Nick Andersen, CISA’s new executive assistant director for cybersecurity, has outlined a renewed vision to modernize and strengthen the Common Vulnerabilities and Exposures (CVE) program following a critical funding scare in 2025 that nearly disrupted its operations. The CVE program, operated by MITRE under government sponsorship, is essential for identifying and cataloging cybersecurity vulnerabilities globally. After its contract with MITRE almost lapsed in April 2025, jeopardizing continuity, CISA extended funding temporarily. Andersen emphasized transitioning the CVE program from a growt…
Read More

The Chief Secretary of Jammu and Kashmir, Atal Dulloo, reviewed the implementation of the Cyber Security Action Plan, noting significant progress in securing government IT systems. Key initiatives include the security audit of departmental websites and the installation of advanced cyber defense solutions. Dulloo emphasized the need for a proactive approach to cyber security and the early rollout of the e-SAM portal, which will facilitate comprehensive monitoring and inventory of IT assets. This initiative is crucial for enhancing the region’s cyber resilience and ensuring effective governance…
Read More

South Korea and NATO held high-level talks on September 11, 2025, in Seoul to enhance cybersecurity cooperation, underscoring the urgent global need to confront escalating cyber threats. Led by South Korea’s Ambassador for International Cyber Affairs Lee Tae Woo and NATO Assistant Secretary General Jean-Charles Ellermann-Kingombe, the discussions focused on boosting collaboration in countering cyber attacks and assessing cybersecurity risks across both the Indo-Pacific and Euro-Atlantic regions. This initiative, launched as a high-level cyber dialogue in 2023, aims to deepen cooperation in c…
Read More

Apple’s latest iPhone 17 and iPhone Air have introduced a new security feature called Memory Integrity Enforcement (MIE), designed to combat memory corruption vulnerabilities often exploited by spyware developers. MIE significantly enhances device security by raising the cost and complexity for spyware creators, potentially making iPhones some of the most secure devices available. Experts believe this feature will reduce the efficacy of both remote hacks and physical device attacks, although no system can be entirely foolproof. While MIE marks a significant advancement in cybersecurity, its ov…
Read More

Union Minister of State for Home Affairs, Bandi Sanjay Kumar, urged collective action and the development of indigenous cybersecurity solutions to combat the surge in cyber threats during the Cyber Cop 2025 Awards held on September 11, 2025, in Hyderabad. Speaking at the Central Detective Training Institute, Ramanthapur, he emphasized that cybersecurity is an integral component of national security amid India’s ongoing digital revolution. The Minister highlighted the significance of hackathons, which bring together startups, professionals, and students to innovate against challenges like cry…
Read More

The Telangana Cyber Security Bureau, with the Department of Telecommunications, dismantled an illegal SIM box operation in Hyderabad, arresting three individuals. The investigation revealed that Hidayathullah, facing financial troubles, was lured into setting up the SIM box by a contact named Venissa from Hong Kong, who promised financial gains from internet traffic. The operation involved fraudulent SIM cards supplied by POS agents, facilitating international calls as local ones, thereby enabling cyber fraud. Authorities have cautioned the public against interacting with strangers using forei…
Read More

Microsoft is set to enhance security for its Teams platform with a new feature that automatically warns users about potentially malicious links in chat messages, expected to roll out in public preview in September 2025. The system utilizes threat intelligence and machine learning to flag harmful URLs, providing warnings that inform both the recipient and sender. This proactive measure complements existing security tools, offering an additional layer of defense against phishing and malware threats, crucial for the over 320 million monthly active users. By enabling such robust features, Microsof…
Read More

A recent DDoS attack detected by FastNetMon reached an unprecedented 1.5 billion packets per second, targeting a European DDoS scrubbing service. This highlights a growing trend of large-scale attacks utilizing hijacked IoT devices, as seen in previous attacks, including one reported by Cloudflare at 11.5 Tbps. The rapid detection capabilities of FastNetMon’s Advanced platform mitigated potential service outages. Experts stress the need for ISPs to adopt proactive measures against outgoing attacks, emphasizing that the increase in unsecured devices poses a significant threat. A collaborative a…
Read More

A recent study highlights a growing cybersecurity threat where attackers are embedding malicious prompts in macros, particularly targeting generative AI systems. This method, part of a broader trend of adversarial tactics, necessitates that organizations apply robust protections typically reserved for software development to AI environments. Experts emphasize the importance of recognizing these novel injection techniques, which exploit document macros to compromise AI file analysis systems. As AI continues to evolve, the adaptation of cybersecurity strategies to include these emerging threats…
Read More

The Indian Computer Emergency Response Team (CERT-In) has issued urgent advisories regarding high-severity vulnerabilities in widely used applications, specifically Zoom and Microsoft Edge (Chromium-based). The advisories highlight critical flaws that could facilitate denial-of-service attacks, unauthorized access, and exploitation of sensitive data. Users are urged to apply immediate updates to mitigate these risks, particularly as Zoom products and Microsoft Edge versions before certain updates are affected. This situation underscores the importance of cybersecurity vigilance in protecting d…
Read More

The UK’s impending Cyber Security and Resilience Bill is prompting Managed Service Providers (MSPs) to reassess their reliance on Microsoft 365 for cybersecurity, as native tools alone may not offer adequate protection against evolving threats. CyberSentriq emphasizes the necessity for a layered security strategy to comply with stricter regulations and to effectively manage risks such as Business Email Compromise and advanced phishing attacks. The call for MSPs to adopt proactive cyber resilience underscores the growing importance of integrating third-party security solutions alongside exist…
Read More

Bitdefender researchers have revealed the EggStreme malware, linked to a Chinese advanced persistent threat group, targeting a Philippine military company. This sophisticated cyber espionage tool operates stealthily as a multi-stage, fileless framework, using legitimate system binaries to evade detection while enabling extensive data theft and system manipulation. The attack underscores the growing Chinese focus on military espionage in the Asia-Pacific, posing a significant threat to regional stability. In light of these developments, it is imperative for nations like India to enhance their c…
Read More

India’s micro, small and medium enterprises (MSMEs) are now mandated to undergo annual cybersecurity audits under new guidelines issued by the Indian Computer Emergency Response Team (CERT-In) on September 1, 2025. This move follows a broader July 25 policy requiring all public and private organizations to ensure comprehensive cybersecurity audits to safeguard India’s digital ecosystem. The MSME-specific framework establishes a minimum cybersecurity baseline with 15 elemental controls mapped to 45 security recommendations, focusing on asset inventories, network security, timely patching, stron…
Read More

U.S. Senator Ron Wyden has urged the Federal Trade Commission to investigate Microsoft for alleged cybersecurity negligence, linking the company’s practices to significant ransomware attacks on critical infrastructure, including healthcare organizations. Wyden criticized Microsoft’s default configurations and outdated encryption technologies, asserting these practices threaten U.S. national security. A Microsoft spokesperson countered that while RC4 encryption is being phased out, its complete removal could disrupt customer systems. This incident highlights the ongoing concern over cybersecuri…
Read More

China’s use of generative AI in its propaganda efforts raises significant global concerns, as it enables the creation of misleading content tailored to local contexts, impacting regions like Hong Kong and Taiwan. Recent findings reveal a systematic approach to create fake news websites and social media personas, amplifying Beijing’s narratives in multiple languages while simulating organic engagement. This strategy aims to influence public opinion and political discourse, particularly in the United States. Such operations highlight the urgent need for vigilance and countermeasures from democra…
Read More

The U.S. Department of Defense has finalized the Cybersecurity Maturity Model Certification (CMMC) rules, mandating contractors to demonstrate compliance with strict cybersecurity standards to qualify for contracts, effective November 9. This initiative aims to bolster the cybersecurity posture of the defense industrial base, requiring contractors to maintain continuous compliance and undergo assessments. The phased rollout over three years is designed to minimize disruption, particularly for smaller entities. This rigorous framework will enhance the protection of sensitive unclassified inform…
Read More

Microsoft has addressed 80 security vulnerabilities in its software, with eight rated as critical. Notably, CVE-2025-55234, a privilege escalation flaw in Windows SMB, has been marked as publicly known, while Azure Networking vulnerability CVE-2025-54914 received a rare CVSS score of 10.0. The majority of flaws pertain to privilege escalation and remote code execution, raising concerns about potential man-in-the-middle attacks. Experts emphasize that merely applying patches is insufficient; administrators need to enhance auditing and hardening measures to secure their environments effectively…
Read More

Experts are raising alarms about significant security flaws in X’s new encrypted messaging feature, XChat, which claims end-to-end encryption but falls short with unencrypted metadata and lack of protection for media attachments. The implementation lacks key security protocols like Perfect Forward Secrecy, making it vulnerable to potential attacks. Critics warn that this could mislead users into believing their communications are secure when they may not be, contrasting it with proven alternatives like Signal, which offers robust encryption standards. The call for transparency in cryptographic…
Read More

Chinese lawmakers are considering a draft amendment to the Cybersecurity Law that introduces stricter certification requirements and penalties for cybersecurity incidents affecting critical sectors. This move, reflecting heightened global cybersecurity concerns, aims to restrict untrusted products in critical information infrastructure, imposing fines up to $1.4 million for severe incidents. Critics argue this amendment reinforces China’s authoritarian control over the digital space and seeks to challenge Western norms. The legislation exemplifies China’s broader strategy to assert sovereignty…
Read More

The Australian Cyber Security Centre (ACSC) has issued a warning regarding the active exploitation of a critical vulnerability (CVE-2024-40766) in SonicWall SSL VPN appliances, which could allow unauthorized access and potential firewall crashes. This high-severity flaw affects multiple SonicWall device generations, particularly those that did not reset local user passwords during recent migrations. SonicWall has urged immediate firmware updates and the implementation of multi-factor authentication to mitigate risks. Organizations are advised to audit their systems closely, enhance access cont…
Read More

The global spyware market continues to expand, with a significant increase in US-based investments, now the largest contributor to this sector, raising concerns about human rights abuses and national security risks. The latest report highlights the critical role of resellers and brokers, often overlooked, in facilitating the market’s growth and obscuring supply chains. This situation underscores the urgent need for enhanced transparency and accountability mechanisms in addressing the proliferation of spyware capabilities. Policymakers must adapt their strategies to effectively counter the evol…
Read More

Microsoft has addressed two significant vulnerabilities in its BitLocker encryption feature, tracked as CVE-2025-54911 and CVE-2025-54912, which could allow authorized attackers to gain SYSTEM privileges on compromised machines. These Use-After-Free vulnerabilities pose a risk of privilege escalation, enabling malicious actors to execute arbitrary code and potentially take over systems. Although exploitation is considered less likely due to the requirement of low-level privileges and user interaction, Microsoft has urged users to promptly apply updates from the September 2025 Patch Tuesday to…
Read More

Italian defense giant Leonardo is actively enhancing Europe’s cyber-defense capabilities by acquiring Nordic firms, including a significant stake in Finnish cybersecurity firm SSH and Swedish specialist Axiomatics. CEO Roberto Cingolani emphasized these acquisitions are part of a strategic vision to foster sovereign digital ecosystems in Europe, focusing on Zero Trust principles in cybersecurity. As threats evolve with increasing digitization and AI integration, Cingolani asserts that cyber resilience is critical for defense systems across all domains. This proactive approach positions Leonard…
Read More

The Indian Army has successfully implemented SAMBHAV, an indigenous secure communication platform, during Operation Sindoor against Pakistan, marking a pivotal shift towards self-reliance in technology under the Atmanirbhar Bharat initiative. By avoiding commercial applications like WhatsApp, the Army significantly enhanced its operational security, enabling real-time coordination in combat operations. SAMBHAV, with features like multi-tier authentication and integration with 5G networks, aims to fortify India’s command and control capabilities while safeguarding sensitive data from adversar…
Read More

The Indian Army successfully utilized its indigenously developed secure mobile ecosystem, SAMBHAV, during Operation Sindoor, as confirmed by Chief of the Army Staff Gen Upendra Dwivedi. This operation marks a significant shift towards using home-grown technology for secure communications, enhancing operational effectiveness while reducing reliance on global messaging platforms. SAMBHAV, designed in line with Atmanirbhar Bharat, offers instant connectivity and multi-layered encryption, supporting modern warfare needs. The initiative reflects India’s commitment to boosting indigenous capabilitie…
Read More