Geek-Guy.com

Category: Government & Policy

Stay updated on the intersection of tech and governance. From CISA security alerts to federal AI mandates and global policy shifts, get the latest at Geek Guy.

AI, Europe, Global Security News, Government & Policy, Risk Management, Russia

Russian national charged in connection with Void Blizzard espionage campaign

Federal prosecutors have charged a Russian national with conspiracy to commit unauthorized computer access in connection with a sprawling cyber-espionage campaign linked to the Russia-aligned threat group Void Blizzard, according to a criminal complaint filed in federal court this week. Denis Nikolayevich Obrezko, a Russian citizen, is accused of breaking into systems owned by companies…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management

CISA orders federal agencies to “patch smarter”

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge in newly published vulnerabilities and by AI tools that are accelerating both security research and…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management

Team Cymru Expands APJ Operations With New Sydney Hub

External threat intelligence provider Team Cymru has announced the expansion of its Asia-Pacific and Japan (APJ) operations, with Sydney serving as the company’s regional operational hub.  The announcement follows RISEx Sydney, where Team Cymru leadership met with customers, partners, and public-sector stakeholders from across the region.  Expansion responds to regional cyber visibility demand According to…

Read more →

AI, Endpoint, Global Security News, Government & Policy, Network Security, privacy, Risk Management

Aged-domain acquisition: The tradecraft phishing operators are using to bypass your mail filter’s reputation score

I’ve spent the past two years working on incident response and threat intelligence, and the pattern I’m about to describe is one I keep seeing show up in cases that should have been caught at the email gateway. The kit families change. The lure templates change. The constant is that phishing-as-a-service operators are buying aged…

Read more →

AI, Apps, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security

JDY Botnet Evolves After KV Takedown, Targets Military Networks

JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The network was first spotted in late 2023 as a cluster inside KV-botnet. The U.S. government…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice

Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial access vector of choice. Last year, organizations fully remediated only 26% of the vulnerabilities that attackers were actively exploiting in the wild — down from 38%…

Read more →

AI, china, Data Breaches, Funding, Global Security News, Government & Policy, Network Security

OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers 

OpenAI’s threat intelligence team tracked what it believes are two distinct clusters of activity online from groups with ties to China and posting content seemingly designed to stoke anger around divisive topics like AI and data centers. The first, dubbed “Data Center Bandwagon,” used ChatGPT to create imagery and social media comments claiming data center…

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator…

Read more →

AI, Endpoint, Exploits, Global Security News, Government & Policy, malware, Russia

Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088

Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attacker write files outside the extraction directory using NTFS Alternate Data Streams. WinRAR fixed it in version 7.13 in July 2025. Nearly a year later, Trend…

Read more →

AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, privacy, Risk Management

UK move to filter photos and messages triggers encryption worries for CISOs

UK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise security. Starmer gave tech firms three months to create and implement such restrictions voluntarily, at…

Read more →

AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, privacy, Risk Management

UK move to filter photos and messages triggers encryption worries for CISOs

UK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise security. Starmer gave tech firms three months to create and implement such restrictions voluntarily, at…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Anthropic releases Mythos-class Fable 5 model with safeguards for cyber risks

Anthropic unveiled two new powerful AI models built on its previously restricted Mythos architecture: Claude Fable 5, which is being made broadly available, and Claude Mythos 5, which remains limited to a small group of cybersecurity and infrastructure partners. Anthropic describes Fable 5 as the most capable model it has ever released to the public,…

Read more →

AI, Apps, Compliance, Europe, Global Security News, Government & Policy

Nextcloud adds Euro-Office to Hub workplace suite, expands AI assistant

MUNICH — Nextcloud has integrated Euro-Office into its workplace application suite, one of several updates to Nextcloud Hub unveiled on Tuesday that include a new compliance app for large organizations and a program to support developers building for its platform. The announcements came during the company’s Nextcloud Summit 2026 here. Euro-Office, announced in March, is…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Anthropic’s new model is Mythos on a leash

Earlier this year, Anthropic executives said that their new AI model, Claude Mythos, had such powerful capabilities for harm that they would not release it publicly. On Tuesday, the company said it was making an altered version of Mythos available to the public, promising “new guardrails” that thwart the model’s best-in-class performance in hacking and…

Read more →

AI, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management

CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector

The Cybersecurity and Infrastructure Agency wants to fundamentally reevaluate how it prioritizes risks and vulnerabilities, both for privately-owned critical infrastructure and within the federal government, acting director Nick Andersen said Tuesday. The plans include a binding operational directive for federal agencies set to be published Wednesday and getting more specific with critical infrastructure owners and…

Read more →

AI, Data Breaches, Global Security News, Government & Policy

French government messaging platform breached through account hijacking

French authorities are investigating a compromise of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and gained access to public chat rooms. Tchap is the French government’s messaging platform for civil servants, ministries, and public agencies. Built on the open-source Matrix protocol, it was developed to keep government communications on infrastructure…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy

Filigran Debuts XTM One to Automate Threat Exposure Management

Cybersecurity company Filigran has unveiled XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform.  XTM One automates CTEM handoffs According to Filigran, XTM One was built to address the bottleneck of security teams having to manually move between their tools, particularly when ingesting threat intelligence…

Read more →

AI, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security, Risk Management

Trump’s new AI order — hallucinations aren’t just for LLMs

Years ago, right-wingers coined the phrase “Trump Derangement Syndrome” (TDS) to describe people who hate US President Donald J. Trump. (I think it better describes the president’s outlandish, truth-challenged statements and the followers who think he can do no wrong.) What’s really deranged is his recent AI executive order. First, a little history. As you…

Read more →

AI, china, Global Security News, Government & Policy, Risk Management

The security questions around Chinese AI coding models in U.S. software

Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according to a report from Booz Allen Hamilton, which tested how the models respond when the user appears…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management

OpenAI’s Lockdown Mode is trying to solve the problem that it created

OpenAI’s move to implement a Lockdown Mode that tries to limit data exfiltration by shutting down external capabilities is being seen as making the best out of a bad situation. But Lockdown Mode doesn’t block exfiltration as much as it slightly reduces it, and the reality of enterprises using multiple AI vendors for their agentic…

Read more →

AI, Apps, Global Security News, Government & Policy, Risk Management

Meta Accuses NSO of Violating WhatsApp Court Injunction

Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spyware vendor behind Pegasus, and secured a permanent court injunction barring the company from ever targeting WhatsApp or its users again. The court was unambiguous:…

Read more →

AI, Global Security News, Government & Policy, Risk Management

Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint

Meta said Monday that it caught a spearphishing campaign linked to spyware maker NSO Group despite a court injunction, prompting the tech giant to file a contempt-of-court complaint. The company won a civil case last year against NSO Group barring it from targeting WhatsApp users and securing $168 million in damages, although NSO Group has…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)

This diary continues the Internet Storm Center’s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026-05-24. Since that update, the story moved into two new places: the United States government, which formally caught up to the…

Read more →

AI, Funding, Global Security News, Government & Policy, Network Security, Risk Management

Anthropic Calls for AI Pause as Industry Races Ahead

Anthropic picked an interesting week to warn the world about the dangers of advanced AI. Anthropic warns of self-improving AI risks Just days after filing confidentially for an IPO, the company published a rather lengthy proposal arguing that AI companies may eventually need a way to hit pause.  The company worries that AI could reach…

Read more →

AI, APAC, Europe, Funding, Global Security News, Government & Policy, Risk Management, Venture

EU’s cloud sovereignty push leaves room for US hyperscalers

The European Commission published its tech sovereignty package last week, including the clearest signal yet of its intention to strengthen European cloud sovereignty and reduce its dependence on US hyperscalers. It’s a response to growing concerns among European organizations and regulators about the reliance on US tech firms and legislation such as the US CLOUD…

Read more →

AI, Compliance, Cybersecurity, Global Security News, Government & Policy, Risk Management

The AI security race needs accountability, not overregulation

AI models such as Anthropic’s Claude Mythos and OpenAI’s Daybreak represent a fundamental inflection point in security. These advances are not only reshaping technology but also redefining trust, risk, and the relationship between humans and intelligent systems. As innovation accelerates, AI governance and responsible deployment are becoming strategic priorities for every organization. Historically, governments have…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Why most enterprise security teams would fail a military readiness test

Have you ever watched a military cyber ops team go to work responding to a cyberattack simulation? It’s like that scene from Die Hard 4.0 when all the screens start flashing red and systems start shutting down; however, unlike the movies, where bumbling government IT workers are caught out and panicking, our military actually moves…

Read more →

AI, Cybersecurity, Data Security, Europe, Global Security News, Government & Policy, Network Security, Russia

Ukraine’s foreign minister offer recipe for improved resilience

Cybersecurity professionals were offered lessons of resilience in the most extreme circumstances from Ukraine’s former minister of foreign affairs. Dmytro Kuleba, who served as Ukraine’s Minister of Foreign Affairs between 2020 and 2024, told Infosecurity Europe delegates that the key to Ukraine’s survival after the full-scale Russian invasion of 2022 was pre-planning, a lesson learned…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management, Russia

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog Report: Anthropic Deploys Engineers…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

Reports claim Anthropic engineers are helping the NSA use its restricted AI model Mythos, known for advanced cybersecurity capabilities. This week, the Financial Times reported that Anthropic has placed approximately six “forward-deployed” engineers inside the National Security Agency to help the intelligence agency use Mythos, its most capable cyber model, for offensive operations. Two people…

Read more →

AI, china, Global Security News, Government & Policy, Politics, Risk Management, Venture

Anthropic Says We Must Stop Authoritarian AI. But What About Its Authoritarian Investors?

Anthropic’s high-profile spat with the Pentagon gave it a killer marketing advantage, burnishing its public image as a principled AI company that puts values over profits — unlike more mercenary rivals such as OpenAI or Google. But Anthropic’s double standard on authoritarianism suggests the nearly trillion-dollar firm is as calculating and ethically flexible as any…

Read more →

Exploits, Global Security News, Government & Policy

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types – On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government…

Read more →

AI, Apps, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management

AI Threats, Zero-Days, and Data Breaches Define This Week of June 2026 in Cybersecurity

Major Threats & Vulnerabilities Zero-Day Exploits and Critical Vulnerabilities A newly discovered Comodo zero-day vulnerability can crash Windows systems through a malformed IPv6 packet. Researcher Marcus Hutchins identified the flaw, but Comodo has yet to issue a patch. Users are advised to filter suspicious IPv6 headers and test incident response plans. Google patched an Android…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, malware

Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source: govlens[.]net,…

Read more →

AI, Cybersecurity, Funding, Global Security News, Government & Policy

US government report slams NIST for NVD backlog

A report from the US Commerce department’s inspector general blames the National Institute of Standards and Technology (NIST) for the ever-growing backlog of vulnerabilities for inclusion in the National Vulnerability Database (NVD). But cybersecurity practitioners say that the backlog, although very real, has been building for years, and that the government is doing little to…

Read more →

AI, china, Cybersecurity, Funding, Global Security News, Government & Policy

Hill Dems hammer GOP for $250M CISA budget cut

House Democrats criticized a draft Republican Department of Homeland Security spending bill Thursday that they said would cut funding for the Cybersecurity and Infrastructure Security Agency by $250 million. Republicans said the bill provides $2.4 billion for CISA, and that among its focuses are “improving cybersecurity resilience,” in the words of House Appropriations Chairman Tom…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security

Your AI agent could become your biggest insider threat 

Government agencies, cybersecurity companies and threat researchers are pouring resources into studying how fast-developing AI tools can be wielded by malicious actors to hack into victim organizations. But as agentic AI becomes more embedded in business infrastructure, there’s also a high possibility that a breach could be caused by an insider guiding the tool, whether…

Read more →

AI, APAC, Compliance, Cybersecurity, Global Security News, Government & Policy, Risk Management

OpenAI responds to White House executive order on AI governance

OpenAI has proposed mandatory federal evaluations of the most capable AI models before public release while arguing that regulators should stop short of deciding whether those systems can be deployed, staking out a middle ground in the debate over how frontier AI should be governed. The company’s proposal came a day after the White House…

Read more →

AI, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets

Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…

Read more →

AI, Global Security News, Government & Policy

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The “Disruption Week” operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by…

Read more →

AI, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security

DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels

Department of Homeland Security Secretary Markwayne Mullin told Congress Wednesday that the Cybersecurity and Infrastructure Security Agency would ideally have 2,800 personnel, up from approximately 2,200 now and down from 3,400 before the second Trump administration began. President Donald Trump has pushed to dramatically reduce personnel numbers at the agency, something that has drawn criticism…

Read more →

AI, APAC, Cybersecurity, Europe, Global Security News, Government & Policy

Eu sets out plans to reduce reliance on US cloud providers

The European Union has now published a set of measures aimed at boosting Europe’s tech industry to help reduce reliance on US and Chinese suppliers for AI, cloud, and semiconductors. The proposals include rules to restrict the use of US hyperscalers for certain public sector procurement purposes, but stop short of banning them outright. “Technological…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware

Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia’s Federal Security Service (FSB) published a statement claiming it had uncovered and documented a large-scale foreign intelligence operation targeting the mobile devices of senior Russian officials. The…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Trump Signs Executive Order Creating Voluntary AI Security Review Framework

President Trump has introduced a new executive order aimed at strengthening oversight of advanced AI models without imposing new regulations on tech companies.  The order establishes a voluntary framework that allows developers of powerful AI models to share systems with the federal government for security reviews before public release. “The United States continues to lead…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy

Anthropic expands Project Glasswing to 150 organizations in more than 15 countries

Anthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks of work with its initial group of partners, security firms, open-source maintainers, and government agencies. Organizations joining the program must meet security requirements before gaining access, Anthropic noted. The expansion brings the…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Risk Management

Welcoming the Philippine Government to Have I Been Pwned

Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’ National CERT, working with the Department of Information and Communications Technology, now has access to monitor official government domains against the data in HIBP. This gives their Cyber Threat Intel and Monitoring Section the ability to…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management

Two-year old Oracle WebLogic Server vulnerability is being exploited

US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data. The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, giving federal Oracle admins a…

Read more →

AI, china, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security, Risk Management

Trump revives parts of canceled AI order with cybersecurity-focused directive

US President Donald Trump signed an executive order aimed at strengthening cybersecurity defenses and establishing a voluntary framework for cooperation between the federal government and developers of advanced artificial intelligence models, reviving portions of a broader AI initiative that he abruptly shelved less than two weeks ago. The order, “Promoting Advanced Artificial Intelligence Innovation and…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, Risk Management

Trump administration releases scaled-back AI executive order

The Trump administration issued a revised executive order Tuesday focused on artificial intelligence, offering a significantly pared-back vision for the federal government’s role vetting AI systems compared to a draft version that was spiked weeks ago. The order keeps in place the administration’s largely voluntary framework for companies to engage with the federal government around…

Read more →

AI, APAC, china, Global Security News, Government & Policy, Network Security, Politics, Russia

The Pentagon Is Running an AI Propaganda Mill Targeting Latin America

The United States is feeding Pentagon propaganda to internet users in Latin American countries using a new AI-laden content mill, an investigation by The Intercept has found. La Tilde quietly began development early this year and appears to still be a work in progress, pitching itself as a modern media brand for Latin American audiences…

Read more →

AI, APAC, Cloud Security, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security

Anthropic expanding access to Project Glasswing

Anthropic is broadening access to its Project Glasswing program, adding approximately 150 organizations in 15 countries, the company announced Tuesday, as its restricted Claude Mythos Preview model has already surfaced more than 10,000 high- or critical-severity software vulnerabilities since the program launched in early April. The expansion follows an initial cohort of roughly 50 partners…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy

Sensitive government personnel data posted online, Spanish police arrest suspect

The Spanish National Police arrested a man in Granada for allegedly leaking personal data belonging to members of several sensitive state institutions. According to police, the suspect published the information on multiple online platforms, exposing personnel associated with organizations including the National Cybersecurity Institute (INCIBE), the National Security Council, the National Police, the Civil Guard,…

Read more →

Global Security News, Government & Policy

RSA extends passwordless authentication to Linux environments

RSA has expanded its passwordless authentication capabilities to Linux environments, advancing its goal of delivering secure, password-free access for every user in every environment. Linux is ubiquitous in enterprise infrastructure, powering servers, developer workstations, and critical operational environments across industries from financial services to government. Despite its reach, Linux users have historically been underserved by…

Read more →

AI, Global Security News, Government & Policy

USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order 

The U.S. Postal Service is moving forward with mail-in ballot restrictions, following a court’s rejection of a request by voting rights groups to immediately block an executive order from President Donald Trump ordering the changes. A new regulation proposed last Friday seeks to apply “uniform standards for the mailing of absentee ballots to and from…

Read more →

AI, Global Security News, Government & Policy

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial services sectors. The activity entails distributing spear-phishing emails containing ZIP attachments

Read more →

AI, Data Breaches, Global Security News, Government & Policy, Network Security, privacy, Risk Management

1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever

Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially considering the emergence of privacy regulations such as GDPR and CCPA in…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management

The Pentagon Finally Admits That Location Data Is a Battlefield Problem

The Pentagon confirmed adversaries are using commercial location data to track U.S. troops, exposing risks tied to smartphones and ad-tech networks. For years, security researchers, privacy advocates, and intelligence analysts have been warning about the same thing: smartphone location data isn’t just an advertising product. It’s surveillance infrastructure that anyone with enough money can access.…

Read more →

AI, Compliance, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management

6 critical security gaps every CISO must address

CISOs acknowledge that no organization is completely safe, but many also admit their security measures aren’t where they’d like them to be. One-third of CISOs surveyed for Proofpoint’s 2025 Voice of the CISO Report said the data within their organization is not adequately protected, and 58% said their organizations were unprepared to respond to a…

Read more →

AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Politics, privacy, Risk Management, Russia

Security Affairs newsletter Round 579 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers Signal Phishing Campaign Targets Journalists and…

Read more →

AI, Apps, Global Security News, Government & Policy, malware, Network Security, Russia

Russia-aligned crime group Greyvibe extensively uses AI in attacks

Researchers have uncovered a previously undocumented Russian group that makes extensive use of large language models (LLMs) in its attacks against private, government, and military organizations in Ukraine. It uses a variety of attack vectors along with custom malware, with the goal of intelligence gathering for the ongoing war. Dubbed Greyvibe by researchers from WithSecure,…

Read more →

AI, Global Security News, Government & Policy, malware, Network Security, Russia

Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes

GREYVIBE, a Russia-linked group active since 2025, targets Ukraine with AI-assisted malware and five attack chains. Researchers say it’s part spy op, part crime gang. Security firm WithSecure has been tracking a previously unknown Russian-linked APT group called GREYVIBE since at least August 2025. The group targets Ukraine and Ukrainian-related organizations across military, government, civilian,…

Read more →

AI, Compliance, Europe, Global Security News, Government & Policy, malware, Risk Management

AI in the UK: Driving Innovation Without Expanding Cyber Risk

Written by Sean Tilley, Senior Sales Director EMEA at 11:11 Systems  Artificial intelligence is no longer a future ambition for UK organisations. It is already shaping how decisions are made, how services are delivered, and how quickly businesses can respond to change. From automation and analytics to customer engagement and operational optimisation, AI is becoming an integral part of…

Read more →

AI, Cybersecurity, Europe, Funding, Global Security News, Government & Policy

Federal audit reveals NIST’s NVD is plagued by poor planning and duplication

A Department of Commerce inspector general report released Thursday found that the National Institute of Standards and Technology has mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs, and failure to communicate with users. The National Vulnerability Database, maintained by NIST since 2005, collects information about computer security flaws and…

Read more →

AI, APAC, Compliance, Cybersecurity, Global Security News, Government & Policy, Risk Management

AI Growth Exposes Gaps in Governance and Readiness 

Artificial intelligence (AI) adoption continues to grow across industries, but new research from Veeam suggests many organizations are still working through the governance, security, and operational challenges associated with deploying AI at scale. The study, which surveyed 300 technology and business leaders across financial services, healthcare, government, manufacturing, and technology sectors, found that 95% of…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Russia

DIL Observatory: when the World Escalates, the Underground Responds

Digital Intelligence Lab (DIL) launches an observatory for reading cyber events as what they actually are: signals of a broader social and geopolitical reality. The timing rarely lies, and the connection between real-world events and cyber activity is no longer a theoretical framework. It is a documented pattern, traceable across months and geographies. This new…

Read more →

AI, Apps, china, Funding, Global Security News, Government & Policy, Politics, Venture

The Race to Build AI Data Centers — Before the People Can Protest

Shark Tank’s Kevin O’Leary has been making the media rounds defending the 40,000-acre data center project he’s backing in northern Utah. Dismissing residents’ concerns over the environmental impacts and water demands of the proposed project in the drought-stricken Great Salt Lake region, O’Leary has claimed protesters are “bused in,” “misinformed,” and alleged that China has…

Read more →

AI, Data Breaches, Global Security News, Government & Policy, Risk Management

Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers

Carnival disclosed a data breach affecting nearly 6 million people after hackers used social engineering to access employee accounts. Carnival Corporation is notifying nearly 6 million people after a data breach exposed personal information. According to the notification shared with the Maine Attorney General’s Office, the total number of persons affected is 5,995,277. The company said…

Read more →

AI, Compliance, Europe, Global Security News, Government & Policy, Network Security, Risk Management

HPE Heads to Discover with Wider Networking, Cloud Portfolio

HPE is heading into its annual Discover conference with a broader portfolio than in recent years and a clear push to become a go-to enterprise provider for networking and private cloud operations. The focus will inevitably be on artificial intelligence and the new ways HPE can meet customer demand across the entire networking stack. Its…

Read more →

AI, Data Breaches, Global Security News, Government & Policy, Risk Management

Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket

A Google security engineer was arrested in New York and charged with crimes related to bets he allegedly placed on Polymarket using confidential information he pulled from Google systems, the Justice Department said Wednesday.  Michele Spagnuolo, a 36-year-old Italian citizen who lives in Switzerland, is accused of placing multiple trades on the prediction marketplace last…

Read more →

AI, china, Global Security News, Government & Policy, Russia

Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns

Geopolitical pressure drove much of the state-sponsored cyber activity recorded between October 2025 and March 2026, according to ESET’s latest APT Activity Report. Espionage groups aligned with China, North Korea, Russia, and Iran adjusted their targets to match the economic and security concerns of their governments. Attack sources (Source: ESET) “In Asia, the campaigns primarily…

Read more →

AI, Apps, Compliance, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management

Another IT governance headache: AI-enabled sanction evasion

Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns. The report, Algorithms of Evasion: The Rise of AI-Enabled Proliferation Financing, from the Royal United…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy

Smashing Security podcast #469: What your Oura ring won’t tell you

CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted – and when one journalist asked the company how often it hands user…

Read more →

AI, Apps, Compliance, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management

Another IT governance headache: AI-enabled sanction evasion

Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns. The report, Algorithms of Evasion: The Rise of AI-Enabled Proliferation Financing, from the Royal United…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy

OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms

OpenAI on Wednesday hailed its plans to safeguard information and aid cybersecurity defenders in the 2026 midterm elections, including work to combat deepfakes and other forms of artificial intelligence misuse.  The announcement builds on commitments from major tech companies in 2024, including OpenAI, to protect elections from AI-infused election interference — efforts that some thought…

Read more →

AI, china, Cybersecurity, Europe, Global Security News, Government & Policy, Politics, Risk Management, Russia

UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace

Artificial intelligence is an “unstoppable force” that allows tech to be “weaponized just below the threshold of traditional warfare,” including in cyberspace, the head of a U.K. intelligence, security and cybersecurity agency said Wednesday. We live in a world “where the latest frontier AI is rapidly unearthing fault lines in technologies our society relies on…

Read more →

AI, APAC, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

The NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrine

For most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at identifying a vulnerability, faster at patching, faster at detecting, faster at responding. The last few months have made me reevaluate that framing. Speed still matters. It just no…

Read more →

AI, Europe, Global Security News, Government & Policy, privacy, Risk Management

Dutch Government just said no to an American firm buying the keys to their digital State

The Dutch government blocked Kyndryl’s €100M bid for Solvinity, citing national security concerns over critical digital infrastructure. Dutch Government told Kyndryl it can’t buy Solvinity. That sentence doesn’t sound dramatic, but what it means is this: a European government just blocked an American IT company from acquiring the firm that runs DigiD, the platform Dutch…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management

White House charts new course for federal agencies and cybersecurity logging

The White House has updated rules for federal agencies to keep logs of significant cyber activities in their networks, touting it as a measure to cut back on red tape and focus on how cybersecurity risks have evolved. The Office of Management and Budget memorandum, released Friday, replaces a 2021 memo signed by then-President Joe…

Read more →