#federal-network-security
#federal-network-security

How to create secure passwords - it might be time to switch to passkey

Using unique passwords and transitioning to passkeys enhances online security and reduces the risk of cyber threats.

fromThe Hacker News

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

A Chinese national impersonated U.S. researchers to obtain sensitive information from NASA and other entities, violating export control laws.

fromThe Cipher Brief

America's Cyber Strategy Has a Budget Problem

The U.S. is underfunding cybersecurity efforts, particularly CISA, despite increasing cyberattack threats.

DevOps

The Security Metric That's Failing You

Measuring patch rates does not equate to a secure environment; real risks often lie in misconfigurations and outdated permissions.

more#cybersecurity

Business intelligence

How Physical Security Data Is Supporting Public Safety Challenges

Physical security data is primarily used for officer safety, situational awareness, and responding to public safety emergencies.

Washington DC

2 hours ago

The presidential line of succession was at the shooting that targeted the Trump administration. Amid security doubts, 'the system worked,' AG says | Fortune

The shooting at the White House correspondents' dinner posed a significant risk to President Trump and many top officials in the line of succession.

DevOps

fromTechRepublic

2 years ago

What is Cloud Security? Fundamental Guide

Cloud security requires specialized processes and technologies to protect assets and data from evolving threats in a dynamic environment.

#data-privacy

fromElectronic Frontier Foundation

Tech bills of the week: Creating data privacy standards; Securing critical infrastructure from drones; and more

Republican lawmakers introduced two data privacy bills focusing on consumer control and national standards for data management.

Privacy technologies

How ICE Got My Data | EFFector 38.8

Tech companies may compromise user data when pressured by the government, as seen in a case involving Google and ICE.

A new Republican privacy bill could be 'worse than no standard at all'

Congress is attempting to pass a national data privacy law that may weaken protections in some states while strengthening them in others.

fromElectronic Frontier Foundation

Tech bills of the week: Creating data privacy standards; Securing critical infrastructure from drones; and more

Republican lawmakers introduced two data privacy bills focusing on consumer control and national standards for data management.

Privacy technologies

How ICE Got My Data | EFFector 38.8

Tech companies may compromise user data when pressured by the government, as seen in a case involving Google and ICE.

A new Republican privacy bill could be 'worse than no standard at all'

Congress is attempting to pass a national data privacy law that may weaken protections in some states while strengthening them in others.

more#data-privacy

Germany politics

fromThe Local Germany

Germany launches spying probe into Signal attacks targeting MPs

German prosecutors investigate phishing attacks on lawmakers, linked to Russia, highlighting the need for vigilance against espionage threats.

#agentic-ai

fromZDNET

Government adoption of AI agents could outpace the private sector

Agentic AI adoption in government is a leadership mandate, with 82% already using it and 71% planning to increase usage by 2026-2027.

Information security

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Agentic AI is transforming cybersecurity, presenting both opportunities for defenders and risks for attackers, necessitating a strategic response from the industry.

fromZDNET

Government adoption of AI agents could outpace the private sector

Agentic AI adoption in government is a leadership mandate, with 82% already using it and 71% planning to increase usage by 2026-2027.

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Agentic AI is transforming cybersecurity, presenting both opportunities for defenders and risks for attackers, necessitating a strategic response from the industry.

US Going Deeper Into The Red Now That The IRS Is Sharing Tax Data With ICE - Above the Law

Immigrants significantly contribute to the US economy, helping to offset national debt and budget deficits despite lower hourly wages.

Trump's pick to run US cyber agency CISA asks to drop out | TechCrunch

Sean Plankey withdrew his nomination to lead CISA, leaving the agency without a permanent leader amid ongoing cybersecurity challenges.

fromComputerworld

CISA last in line for access to Anthropic Mythos

CISA lacks access to Anthropic's AI model Claude Mythos, while unauthorized users have gained access, raising cybersecurity concerns.

Plankey withdraws nomination to lead CISA

Sean Plankey has withdrawn his nomination to lead the Cybersecurity and Infrastructure Security Agency after a year of waiting for Senate confirmation.

1 week ago

CISA resources 'more limited than I would like' amid shutdown, top official says

CISA faces significant funding limitations impacting its ability to counter hacking threats and conduct essential activities.

Anthropic's Mythos rollout has missed America's cyberscurity agency

CISA lacks access to Anthropic's cybersecurity model, raising concerns about its prioritization and effectiveness in digital security.

Information security

Is Renewing CISA Enough to Restore Confidence for Cyber Threat Reporters?

Trump's pick to run US cyber agency CISA asks to drop out | TechCrunch

Sean Plankey withdrew his nomination to lead CISA, leaving the agency without a permanent leader amid ongoing cybersecurity challenges.

fromComputerworld

CISA last in line for access to Anthropic Mythos

CISA lacks access to Anthropic's AI model Claude Mythos, while unauthorized users have gained access, raising cybersecurity concerns.

Plankey withdraws nomination to lead CISA

Sean Plankey has withdrawn his nomination to lead the Cybersecurity and Infrastructure Security Agency after a year of waiting for Senate confirmation.

1 week ago

CISA resources 'more limited than I would like' amid shutdown, top official says

CISA faces significant funding limitations impacting its ability to counter hacking threats and conduct essential activities.

Anthropic's Mythos rollout has missed America's cyberscurity agency

CISA lacks access to Anthropic's cybersecurity model, raising concerns about its prioritization and effectiveness in digital security.

Information security

Is Renewing CISA Enough to Restore Confidence for Cyber Threat Reporters?

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

fromWRAL.com

One Tech Tip: Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work offers flexibility but poses privacy and security risks in public spaces.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

fromWRAL.com

Intellectual property law

One Tech Tip: Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work offers flexibility but poses privacy and security risks in public spaces.

NIST is giving fingerprint examiners better tools for a messy job

NIST aims to enhance forensic fingerprint examination accuracy and training through new resources, including a database and open-source software.

#ai-security

fromTechRepublic

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Intellectual property law

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

fromTechRepublic

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

France news

France confirms data breach at government agency that manages citizens' IDs | TechCrunch

fromEngadget

France news

France's national agency for managing IDs and passports suffered a data breach last week

France news

Hackers Claim 19M Records Stolen From French Government Agency

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

France news

France confirms data breach at government agency that manages citizens' IDs | TechCrunch

The French government agency ANTS confirmed a data breach affecting citizens' identity documents, potentially involving millions of personal records.

France news

fromEngadget

France's national agency for managing IDs and passports suffered a data breach last week

France Titres confirmed a security breach exposing personal data, including names and contact information, with potential for phishing attacks.

France news

Hackers Claim 19M Records Stolen From French Government Agency

A security incident at ANTS may have compromised citizen data, including personal information of 19 million records.

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

How the DOJ Is Tackling Fraud in the ACA Marketplace - MedCity News

Fraud targeting vulnerable populations in the Affordable Care Act Marketplace is a significant issue, with deceptive practices disrupting healthcare access.

EU data protection

fromTechzine Global

New EU rules stall due to lack of data center data

Europe's data center sustainability regulations reveal significant gaps in data quality and reporting, hindering accurate assessments of energy consumption and environmental impact.

Business intelligence

fromEntrepreneur

The Hidden Data Liability Every Leader Needs to Address Now

Data is no longer endlessly renewable; companies face a 'data liability gap' affecting AI systems and data recovery responsibilities.

US politics

fromWIRED

The Latest Push to Extend Key US Spy Powers Is Still a Mess

The bill lacks meaningful constitutional safeguards and allows broad discretion to the attorney general regarding access to the 702 program.

'Faster and more disruptive' tech underscores need to revamp the Fed's operations, its governor says

"Artificial Intelligence is a coming storm that threatens to alter - and I believe, improve - all organizations. The pace of technological change today means that the Fed does not have the time to sit back and ruminate about changes for months and years on end."

Artificial intelligence

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Information security

Third US Security Expert Admits Helping Ransomware Gang

Healthcare

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Information security

Third US Security Expert Admits Helping Ransomware Gang

more#ransomware

#ai

fromThe Hill

Can AI agents protect our privacy?

AI is transforming the web, increasing privacy risks while offering opportunities to improve data protection.

Information security

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

fromThe Hill

Can AI agents protect our privacy?

AI is transforming the web, increasing privacy risks while offering opportunities to improve data protection.

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

more#ai

fromTNW | China

The US just told China to stop copying its AI. Enforcing that is the hard part.

The White House accused China of industrial-scale theft of American AI models and committed to sharing intelligence with US companies.

US politics

fromEngadget

Homeland Security reportedly wants to develop smart glasses for ICE

DHS is developing smart glasses for ICE agents to identify immigrants and citizens using biometric data by September 2027.

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

Palantir is reportedly helping the IRS investigate financial crimes | TechCrunch

The IRS has paid the firm $130 million since 2018 to use its data analysis software to pore over financial records for investigative purposes, according to public records detailing Palantir's IRS contract.

Privacy professionals

IRS lacks transparent plans to leverage tech in the face of staffing cuts, GAO and employees say

The IRS aims to modernize technology while reducing staff, but lacks transparency and clarity in its long-term plans.

DevOps

fromInfoQ

Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks

Centralized governance and remote infrastructure are essential for secure Model Context Protocol deployments, addressing risks like prompt injection and supply chain attacks.

fromTheregister

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.

6 days ago

The government is buying AI faster than it is assigning authority

Federal governance of AI requires clear authority to pause or override systems when risks materialize.

#privacy

fromAdExchanger

Does The New Federal Data Privacy Bill Have A Snowball's Chance Of Passing? | AdExchanger

House Republicans introduced the SECURE Data Act to create a national privacy standard that preempts state laws, targeting large data-handling companies.

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

Fewer privacy practitioners feel confident in meeting laws, while resource shortages and compliance challenges increase stress in the field.

fromAdExchanger

Does The New Federal Data Privacy Bill Have A Snowball's Chance Of Passing? | AdExchanger

House Republicans introduced the SECURE Data Act to create a national privacy standard that preempts state laws, targeting large data-handling companies.

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

Fewer privacy practitioners feel confident in meeting laws, while resource shortages and compliance challenges increase stress in the field.

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.

6 days ago

NSA spies are reportedly using Anthropic's Mythos, despite Pentagon feud | TechCrunch

The NSA is reportedly using Anthropic's Mythos model for cybersecurity despite previous tensions over access to AI capabilities.

How the government is ramping up mass surveillance with AI-driven tech

Surveillance capitalism collects extensive personal data through various devices and technologies, often without user consent or effective opt-out options.

fromTechzine Global

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

fromTheregister

Remote Desktop security beefed up with hard-to-read messages

Microsoft's Remote Desktop update has a bug preventing security warnings from displaying correctly for some users.

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.

Information security

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem.

Information security

Security Leaders Discuss the Claude Mythos Breach

Security leaders emphasize the urgent need for AI-enabled cybersecurity measures in response to the Claude Mythos breach.

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.

fromInfoWorld

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.

NIST's New Prioritization Criteria for CVEs, Examined by Experts

NIST is changing its approach to handling cybersecurity vulnerabilities by prioritizing certain CVEs for immediate enrichment in the National Vulnerability Database.

fromComputerWeekly.com

Interview: Critical local infrastructure is missing link in UK cyber resilience | Computer Weekly

Local infrastructure in the UK is vulnerable to cyber attacks, risking severe disruption to essential services and public safety.

fromAxios

Exclusive: OpenAI briefs feds and Five Eyes on new cyber product

OpenAI demonstrated its GPT-5.4-Cyber model to federal cyber defense practitioners, emphasizing a dual-track access approach for government and commercial users.

US politics

fromTheregister

CISA insider-threat warning comes with an ironic twist

Insider threats are among the most serious security risks and require multidisciplinary teams and decisive action to detect, mitigate, and prevent damage.

1 week ago

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

fromThe Hacker News

2 weeks ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

fromComputerworld

3 weeks ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

1 month ago

FBI Investigating 'Suspicious' Cyber Activity on System Holding Sensitive Surveillance Information

The FBI is investigating suspicious activities on an internal system containing sensitive surveillance data, with an unidentified actor using sophisticated techniques to exploit network security controls.

3 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Building government resilience in an era of AI-driven cyberattacks

Governments must rapidly transform defenses to counter escalating, stealthy AI-driven cyberattacks and prepare for destructive operations targeting critical infrastructure.

fromThe Hacker News

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

CISA added four actively exploited high-severity vulnerabilities to its KEV catalog, including Chrome use-after-free, TeamT5 arbitrary upload, Zimbra SSRF, and Windows ActiveX RCE.