Register Now: NIST Cyber AI Workshop #2
Date/Time: January 14, 2026 | 9:00 a.m. – 5:00 p.m. EST Location: The MITRE Corporation, 7525 Colshire Drive, McLean, VA, 22102 Join the NIST National Cybersecurity Center of Excellence (NCCoE) on January 14, 2026 for a hybrid workshop to discuss the preliminary draft NIST IR 8596, Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) …
Continue reading Register Now: NIST Cyber AI Workshop #2Tue, 23 Dec 2025 17:08:16 +0000
Threat Actors Want You to Hop on a Call
The NJCCIC detected a new telephone-oriented attack delivery (TOAD) campaign. Unlike most phishing attempts, TOAD attacks do not include malicious attachments or URLs in their initial messages. The aim of the message is to trick an unwary user into calling the provided number. Upon receiving a call, threat actors employ further social engineering tactics to …
Continue reading Threat Actors Want You to Hop on a CallTue, 23 Dec 2025 17:07:16 +0000
Action Not Required: The IT Help Desk Scam
Threat actors often impersonate IT support to deceive their targets into disclosing account credentials and installing malware. They usually lure with urgent emails related to account issues, such as expired passwords, full mailboxes, and security alerts. Threat actors send emails containing fraudulent links, malicious attachments, or fake phone numbers to initiate data theft or gain …
Continue reading Action Not Required: The IT Help Desk ScamTue, 23 Dec 2025 17:06:01 +0000
Vulnerability in Cisco AsyncOSCould Allow for Remote Code Execution
This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. A vulnerability has been discovered in Cisco AsyncOS, which could allow for remote code execution. AsyncOS is the operating system used by Cisco Secure Email Gateway and Cisco Secure …
Continue reading Vulnerability in Cisco AsyncOSCould Allow for Remote Code ExecutionTue, 23 Dec 2025 17:04:08 +0000
Proposed NICE Framework Component Updates For Public Comment
View as a Web Page NICE | advancing cybersecurity education and workforce December 18, 2025 PROPOSED NICE FRAMEWORK UPDATES FOR PUBLIC COMMENT The NICE Program Office of the National Institute of Standards and Technology (NIST) is pleased to publish three proposed Work Roles and updates to two Competency Areas of …
Continue reading Proposed NICE Framework Component Updates For Public CommentTue, 23 Dec 2025 17:03:43 +0000
NIST Publishes CSWP 39: Considerations for Achieving Crypto Agility
Cryptographic (crypto) agility refers to the capabilities needed to replace and adapt cryptographic algorithms in protocols, applications, software, hardware, firmware, and infrastructures while preserving security and ongoing operations. The transition to post-quantum cryptography (PQC) has highlighted significant challenges to adapting applications to new algorithms. This final version of Cybersecurity White Paper (CSWP) 39, Considerations for …
Continue reading NIST Publishes CSWP 39: Considerations for Achieving Crypto AgilityTue, 23 Dec 2025 17:01:39 +0000
Updated Malware Analysis Report BRICKSTORM Backdoor
This Malware Analysis Report was originally published on December 4 to share indicators of compromise (IOCs) and detection signatures for BRICKSTORM malware. The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Canadian Centre for Cyber Security (Cyber Centre) updated this Malware Analysis Report with IOCs and detection signatures for three additional BRICKSTORM …
Continue reading Updated Malware Analysis Report BRICKSTORM BackdoorTue, 23 Dec 2025 17:01:01 +0000
Comments Needed | NIST IR 8587 – Protecting Tokens & Assertions
Hands Off my Tokens! NIST Seeks Comments on the Initial Public Draft of NIST Interagency Report 8587, Protecting Tokens and Assertions from Forgery, Theft, and Misuse through January 30, 2026. What is in the Report? Developed in coordination with CISA’s Joint Cyber Defense Collaborative and in response to Executive Order 14144, Sustaining Select Efforts to …
Continue reading Comments Needed | NIST IR 8587 – Protecting Tokens & AssertionsTue, 23 Dec 2025 16:59:52 +0000
Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure
This Joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, Joint Fact Sheet Primary Mitigations to Reduce Cyber Threats to Operational Technology and European Cybercrime Centre’s (EC3) Operation Eastwood, in which CISA, Federal Bureau of Investigation (FBI), Department of Energy (DOE), Environmental Protection Agency (EPA), …
Continue reading Opportunistic Pro-Russia Hacktivists Attack US and Global Critical InfrastructureWed, 10 Dec 2025 19:25:25 +0000
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH: NOW
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install …
Continue reading Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH: NOWTue, 09 Dec 2025 20:05:18 +0000