Policy
-
US watchdog cites NIST for mismanaging vulnerability database, duplicate work
A Commerce inspector general report said NIST mismanaged the National Vulnerability Database, leaving a backlog of more than 27,000 unprocessed flaws and duplicating work with CISA. The agency agreed to fix six problems.
-
CISA adds exploited Langflow and Trend Micro flaws to vulnerability catalog
CISA added exploited flaws in Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities catalog on Thursday, citing active attacks. Federal civilian agencies must patch the issues by June 4, 2026.
-
Vietnam moves to build domestic cloud for government workloads
Vietnam plans to build a national cloud platform by 2030 to replace foreign cloud services for government workloads, according to a new decision that also targets data sovereignty, cybersecurity and broader digital state reforms.
-
Two US nationals sentenced for helping North Korea run laptop farms
Two U.S. nationals were sentenced to 18 months in prison for hosting laptops that helped North Korea’s remote IT worker scheme, which affected nearly 70 U.S. companies and generated about $1.2 million.
-
US commerce unit expands AI model testing agreements with Google, Microsoft and xAI
A US commerce unit has signed agreements with Google DeepMind, Microsoft and xAI to test frontier AI models before release, joining earlier deals with Anthropic and OpenAI as Washington weighs broader oversight.
-
FTC to bar Kochava from selling Americans’ location data without consent
The FTC will bar Kochava and its subsidiary from selling precise location data without explicit consent, settling a case over data tied to hundreds of millions of mobile devices and alleged tracking of sensitive places.
-
EU awards sovereign cloud tender worth up to 180 million euros
The European Commission awarded a cloud services tender worth up to €180 million over six years to four Europe-based provider groups, part of a wider effort to build sovereign cloud capacity for EU institutions and agencies.
-
European regulators largely excluded from early access to Anthropic’s Mythos model
European regulators have largely been excluded from early access to Anthropic’s Mythos cybersecurity model, while a small group of mostly U.S. tech companies and the UK AI Security Institute have been allowed to test it.
-
CISA adds six exploited flaws to Known Exploited Vulnerabilities catalog
CISA added six vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, including flaws in Fortinet, Adobe and Microsoft products. Federal agencies face April 27, 2026 deadlines for most fixes.
-
FBI warns Americans about data risks from Chinese mobile apps
The FBI warned Americans about privacy and data security risks from foreign-developed mobile apps, especially those made by Chinese developers, saying some can collect extensive data and store it on servers in China.
