How to use NIST and ISO frameworks to govern AI agents 2026-06-12 at 11:07 By Help Net Security Security leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously across enterprise environments. AI agents already read sensitive documents, invoke […]
How to use NIST and ISO frameworks to govern AI agents Read More »
CISA orders federal agencies to “patch smarter” 2026-06-11 at 20:18 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge in newly
CISA orders federal agencies to “patch smarter” Read More »
Every set of AI guardrails can be broken by the right prompt 2026-06-10 at 11:31 By Mirko Zorz Companies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological weapons or illicit drugs. When a user prompts the system for such content, the guardrails
Every set of AI guardrails can be broken by the right prompt Read More »
Spotless compliance evidence can still hide a broken control 2026-06-04 at 09:26 By Mirko Zorz In this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss
Spotless compliance evidence can still hide a broken control Read More »
NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward 2026-04-16 at 19:48 By Zeljka Zorz NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most critical CVE-numbered security vulnerabilities. “This change is driven by a surge in
NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward Read More »
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software 2026-04-16 at 15:03 By Ionut Arghire To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched. The post NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software appeared first on SecurityWeek. This article is
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software Read More »
Iranian cyber activity hits US energy, water, and government networks 2026-04-08 at 15:06 By Anamarija Pogorelec U.S. government agencies on Tuesday warned American organizations about ongoing cyber activity targeting OT and PLC devices, including those manufactured by Rockwell Automation and Allen-Bradley, across multiple critical infrastructure sectors. The activity has been attributed to Iranian-affiliated APT actors
Iranian cyber activity hits US energy, water, and government networks Read More »
NIST updates its DNS security guidance for the first time in over a decade 2026-03-23 at 09:18 By Mirko Zorz DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure
NIST updates its DNS security guidance for the first time in over a decade Read More »
NIST issues guidance on securing smart speakers 2025-12-22 at 07:02 By Sinisa Markovic Smart home devices, such as voice-activated digital assistants, are increasingly used in home health care, with risks involved. An attacker could change a prescription, steal medical data, or connect a patient to an impostor. To reduce cybersecurity risks tied to this use,
NIST issues guidance on securing smart speakers Read More »
The quantum clock is ticking and businesses are still stuck in prep mode 2025-12-04 at 07:39 By Anamarija Pogorelec Quantum computing is still years away from breaking current encryption, but many security teams are already worried about what happens when that moment arrives. A new report from the Trusted Computing Group (TCG) shows that most
The quantum clock is ticking and businesses are still stuck in prep mode Read More »
NIST Publishes Guide for Protecting ICS Against USB-Borne Threats 2025-10-01 at 14:18 By Eduard Kovacs NIST Special Publication 1334 focuses on reducing cybersecurity risks associated with the use of removable media devices in OT environments. The post NIST Publishes Guide for Protecting ICS Against USB-Borne Threats appeared first on SecurityWeek. This article is an excerpt
NIST Publishes Guide for Protecting ICS Against USB-Borne Threats Read More »
GitHub adds post-quantum protection for SSH access 2025-09-16 at 12:05 By Sinisa Markovic GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. What GitHub is changing GitHub has introduced a new type of SSH key that combines
GitHub adds post-quantum protection for SSH access Read More »
New NIST guide explains how to detect morphed images 2025-08-18 at 18:00 By Sinisa Markovic Face morphing software can blend two people’s photos into one image, making it possible for someone to fool identity checks at buildings, airports, borders, and other secure places. These morphed images can trick face recognition systems into linking the photo
New NIST guide explains how to detect morphed images Read More »
NIST finalizes lightweight cryptography standard for small devices 2025-08-13 at 17:24 By Anamarija Pogorelec The National Institute of Standards and Technology (NIST) has finalized a lightweight cryptography standard to protect even the smallest networked devices from cyberattacks. Published as Ascon-Based Lightweight Cryptography Standards for Constrained Devices (NIST Special Publication 800-232), the standard offers tools for
NIST finalizes lightweight cryptography standard for small devices Read More »
CURBy: A quantum random number generator you can verify 2025-06-17 at 08:01 By Sinisa Markovic NIST and the University of Colorado Boulder have created a public service that delivers random numbers using quantum mechanics. Called the Colorado University Randomness Beacon (CURBy), the system offers a daily stream of certifiable random numbers generated through a process
CURBy: A quantum random number generator you can verify Read More »
19 ways to build zero trust: NIST offers practical implementation guide 2025-06-13 at 07:32 By Sinisa Markovic The National Institute of Standards and Technology (NIST) has released a new guide that offers practical help for building zero trust architectures (ZTA). The guidance, titled Implementing a Zero Trust Architecture (SP 1800‑35), includes 19 example setups using
19 ways to build zero trust: NIST offers practical implementation guide Read More »
NIST proposes new metric to gauge exploited vulnerabilities 2025-05-26 at 08:06 By Help Net Security NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a
NIST proposes new metric to gauge exploited vulnerabilities Read More »
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers 2025-05-20 at 15:39 By Eduard Kovacs The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization. The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers Read More »
MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty 2025-04-15 at 23:46 By Ryan Naraine MITRE warns of a deterioration of national vulnerability databases and advisories, slowed vendor reaction and limited response operations. The post MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty appeared first on SecurityWeek. This article is an excerpt
MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty Read More »
NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog 2025-04-07 at 14:02 By Ionut Arghire NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them. The post NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog appeared first on
NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog Read More »