Tag: technology
-
NIST Adopts Risk-Based NVD Model as CVE Submissions Jump 263% Since 2020
According to a recent announcement from the National Institute of Standards and Technology (NIST), the agency is fundamentally restructuring how it manages the National Vulnerability Database (NVD). Driven by a massive 263% increase in Common Vulnerabilities and Exposures (CVE) submissions between 2020 and 2025, NIST is shifting from a comprehensive analysis approach to a targeted,…
-
NIST to stop rating non-priority flaws due to volume increase
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nist-to-stop-rating-non-priority-flaws-due-to-volume-increase/
-
National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges
Under a new model announced by the National Institute of Standards and Technology, NVD will no longer enrich every CVE. Instead, enrichment efforts will focus on a defined subset, including vulnerabilities in the CISA KEV catalog, software used by the federal government, and software designated as critical. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/
-
ISMG Editors: Adapting to the Looming Mythos AI Onslaught
Also: NY State Regs Test Resilience vs Compliance, OT Security Nears Breaking Point. In this week’s panel, four ISMG editors explore the industry’s response to Anthropic’s Mythos AI breakthrough, whether tighter New York state cybersecurity rules are driving real resilience or simply compliance, and why operational technology security is fast becoming a critical frontline concern.…
-
ISMG Editors: Adapting to the Looming Mythos AI Onslaught
Also: NY State Regs Test Resilience vs Compliance, OT Security Nears Breaking Point. In this week’s panel, four ISMG editors explore the industry’s response to Anthropic’s Mythos AI breakthrough, whether tighter New York state cybersecurity rules are driving real resilience or simply compliance, and why operational technology security is fast becoming a critical frontline concern.…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-revamps-cve-framework-to-focus-on-high-impact-vulnerabilities
-
We beat Google’s zero-knowledge proof of quantum cryptanalysis
Tags: ai, application-security, attack, best-practice, computer, computing, control, cryptography, data, exploit, google, group, Hardware, metric, programming, risk, rust, technology, tool, update, vulnerabilityTwo weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptography keys in as little as 9 minutes. Today, Trail of Bits is publishing our own zero-knowledge proof that significantly improves Google’s on all metrics. Our result is…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions.”CVEs that do not meet those criteria will still be listed…
-
Statements zu den Cybersecurity-Gefahren von Agentic-AI
KI-Agenten übernehmen bereits zahlreiche Prozesse im Unternehmen. Mit Agentic-AI werden diese Prozesse zu komplexen Workflows kombiniert. Ist diese autonome Automatisierung überhaupt zielführend oder erwachsen Unternehmen daraus zahlreiche neue Probleme? Mit dieser Frage hat Netzpalaver seine Community-Mitglieder um ihre Meinung mit einem kurzen Video-Statement zu Agentic-AI gebeten. Statement von Michael Veit, Technology Analyst bei Sophos […]…
-
Statements zu den Cybersecurity-Gefahren von Agentic-AI
KI-Agenten übernehmen bereits zahlreiche Prozesse im Unternehmen. Mit Agentic-AI werden diese Prozesse zu komplexen Workflows kombiniert. Ist diese autonome Automatisierung überhaupt zielführend oder erwachsen Unternehmen daraus zahlreiche neue Probleme? Mit dieser Frage hat Netzpalaver seine Community-Mitglieder um ihre Meinung mit einem kurzen Video-Statement zu Agentic-AI gebeten. Statement von Michael Veit, Technology Analyst bei Sophos […]…
-
UK businesses must face up to AI threat, says government
Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of Anthropic’s new frontier model, Mythos First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government
-
UK businesses must face up to AI threat, says government
Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of Anthropic’s new frontier model, Mythos First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government
-
UK businesses must face up to AI threat, says government
Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of Anthropic’s new frontier model, Mythos First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government
-
NTT Research Launches Scale Academy to Bring Lab Technology to Market
NTT Research launches Scale Academy to turn AI and security research into real products, debuting SaltGrain, a zero-trust data security platform. The post NTT Research Launches Scale Academy to Bring Lab Technology to Market appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ntt-research-scale-academy/
-
NTT Research Launches Scale Academy to Bring Lab Technology to Market
NTT Research launches Scale Academy to turn AI and security research into real products, debuting SaltGrain, a zero-trust data security platform. The post NTT Research Launches Scale Academy to Bring Lab Technology to Market appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ntt-research-scale-academy/
-
UK Government Sound Alarm Over AI Security Risk
This week, UK government leaders and cyber officials are sounding an increasingly urgent alarm over the security risks posed by artificial intelligence, warning that the technology is both amplifying existing cyber threats and reshaping the balance between attackers and defenders. In a joint open letter to business leaders, ministers and the National Cyber Security Centre…
-
ZionSiphon malware designed to sabotage water treatment systems
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zionsiphon-malware-designed-to-sabotage-water-treatment-systems/
-
NIST cuts down CVE analysis amid vulnerability overload
Tags: ai, automation, awareness, ceo, cve, cybersecurity, defense, exploit, flaw, government, group, incident response, nist, software, technology, threat, update, vulnerability, zero-daySOURCE: www.cve.org/about/Metrics CSOAs a result, NIST will now forego enrichment for all but the most critical of vulnerabilities.Backlogged CVEs received prior to March 1 will also be labeled “not scheduled.” None of those are critical vulnerabilities, NIST said, because those have always been handled first.”They’ve just come out and publicly stated, ‘We are never going…
-
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison
Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/
-
Behind the Mythos hype, Glasswing has just one confirmed CVE
Why is Glasswing still a big deal: VulnCheck’s findings reframe Glasswing’s capabilities. The limited number of directly attributable CVEs is just one way of measuring its impact. Industry observers are interpreting Mythos much differently.Melissa Bischoping, a SANS Technology Institute board member and senior Director of security and product research at Tanium, thinks Mythos potential lies…
-
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison
Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/
-
The endless CISO reporting line debate, and what it says about cybersecurity leadership
Tags: access, business, ceo, cio, ciso, cloud, control, corporate, cyber, cybersecurity, firewall, governance, infrastructure, jobs, monitoring, network, resilience, risk, strategy, technology, vulnerabilityThe governance gap behind the debate: The persistence of this debate reflects a broader governance gap.Historically, information security emerged as a technical discipline embedded within IT departments. Early security teams focused primarily on protecting infrastructure: Firewalls, access controls, network monitoring and vulnerability management. In that environment, it was natural for the security function to sit…
-
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison
Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/
-
The need for a board-level definition of cyber resilience
Tags: awareness, business, cisa, compliance, control, crime, cyber, cybercrime, cybersecurity, detection, finance, framework, governance, law, metric, regulation, resilience, risk, risk-analysis, risk-management, service, supply-chain, technologyWhere the literature converges: Organizational outcomes vs. policy and controls It’s consistently agreed that cyber resilience should be tied to organizational outcomes rather than technical controls and policies. Rather than focusing on metrics such as mean time to detection or number of security controls, organizational cyber resilience needs to evaluate levels of business continuity, preservation…
-
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison
Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/
-
Statements zu den Cybersecurity-Gefahren von Agentic-AI
KI-Agenten übernehmen bereits zahlreiche Prozesse im Unternehmen. Mit Agentic-AI werden diese Prozesse zu komplexen Workflows kombiniert. Ist diese autonome Automatisierung überhaupt zielführend oder erwachsen Unternehmen daraus zahlreiche neue Probleme? Mit dieser Frage hat Netzpalaver seine Community-Mitglieder um ihre Meinung mit einem kurzen Video-Statement zu Agentic-AI gebeten. Statement von Michael Veit, Technology Analyst bei Sophos […]…
-
Statements zu den Cybersecurity-Gefahren von Agentic-AI
KI-Agenten übernehmen bereits zahlreiche Prozesse im Unternehmen. Mit Agentic-AI werden diese Prozesse zu komplexen Workflows kombiniert. Ist diese autonome Automatisierung überhaupt zielführend oder erwachsen Unternehmen daraus zahlreiche neue Probleme? Mit dieser Frage hat Netzpalaver seine Community-Mitglieder um ihre Meinung mit einem kurzen Video-Statement zu Agentic-AI gebeten. Statement von Michael Veit, Technology Analyst bei Sophos […]…