Federal audit reveals NIST’s NVD is plagued by poor planning and duplication
A report from the Commerce Inspector General details how mismanagement allowed a backlog of 27,000 unprocessed security flaws to grow unchecked, while the ag...
Cyberscoop
20 articles
House panel poised to hold hearing centered on AI impact on cyber
It’s part of a series of examinations at the House Homeland Security Committee that now will include a public event. The post House panel poised to hold hear...
Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket
Michele Spagnuolo allegedly placed multiple trades on the prediction marketplace, abusing internal access to Google’s nonpublic data on the most searched peo...
Zapier fixes bug chain that researchers say risked widespread account takeover
Security researchers chained together five separate weaknesses in the popular workflow automation service Zapier that, if first discovered by a malicious act...
OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms
The announcement builds on work from major tech firms in 2024 to combat AI-infused election chicanery. The post OpenAI heralds cybersecurity, election interf...
FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person
Silent Ransom Group isn’t prolific, but it's demonstrated a knack for attacking the legal services sector with an extraordinary dual use of social engineerin...
UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace
Anne Keast-Butler, head of the GCHQ, said her agency was developing an artificial intelligence-powered cyber shield as other nations were deploying AI in war...
CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain
CrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that help...
Apple open-sources quantum-resistant encryption code
The release includes implementations of two quantum-secure algorithms and demonstrates how formal verification caught bugs that traditional testing would hav...
White House charts new course for federal agencies and cybersecurity logging
A Trump administration memo published last week replaces one from its predecessor, with at least one analyst fearful of potential harmful results. The post W...
Anthropic: Mythos finds more than 10,000 software flaws in first month
Early results show a tenfold jump in bug discovery at some partners, and a widening gap between finding flaws and fixing them. The post Anthropic: Mythos fin...
FBI warns about fast-growing phishing kit targeting Microsoft 365 users
Kali365, which was first observed in April, abuses legitimate Microsoft device authorization pages to grant persistent access to cybercriminal-controlled app...
Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada
Jacob Butler, a 23-year-old from Ottawa, awaits extradition to the United States and faces up to 10 years in prison. The post Alleged leader of Kimwolf, a sw...
Lawmakers from both parties say CISA cuts have gone too far
Reps. Don Bacon, R-Neb.
Trump postpones executive order focused on AI security
Under a draft executive order, the NSA, Treasury Department and other federal agencies would get 90-days to test new models for cybersecurity and national se...
CISA chief frets about open-source vulnerabilities, delayed security improvements
Acting director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. The post CISA chief frets ab...
European authorities take down prolific cybercrime VPN service
Officials arrested the alleged administrator of First VPN, seized its servers and domains. Europol said the service appeared in almost every major recent cyb...
The readiness paradox: Why a false sense of cyber confidence is becoming a liability
As AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and ...
Meet Rampart and Clarity, Microsoft’s new red team combo AI agents
Microsoft’s AI red team lead talked to CyberScoop about the goals behind open sourcing a pair of security tools meant for developers and incident responders....
GitHub says internal repositories were taken in poisoned VS Code extension attack
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension...