analysis amid vulnerability overload
Tags: ai, automation, awareness, ceo, cve, cybersecurity, defense, exploit, flaw, government, group, incident response, nist, software, technology, threat, update, vulnerability, zero-daySOURCE: www.cve.org/about/Metrics CSOAs a result, NIST will now forego enrichment for all but the most critical of vulnerabilities.Backlogged CVEs received prior to March 1 will also be labeled “not scheduled.” None of those are critical vulnerabilities, NIST said, because those have always been handled first.”They’ve just come out and publicly stated, ‘We are never going…
-
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/signed-software-abused-to-deploy-antivirus-killing-scripts/
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
UAC-0247 Hits Hospitals, Governments With Browser and WhatsApp Data Theft
A surge of targeted cyberattacks was detected against local governments and municipal healthcare institutions particularly clinical and ambulance hospitals. The campaign has been attributed to threat cluster UAC-0247, known for advanced data theft, persistence, and lateral movement methods. The attack chain begins with well-crafted phishing emails that appear to discuss humanitarian aid proposals. These emails typically…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
New Jersey men given lengthy sentences for running North Korean laptop farms
The DOJ said Kejia Wang, 42, was sentenced to nine years in prison and Zhenxing Wang, 39, was given a nearly eight-year sentence for an operation that generated more than $5 million for the government of North Korea. First seen on therecord.media Jump to article: therecord.media/new-jersey-men-sentenced-north-korean-laptop-farms