Federal Audit Reveals NIST’s NVD Is Plagued by Poor Planning and Duplication
The Department of Commerce’s inspector general flagged serious mismanagement at NIST’s National Vulnerability Database (NVD). A backlog of unprocessed flaws ballooned from roughly 13,000 in mid‑2024 to over 27,000 by the end of 2025, far exceeding the agency’s pledged processing rate. Analysts spend 80% of their time on redundant severity scoring and product identification, with scores matching independent evaluators only 12% of the time. Duplicate work with CISA has wasted about $200,000, prompting six corrective recommendations that NIST has accepted.
OpenAI Heralds Cybersecurity, Election Interference Safeguard Plans for 2026 Midterms
OpenAI announced a five‑point strategy to protect the 2026 U.S. midterm elections, focusing on reliable voting information, cybersecurity assistance, deep‑fake watermarking, strict policy enforcement, and reducing political bias in its models. The company is making its Codex Security and Trusted...
UK Spy Chief Labels AI ‘Unstoppable Force’ with Offensive, Defensive Ramifications for Cyberspace
UK intelligence chief Anne Keast‑Butler warned that artificial intelligence is an “unstoppable force” reshaping cyberspace, allowing technology to be weaponized just below the threshold of conventional warfare. She highlighted GCHQ’s recent rollout of defensive, agentic AI tools integrated into its...
Apple Open-Sources Quantum-Resistant Encryption Code
Apple has released the source code for two quantum‑secure algorithms, ML‑KEM and ML‑DSA, along with the formal verification tools used to prove their correctness. The implementations are integrated into Apple’s CoreCrypto library, which secures encryption, decryption, hashing, and digital signatures...
Trump Postpones Executive Order Focused on AI Security
President Donald Trump announced a postponement of an executive order that would have created a 90‑day voluntary testing and vetting regime for frontier AI models. The draft order would have empowered the NSA, Treasury and several cybersecurity agencies to evaluate...
Attackers Hit Vulnerabilities Hard Last Year, Making Exploits the Top Entry Point for Breaches
Verizon’s 2026 Data Breach Investigations Report shows exploits became the leading initial access vector, responsible for 31% of over 22,000 breaches—up from 20% the prior year. Only 26% of critical vulnerabilities in the CISA Known Exploited Vulnerabilities (KEV) catalog were...
Microsoft Disrupts Cybercrime Service that Abused Software Verification Systems en Masse
Microsoft’s Digital Crimes Unit secured a court order to dismantle Fox Tempest, a threat group that ran a malware‑signing‑as‑a‑service. The group sold more than 1,000 forged code‑signing certificates, charging up to $9,500 each, enabling ransomware gangs to bypass security controls....
AI Might Cut False Positives, but It Won’t Stop the Slop
Defenders are deploying powerful AI models such as Anthropic’s Mythos and OpenAI’s Daybreak, flooding bug bounty programs with a surge of vulnerability reports. GitHub has responded by tightening its definition of a “complete” report, citing a dramatic rise in AI‑generated...
Interpol Leads Cybercrime Crackdown Across 13 Countries in Middle East, North Africa
Interpol spearheaded Operation Ramz, a coordinated cybercrime crackdown across 13 Middle East and North Africa nations. The four‑month effort resulted in 201 arrests, the seizure of 53 servers and the identification of 382 suspects, disrupting phishing, malware and financial‑fraud services that...
Former CISA Nominee Sean Plankey Named US CEO of Defense Startup
Sean Plankey, the former nominee for CISA director, has been appointed U.S. chief executive officer of London‑based defense startup UFORCE. The company, formed from nine Ukrainian firms, recently reached a $1 billion valuation and is shifting production of combat drones and unmanned...
Pentagon Cyber Official Calls Advanced AI ‘Revolutionary Warfare’
Pentagon cyber policy chief Paul Lyons warned that frontier AI models such as Anthropic’s Mythos represent a "revolutionary warfare" shift, fundamentally altering both offensive and defensive cyber operations. The department has labeled Mythos a supply‑chain risk after Anthropic resisted Pentagon...
White House Cyber Official: Identity Security Matters More than Ever in the Age of AI
White House cyber official Nick Polk warned that as AI becomes embedded in federal IT, identity security is the critical gatekeeper against attacks. AI tools can speed up exploitation but still need valid credentials, making strong authentication and monitoring essential....
Researchers Say AI Just Broke Every Benchmark for Autonomous Cyber Capability
Researchers at the UK AI Security Institute and Palo Alto Networks found that Anthropic’s Claude Mythos Preview and OpenAI’s GPT‑5.5 have outpaced the previously observed doubling trend in autonomous cybersecurity task performance. In AISI’s cyber‑range simulations, Claude Mythos completed both...
Weaponized AI: The New Frontier of Fraud and Identity Spoofing
Enterprises are confronting a surge in AI‑generated fraud as criminals weaponize generative models to mass‑produce synthetic identities and deepfake impersonations. In the past 24 months, synthetic identities have risen 100‑fold and deepfake‑driven attacks sevenfold, with Deloitte forecasting U.S. AI‑enabled fraud...
Major World Economies Spell Out Key Elements of AI ‘Ingredients List’
A coalition of G7 government agencies released voluntary guidance on AI software bill of materials (SBOM), outlining the minimal elements an AI "ingredients list" should contain. The guidance expands on prior SBOM standards, covering model provenance, dataset lineage, infrastructure, cybersecurity...