Policy & Regulation
-
FBI warns about 2 campaigns targeting Salesforce instances
The threat groups, identified as UNC6040 and UNC6395, have used different tactics to gain access to data.
By David Jones • Sept. 15, 2025 -
CISA pledges robust support for funding, further development of CVE program
A key official from the agency said the vulnerability management program will continue with additional participation and enhancements.
By David Jones • Sept. 12, 2025 -
Explore the Trendline➔
Nattakorn Maneerat via Getty Images -
National cyber director says US must shift risk burden toward adversaries
In his first major address after confirmation, Sean Cairncross said the U.S. needs to take bold, coordinated steps to counter authoritarian rivals.
By David Jones • Sept. 10, 2025 -
Deep Dive
How AI and politics hampered the secure open-source software movement
Tech giants pledged millions to secure open-source code. Then AI came along.
By Eric Geller • Sept. 9, 2025 -
Deep Dive
FCC investigation could derail its own IoT security certification program
Internet of Things device makers are eager to participate, but the commission’s concerns about its lead administrator have halted progress of the U.S. Cyber Trust Mark program.
By Eric Geller • Sept. 2, 2025 -
Federal, state officials investigating ransomware attack targeting Nevada
The Sunday attack disrupted key services across the state and led to the theft of some data.
By David Jones • Updated Aug. 29, 2025 -
US charges Oregon man in vast botnet-for-hire operation
Federal prosecutors called Rapper Bot one of the most powerful DDoS botnets in history.
By David Jones • Aug. 21, 2025 -
NIST seeks input on control overlays for securing AI systems
The federal agency plans to develop guidance to organizations about various AI use cases.
By David Jones • Aug. 18, 2025 -
Trump administration cyber cuts eroding private sector’s trust, confidence
A report by Swimlane shows companies are reducing cybersecurity spending and security teams are experiencing increasing pressure.
By David Jones • Updated Aug. 14, 2025 -
White House urged to revamp cyber regulations
A leading trade group said the Trump administration should rein in a major pending cybersecurity rule as well as embrace AI-based cyber defenses.
By Eric Geller • Aug. 14, 2025 -
DOJ, international partners take down BlackSuit group’s infrastructure
BlackSuit has been among the most prolific ransomware gangs in recent years, targeting government agencies, critical manufacturing companies and healthcare firms.
By David Jones • Aug. 11, 2025 -
Cyber experts ponder a non-government future for the CVE program
Organizations supporting the security vulnerability program said it needed changes to improve stability and rebuild trust.
By Eric Geller • Aug. 11, 2025 -
CISA officials say agency is moving ahead despite workforce purge
Two senior officials defended the agency’s progress amid concerns about the effects of mass layoffs and budget cuts.
By Eric Geller • Aug. 8, 2025 -
US still prioritizing zero-trust migration to limit hacks’ damage
The zero-trust initiative, which gained steam during the Biden administration, is still underway.
By Eric Geller • Updated Aug. 7, 2025 -
CISA’s relationship with industry needs work to reestablish trust, experts say
Critics say budget cuts, job losses have hurt the agency’s ability to coordinate with private industry.
By David Jones • Aug. 6, 2025 -
Senate confirms Trump’s national cyber director nominee
Sean Cairncross, a political veteran without significant cybersecurity experience, could turn the relatively new White House office into a major player in the administration.
By Eric Geller • Aug. 3, 2025 -
DOJ reaches $9.8 million settlement with Illumina over cyber whistleblower claims
The U.S. alleged the company knowingly sold genetic-sequencing systems with software vulnerabilities to federal agencies.
By David Jones • Updated Aug. 1, 2025 -
FBI, CISA warn about Scattered Spider’s evolving tactics
International authorities are pursuing the group following the arrests of four suspects in a series of attacks targeting British retailers.
By David Jones • July 29, 2025 -
Retrieved from Senate Homeland Security Committee.
Senators push CISA director nominee on election security, agency focus
Sean Plankey said he would double down on CISA’s core mission and “allow the operators to operate.”
By Eric Geller • July 24, 2025 -
Trump AI plan calls for cybersecurity assessments, threat info-sharing
It remains unclear how federal agencies depleted by layoffs will be able to implement the strategy’s ambitious vision, which includes an ISAC dedicated to AI.
By Eric Geller • July 23, 2025 -
Lapsed CISA contract impedes national lab’s threat-hunting operations
The CyberSentry program remains operational, according to CISA, with analysts outside the lab continuing to review sensor data.
By Eric Geller • July 23, 2025 -
Deep Dive
Dwindling federal cyber support for critical infrastructure raises alarms
A plan to transfer cybersecurity and resilience responsibilities to states could have major unintended consequences.
By Eric Geller • July 22, 2025 -
Top US senator calls out supply-chain risk with DoD contractors
The Senate Intelligence Committee chairman questioned the security of Microsoft’s “digital escort” arrangement with its Chinese employees.
By Eric Geller • Updated July 18, 2025 -
Pacheco, Isaac. Retrieved from U.S. Department of State / Flickr.
State Department cyber diplomacy firings and changes threaten US defenses
Departures and restructuring will make it harder for the agency to pursue global policies that strengthen U.S. critical infrastructure, experts said.
By Eric Geller • July 17, 2025 -
UK authorities arrest 4 people in probe of retail cyberattack spree
The arrests mark the first major break in a case linked to the Scattered Spider cybercrime group, although additional work continues with multiple agencies.
By David Jones • Updated July 10, 2025