Policy
-
NIST Revamps Security Controls to Tighten Software Updates and Patch Management
NIST has revised its Security and Privacy Control Catalog to strengthen software update and patch management, introducing changes aimed at better incident response, root-cause analysis, and cyber resiliency to reduce the window of exposure in software supply chains.
-
Healthcare Services Group breach affects more than 624,000 individuals
Healthcare Services Group said a data breach exposed the personal information of more than 624,000 individuals, with unauthorized access occurring between Sept. 27 and Oct. 3, 2024 and notifications sent on Aug. 25, 2025. Data types varied but included identifiers and financial details; credit monitoring is being offered, and there is no current evidence of…
-
SSA whistleblower alleges DOGE duplicated NUMIDENT in unauthorized cloud, risking Americans’ data
A government whistleblower alleges that DOGE, a non-official federal client, copied the NUMIDENT database into an unauthorized cloud environment, risking all Americans’ Social Security data, with additional claims of improper access and potential privacy violations.
-
Interpol-led Africa cybercrime crackdown nets 1,209 arrests, $97.4 million recovered
Interpol says authorities across 18 African countries arrested 1,209 cybercriminals in the second phase of Operation Serengeti 2.0, recovering $97.4 million and dismantling thousands of illicit infrastructures as part of a broad cross-border crackdown on ransomware, online scams and business email compromise.
-
Microsoft restricts Chinese firms’ access to vulnerability warnings amid SharePoint attacks
Microsoft has restricted certain Chinese firms from its vulnerability early warning program after concerns that data could be linked to a wave of SharePoint server attacks, sparking debate over governance and the global sharing of threat intelligence.
-
UK Drops Apple Backdoor Mandate as U.S. Vows to Protect Americans’ Civil Liberties over Encryption
The U.K. reportedly abandoned a government plan to compel Apple to weaken encryption and enable a backdoor, signaling a shift in how authorities approach access to encrypted data while U.S. officials emphasize protecting civil liberties for Americans.
-
N-able N-central: More Than 800 On-Premises Servers Remain Unpatched as Two Critical Flaws See Active Exploitation
More than 800 N-able N-central servers remain unpatched against two critical, actively exploited flaws (CVE-2025-8875 and CVE-2025-8876), prompting federal and private-sector action as researchers warn that thousands of instances remain exposed online. Patch guidance and regulatory responses are being rolled out as investigations continue into the scope of exploitation.
-
Dutch Public Prosecution Service Begins Phased Relaunch After Cyberattack Delays Speed-Camera Network
Dutch prosecutors have begun a phased relaunch after a July cyberattack tied to Citrix vulnerabilities, with dozens of speed cameras still offline. The outage follows the first step in restoring services, including email access, as authorities coordinate with the judiciary and victim-support organizations amid ongoing concerns about system-wide interconnections.
-
NIST proposes AI security overlays built on SP 800-53, invites public feedback
NIST published a concept paper proposing a framework of AI security overlays built on SP 800-53 and opened a public call for input, detailing use cases like generative, predictive, and agentic AI while inviting feedback through COSAIS channels.
-
CISA Adds Two N-able N-central Vulnerabilities to KEV; MSP Patch Push Underway
U.S. authorities added two vulnerabilities in N-able N-central to the Known Exploited Vulnerabilities catalog, while noting no public exploitation has been reported. The flaws—CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection)—require authentication and have been patched in N-central versions 2025.3.1 and 2024.6 HF2, with upgrades urged for on-premises deployments.
