Register Now! NCCoE Manufacturing Cybersecurity Response and Recovery Project Update Webinar
Reserve Your Virtual Seat: NCCoE Manufacturing Project Update The NIST NCCoE will host a virtual event on June 4, 2026, to provide an overview of upcoming guidelines on improving cybersecurity incident response and recovery capabilities for organizations operating industrial control systems (ICS) and operational technology (OT) environments. This event will highlight approaches organizations can use …
Continue reading Register Now! NCCoE Manufacturing Cybersecurity Response and Recovery Project Update WebinarThu, 28 May 2026 17:17:17 +0000
NIST Releases SP 800-172r3 and SP 800-172Ar3: Enhanced Security Requirements and Assessment Procedures for Protecting CUI
As part of ongoing efforts to strengthen protections for securing controlled unclassified information (CUI) in nonfederal systems, NIST has released the following final publications: In addition to these documents, NIST is also releasing both the enhanced security requirements and assessment procedures in the Cybersecurity and Privacy Reference Tool (CPRT) and in Open Security Controls Assessment …
Continue reading NIST Releases SP 800-172r3 and SP 800-172Ar3: Enhanced Security Requirements and Assessment Procedures for Protecting CUIThu, 28 May 2026 17:16:30 +0000
Uptick in Compromised Airline Accounts and Loyalty Fraud
Airline accounts contain a wealth of sensitive data, including passenger names, contact information, passport numbers, and financial information. These accounts may be linked to loyalty programs that allow passengers to earn miles or points that serve as a form of currency. These accumulated miles or points can be redeemed for free or discounted flights, seat …
Continue reading Uptick in Compromised Airline Accounts and Loyalty FraudThu, 28 May 2026 17:15:20 +0000
Multiple Vulnerabilities in NGINXCould Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in NGINX. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may allow an unauthenticated threat actor to crash vulnerable NGINX worker processes by sending crafted HTTP requests. Additionally, for systems with Address Space Layout Randomization (ASLR) …
Continue reading Multiple Vulnerabilities in NGINXCould Allow for Remote Code ExecutionThu, 28 May 2026 17:13:50 +0000
New NIST Draft Publication: Responding to and Recovering from a Cyber Attack
Now Available for Public Comment!NIST SP 1800-41, Responding to and Recovering from a Cyber Attack The NIST National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST Special Publication 1800-41, Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector, which provides guidelines on response and recovery activities …
Continue reading New NIST Draft Publication: Responding to and Recovering from a Cyber AttackThu, 28 May 2026 17:12:14 +0000
Kali365 Phishing-as-a-Service Kit Hijacks Microsoft 365 Access Tokens
The Federal Bureau of Investigation (FBI) issued this Public Service Announcement (PSA) to warn the public about an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, first seen in April 2026. Kali365 has primarily been distributed via Telegram, enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the …
Continue reading Kali365 Phishing-as-a-Service Kit Hijacks Microsoft 365 Access TokensThu, 28 May 2026 17:11:14 +0000
First VPN Service Used by Ransomware Actors to Compromise Systems
The Federal Bureau of Investigation (FBI) released this FBI Liaison Alert System (FLASH) to disseminate indicators of compromise (IOCs) and identified tactics, techniques, and procedures (TTPs) associated with the First VPN Service. The service has been active since approximately 2014 and currently provides 32 exit node servers in 27 countries. At least 25 ransomware groups, such …
Continue reading First VPN Service Used by Ransomware Actors to Compromise SystemsThu, 28 May 2026 17:09:34 +0000
Deadline Two Days Away: New Funding to Fuel Your Cybersecurity Workforce Development Efforts
On April 14, 2026, NIST announced a new Notice of Funding Opportunity (NOFO) to support Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) cybersecurity education and workforce development. The funding expands the existing RAMPS program and anticipates awarding up to sixteen (16) new awards of up to $200,000 through cooperative agreements. The authorized period of …
Continue reading Deadline Two Days Away: New Funding to Fuel Your Cybersecurity Workforce Development EffortsThu, 28 May 2026 17:08:20 +0000
Register Now: NIST Workshop on Hardware CPE and CVSS Updates – June 22, 2026
Register now for the NIST Workshop on Hardware CPE and CVSS Updates NIST will host a workshop on proposed updates to Common Platform Enumeration (CPE) and the Common Vulnerability Scoring System (CVSS) for hardware. The workshop gathers community feedback on draft revisions to how hardware is identified and how hardware vulnerabilities are scored, and that …
Continue reading Register Now: NIST Workshop on Hardware CPE and CVSS Updates – June 22, 2026Thu, 28 May 2026 16:44:08 +0000
Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup
The Federal Bureau of Investigation (FBI) issued this Public Service Announcement (PSA) to warn the public that cyber threat actors are conducting spoofing attacks against the Fédération Internationale de Football Association (FIFA ) website in advance of the 2026 FIFA World Cup. A spoofed website is designed to pose as a legitimate website, with branding, …
Continue reading Threat Actors Spoofing FIFA Websites in Advance of the 2026 World CupThu, 28 May 2026 16:33:21 +0000