Tag: government
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
AI as Cyberattacker
From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree”, using AI not just as an advisor, but to execute the cyberattacks themselves. The threat actor”, whom we assess with high confidence was a Chinese…
-
AI as Cyberattacker
From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree”, using AI not just as an advisor, but to execute the cyberattacks themselves. The threat actor”, whom we assess with high confidence was a Chinese…
-
Legacy web forms are the weakest link in government data security
Outdated government web forms are placing millions of citizens at risk as sensitive information is collected and transmitted through insecure, non-compliant systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/government-legacy-web-forms-security-risks/
-
UK digital ID scheme cash will come from existing funds
Tags: governmentUK Parliamentary committee hearing reveals there will be no permanent government chief digital officer going forward, and digital ID scheme will be funded by existing budgets First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634626/Digital-ID-scheme-cash-will-come-from-existing-funds
-
NSO Group argues WhatsApp injunction threatens existence, future U.S. government work
The spyware vendor made those two arguments, among others, in a motion to stay the California court ruling. First seen on cyberscoop.com Jump to article: cyberscoop.com/nso-group-whatsapp-injunction-appeal/
-
Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment
Patching advice: Affected versions of FortiWeb include 7.0.0 through 7.0.11, 7.2.0 through 7.2.11, 7.4.0 through 7.4.9, 7.6.0 through 7.6.4, and 8.0.0 through 8.0.1. Fixes are applied, in the same order, by releases 7.0.12, 7.2.12, 7.4.10, 7.6.5, and 8.0.2.Meanwhile, the widespread use of FortiWeb WAFS in government has prompted a warning by CISA that agencies should…
-
Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment
Patching advice: Affected versions of FortiWeb include 7.0.0 through 7.0.11, 7.2.0 through 7.2.11, 7.4.0 through 7.4.9, 7.6.0 through 7.6.4, and 8.0.0 through 8.0.1. Fixes are applied, in the same order, by releases 7.0.12, 7.2.12, 7.4.10, 7.6.5, and 8.0.2.Meanwhile, the widespread use of FortiWeb WAFS in government has prompted a warning by CISA that agencies should…
-
UK’s new cybersecurity bill takes aim at ransomware gangs and state-backed hackers
After years of delays, the UK government has finally introduced landmark cybersecurity legislation that could reshape how British organisations defend against digital attacks. First seen on fortra.com Jump to article: www.fortra.com/blog/uks-new-cybersecurity-bill-takes-aim-ransomware-gangs-state-backed-hackers
-
Scam USPS and E-Z Pass Texts and Websites
Tags: banking, credit-card, cybercrime, google, government, group, password, phishing, scam, software, toolGoogle has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card…
-
Scam USPS and E-Z Pass Texts and Websites
Tags: banking, credit-card, cybercrime, google, government, group, password, phishing, scam, software, toolGoogle has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card…
-
Chinese APT Group Exploits DLL Sideloading to Breach Government and Media Targets
A China-nexus advanced persistent threat (APT) group has been conducting a sustained espionage campaign targeting government and media sectors across Southeast Asia, leveraging sophisticated DLL sideloading techniques as a primary attack vector. The threat actor, tracked as Autumn Dragon, has targeted multiple nations surrounding the South China Sea, including Indonesia, Singapore, the Philippines, Cambodia, and Laos,…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
How the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years ago
The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the internet. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/19/how-the-classic-anime-ghost-in-the-shell-predicted-the-future-of-cybersecurity-30-years-ago/
-
CISA gives govt agencies 7 days to patch new Fortinet flaw
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet’s FortiWeb web application firewall, which was exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-gives-govt-agencies-7-days-to-patch-new-fortinet-flaw/
-
Behind the firewall: The hidden struggles of cyber professionals with a disability
Daisy Wong Daisy WongWhen Daisy Wong, head of security awareness at Medibank, first entered cybersecurity, she didn’t expect to become an advocate for inclusion, she just wanted to prove that being in a wheelchair was no barrier to what she could achieve. “I never wanted to be in cybersecurity. I did marketing at uni,” she…
-
Anthropic AI-powered cyberattack causes a stir
Tags: ai, attack, china, cyber, cyberattack, cybersecurity, espionage, finance, government, group, hacking, programming, technology, toolAI “‹”‹company Anthropic recently announced that companies worldwide have been attacked by an AI-powered cyber espionage campaign. It is purported to be the first publicly documented case of a cyberattack carried out by an AI model.According to the research report, around 30 organizations worldwide were affected by the attacks. These included large technology companies, financial institutions,…
-
Airline data broker to stop selling individuals’ travel records to government agencies
News that the Airlines Reporting Corporation (ARC) will shut down its controversial Travel Intelligence Program (TIP) surfaced in a letter ARC CEO Lauri Reishus sent to a bipartisan group of lawmakers on Tuesday. First seen on therecord.media Jump to article: therecord.media/airline-data-broker-stop-selling-to-government
-
Information sharing law’s expiration could squander government vulnerability hunting efforts, senator says
The next steps for the law, now extended for a short time, are up in the air. First seen on cyberscoop.com Jump to article: cyberscoop.com/cyber-threat-data-sharing-law-expiration-security-risk-mike-rounds-gary-peters-rand-paul/
-
US Cyber Defense Agency Admits to Major Staffing Crisis
Internal Memo Says Trump-Era Cuts ‘Hampered’ CISA During ‘Pivotal Moment’. The Cybersecurity and Infrastructure Security Agency is reeling from an apparent 40% vacancy rate in several key divisions following White House-driven cuts and a prolonged government shutdown, according to an internal memo revealing how recent layoffs were undermining federal readiness. First seen on govinfosecurity.com Jump…
-
Pro-Russian group claims hits on Danish party websites as voters head to polls
Voting was not disrupted Tuesday by a wave of DDoS incidents affecting political party and government websites in Denmark a day earlier, officials said. First seen on therecord.media Jump to article: therecord.media/denmark-election-political-government-websites-ddos-incidents
-
The Data Privacy Risk Lurking in Paperless Government
The world is becoming increasingly paperless, and most organizations, including federal agencies, are following suit. Switching from paper-based processes to digital ones offers great benefits. However, the security and compliance challenges that come with this shift aren’t to be taken lightly. As the federal government goes paperless to cut costs and modernize operational processes, a..…
-
Full renewal of state and local cyber grants program passes in House
The PILLAR Act, which would renew federal cybersecurity grants to state and local governments through 2033, passed by voice vote in the House. First seen on therecord.media Jump to article: therecord.media/state-local-cyber-grants-program-house-passage
-
Inspector General Flags Security Gap in NIH Genomics Project
NIH Working on Fixes to Address National Security Risks and Weak Access Controls. The sensitive health and genomics data of 1 million Americans used by a National Institutes of Health research project could be at risk for access or theft by bad actors, including foreign adversaries, a government watchdog group. Security weaknesses discovered in an…
-
Dozens of groups call for governments to protect encryption
The letter comes as countries in Europe have moved over the past year to regulate or mandate legalized access for criminal and national security investigations. First seen on cyberscoop.com Jump to article: cyberscoop.com/encryption-sixty-groups-call-on-governments-to-oppose-backdoor-mandates/
-
Kenyan gov’t websites back online after hackers deface pages with white supremacist messages
A handful of Kenyan government websites were defaced with white supremacist slogans. First seen on therecord.media Jump to article: therecord.media/kenyan-gov-websites-back-hack