Collecting Cyber-News from over 60 sources

Tag: nist

AI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report

May 27, 2025 1:54 PM

Tags: ai, api, attack, authentication, awareness, breach, cloud, compliance, computing, control, crypto, cryptography, data, encryption, guide, malicious, malware, mfa, nist, passkey, phishing, privacy, programming, ransomware, regulation, risk, software, strategy, threat, tool, vulnerability

AI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report madhav Tue, 05/27/2025 – 04:40 The Thales 2025 Data Threat Report reveals a critical inflection point in global cybersecurity. As the threat landscape grows more complex and hostile, the rapid adoption of generative AI is amplifying both opportunity and…
US Government Launches Audit of NIST’s National Vulnerability Database

May 27, 2025 1:54 PM

Tags: government, nist, nvd, office, vulnerability

The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-government-launches-audit-nist/
NIST Introduces New Metric to Measure Likelihood of Vulnerability Exploits

May 26, 2025 11:54 AM

Tags: exploit, metric, nist, technology, vulnerability

The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV) First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-metric-lev-likelihood/
NIST proposes new metric to gauge exploited vulnerabilities

May 26, 2025 7:54 AM

Tags: cybersecurity, exploit, metric, nist, software, vulnerability

NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/26/nist-likely-exploited-vulnerabilities/
Cybersecurity Snapshot: AI Data Security Best Practices Released, While New Framework Seeks To Help IT Pros Gain Cyber Skills

May 23, 2025 11:55 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, cctv, cisa, cloud, computer, control, credentials, crypto, cyber, cybercrime, cybersecurity, data, detection, email, espionage, exploit, finance, framework, germany, group, Hardware, infrastructure, injection, intelligence, iot, kev, law, linux, malware, metric, mfa, military, mitigation, network, nist, open-source, organized, passkey, password, phishing, risk, russia, skills, software, sql, tactics, technology, tool, training, ukraine, unauthorized, update, vpn, vulnerability, wifi, zero-trust

Check out expert recommendations for protecting your AI system data. Plus, boost your IT department’s cybersecurity skills with a new interactive framework. In addition, learn about a malware campaign targeting critical infrastructure orgs. And get the latest on Russian cyber espionage and on a NIST effort to enhance vulnerability prioritization. Dive into five things that…
NIST releases new AI attack taxonomy with expanded GenAI section

May 22, 2025 10:54 PM

Tags: ai, attack, nist

First seen on scworld.com Jump to article: www.scworld.com/news/nist-releases-new-ai-attack-taxonomy-with-expanded-genai-section
New NIST Security Metric Aims to Pinpoint Exploited Vulnerabilities

May 22, 2025 3:55 PM

Tags: cyber, cybersecurity, exploit, infrastructure, metric, nist, technology, vulnerability

Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) have introduced a new security metric designed to improve vulnerability management. The proposed Likely Exploited Vulnerabilities (LEV) metric aims to enhance organizations’ ability to identify which vulnerabilities are most likely to be exploited, enabling more efficient remediation…
NIST’s ‘LEV’ Equation to Determine Likelihood a Bug Was Exploited

May 21, 2025 6:54 PM

Tags: exploit, nist, technology, update, vulnerability

The new equation, introduced by the National Institute of Standards and Technology (NIST), aims to offer a mathematical likelihood index that could be a game-changer for SecOps teams and vulnerability patch prioritization. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-lev-equation-determine-likelihood-bug-exploited
Proposed U.S. budget cuts raise fears about tech innovation

May 17, 2025 12:54 AM

Tags: nist

President Donald Trump’s proposed FY 2026 budget slashes funding for federal agencies, including NSF and NIST, which support tech research and innovation in the U.S. First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366623883/Proposed-US-budget-cuts-raise-fears-about-tech-innovation
The rise of vCISO as a viable cybersecurity career path

May 12, 2025 9:10 AM

Tags: advisory, business, ceo, cio, ciso, compliance, computer, control, country, cyber, cybersecurity, government, grc, group, guide, healthcare, incident response, infrastructure, ISO-27001, jobs, mobile, network, nist, risk, risk-assessment, risk-management, service, skills, strategy, technology, tool, training

Damon Petraglia, vCISO and CISO on demand Blue Mantis Damon Petraglia A long-time cybersecurity pro with chops built up in the federal government world and through forensic investigation work, Damon Petraglia works as a vCISO and CISO on demand for the IT services firm Blue Mantis.”Where I am today as a vCISO is a culmination…
Phishing-Resistant MFA: Why FIDO is Essential

May 8, 2025 11:11 AM

Tags: access, ai, attack, authentication, breach, business, cloud, compliance, credentials, cryptography, cybersecurity, data, data-breach, defense, dora, encryption, exploit, fido, framework, GDPR, Hardware, iam, identity, ISO-27001, malicious, mfa, mobile, network, nist, passkey, password, phishing, phone, ransomware, regulation, risk, service, social-engineering, software, strategy, tactics, technology, theft, threat, tool, unauthorized

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 – 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error. Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. Today’s…
Quantum supremacy: Cybersecurity’s ultimate arms race has China way in front

May 7, 2025 10:50 AM

Tags: ai, authentication, automation, backup, banking, breach, business, china, ciso, computing, control, crypto, cryptography, cybersecurity, data, encryption, finance, government, healthcare, identity, infrastructure, jobs, military, ml, nist, risk, service, skills, technology, threat, update, vulnerability, zero-day

The DeepSeek/Qwen factor: What we learned from recent AI advances, such as DeepSeek and Qwen, that caught the world by surprise is that China’s technology is much more advanced than anyone anticipated. I’d argue that this is a leading indicator that China’s quantum computing capabilities are also in absolute stealth-mode development and ahead of the…
NIST loses key cyber experts in standards and research

May 6, 2025 6:50 PM

Tags: computer, cyber, nist

The head of NIST’s Computer Security Division and roughly a dozen of his subordinates took the Trump administration’s retirement offers, placing key programs at risk. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-cyber-retirements-quantum-ai-research-standards/747270/
12 most innovative launches at RSA 2025

May 5, 2025 8:49 AM

Tags: ai, attack, awareness, ciso, cloud, communications, compliance, control, cyber, cybersecurity, data, deep-fake, detection, email, endpoint, finance, framework, governance, healthcare, identity, insurance, intelligence, login, malicious, network, nist, open-source, openai, phishing, privacy, RedTeam, resilience, risk, risk-analysis, risk-management, saas, service, siem, social-engineering, tactics, threat, tool, training, update, zero-day, zero-trust

AuditBoard: AI governance solution: AuditBoard announced its AI governance solution, designed to help organizations accelerate AI risk management and promote responsible AI adoption. The solution is designed to streamline AI use case intake, review, and approval processes, establish a centralized repository for approved AI models, and dynamically link AI risks to vendors, assets, and controls…
Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud, OT, Apps and More

May 2, 2025 6:50 PM

Tags: access, ai, attack, authentication, best-practice, breach, business, cisa, ciso, cloud, computer, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, firewall, flaw, framework, government, guide, hacker, iam, identity, incident, incident response, infrastructure, injection, international, Internet, iot, kubernetes, login, mfa, microsoft, mitigation, mitre, network, nist, open-source, organized, password, phishing, programming, RedTeam, risk, risk-management, sbom, service, software, sql, supply-chain, tactics, technology, threat, tool, unauthorized, update, usa, vulnerability, vulnerability-management, windows, xss, zero-day

In this special edition of the Cybersecurity Snapshot, we’re highlighting some of the most valuable guidance offered by the U.S. Cybersecurity and Infrastructure Security Agency in the past 12 months. Check out best practices, recommendations and insights on protecting your cloud environments, OT systems, software development processes and more. In case you missed it, here’s…
2025 The International Year of Quantum Science and Technology

Apr 29, 2025 2:52 PM

Tags: access, attack, cloud, compliance, computer, conference, crypto, cryptography, cybersecurity, data, encryption, finance, government, group, Hardware, infrastructure, international, lessons-learned, network, nist, regulation, risk, risk-assessment, software, strategy, technology, tool

2025 The International Year of Quantum Science and Technology divya Tue, 04/29/2025 – 07:48 It is no surprise that the United Nations declared 2025 as the International Year of Quantum Science and Technology (IYQ). Not only does it mark the 100-year point since quantum physics were discovered, but for those who have been following, the…
10 key questions security leaders must ask at RSA 2025

Apr 24, 2025 11:50 AM

Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trust

Is agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Apr 18, 2025 6:28 PM

Tags: access, advisory, ai, attack, breach, china, cisa, cisco, ciso, cloud, computer, control, csf, cve, cyber, cyberattack, cybersecurity, data, defense, encryption, espionage, exploit, firmware, framework, governance, government, group, hacker, hacking, healthcare, identity, infrastructure, Internet, LLM, malicious, mfa, mitigation, mitre, network, nist, open-source, password, phishing, privacy, risk, risk-assessment, router, service, software, strategy, supply-chain, technology, threat, tool, update, vulnerability

Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on attacks against edge routers. Dive into five…
NIST’s adversarial ML guidance: 6 action items for your security team

Apr 18, 2025 5:28 AM

Tags: ai, attack, framework, intelligence, ml, nist, technology, threat
NIST Updates Privacy Framework With AI and Governance Revisions

Apr 17, 2025 3:28 PM

Tags: ai, cybersecurity, framework, governance, guide, nist, privacy, technology, update

The US National Institute of Standards and Technology has updated its Privacy Framework to work cohesively with its Cybersecurity Framework and guide organizations to develop stronger postures to handle privacy risks. First seen on darkreading.com Jump to article: www.darkreading.com/data-privacy/nist-updates-privacy-framework-ai-governance
CVE program averts swift end after CISA executes 11-month contract extension

Apr 16, 2025 6:28 PM

Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-management

Important update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
MITRE CVE Program Funding Set To Expire

Apr 16, 2025 5:28 AM

Tags: cve, cvss, cybersecurity, data, github, identity, intelligence, mitre, monitoring, nist, technology, update, vulnerability, vulnerability-management

MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged. Background On April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along…
CVE program faces swift end after DHS fails to renew contract, leaving security flaw tracking in limbo

Apr 16, 2025 5:28 AM

Tags: china, cisa, cve, cyber, cybersecurity, data, detection, endpoint, flaw, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, technology, threat, vulnerability, vulnerability-management

MITRE’s CVE program foundational to cybersecurity: MITRE’s CVE program is a foundational pillar of the global cybersecurity ecosystem and is the de facto standard for identifying vulnerabilities and guiding defenders’ vulnerability management programs. It provides foundational data to vendor products across vulnerability management, cyber threat intelligence, security information, event management, and endpoint detection and response.Although…
Meeting NIST API Security Guidelines with Wallarm

Apr 11, 2025 12:05 AM

Tags: api, cloud, framework, nist

On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, “Guidelines for API Protection for Cloud-Native Systems.” The document provides a comprehensive framework for securing APIs in cloud-enabled environments. However, for organizations looking to align with these objectives, the tooling requirements may seem initially overwhelming. Fortunately, Wallarm helps streamline the process…
NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue

Apr 9, 2025 5:55 PM

Tags: cve, nist, software, vulnerability

NIST, which for more than a year has been struggling to address a backlog of CVEs in its database following budget cuts, is now putting pre-2018 vulnerabilities on the back burner to give itself more time to address the rapidly growing number of new software security flaws. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/nist-deprioritizes-pre-2018-cves-as-backlog-struggles-continue/
NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog

Apr 8, 2025 5:42 PM

Tags: cve, nist, nvd, threat, vulnerability

NIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-defers-pre-2018-cves/
NIST calls time on older vulnerabilities amid surging disclosures

Apr 8, 2025 2:42 PM

Tags: cyber, nist, technology, update, vulnerability

The National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622153/NIST-calls-time-on-older-vulnerabilities-amid-surging-disclosures
NIST Declares Pre-2018 CVEs Will Be Labeled as ‘Deferred’

Apr 8, 2025 1:42 PM

Tags: cve, cyber, nist, nvd, technology, vulnerability

The National Institute of Standards and Technology (NIST) has announced that all Common Vulnerabilities and Exposures (CVEs) with a publication date before January 1, 2018, will now be marked with a >>Deferred
NIST to Implement ‘Deferred’ Status to Dated Vulnerabilities

Apr 7, 2025 11:42 PM

Tags: cve, nist, vulnerability

The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD). First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-deferred-status-dated-vulnerabilities
NIST marks all CVEs prior to Jan. 1, 2018, as ‘deferred’

Apr 7, 2025 10:42 PM

Tags: cve, nist

First seen on scworld.com Jump to article: www.scworld.com/news/nist-marks-all-cves-prior-to-jan-1-2018-as-deferred