Security policy changes, regulatory updates, and compliance-relevant developments.
14 items
The EU court's adviser has ruled that banks must immediately refund phishing victims, even if the victim was negligent. This decision could significantly impact financial institutions' liability policies and cybersecurity measures.
The Trump administration's cyber strategy focuses on strengthening deterrence against adversaries, modernizing federal networks, protecting critical infrastructure, and investing in emerging technologies like AI and post-quantum cryptography.
EC-Council has introduced new AI-related certifications to enhance the U.S. cybersecurity workforce's readiness, reflecting growing demand for AI expertise in security.
EC-Council introduced four new AI certifications and updated its Certified CISO program to help bridge the gap between AI adoption and workforce readiness, particularly in the U.S. where 700,000 workers need reskilling.
CISA's 2025 cybersecurity year-in-review report documents a record 97 zero-day vulnerabilities exploited in the wild and identifies edge device exploitation and ransomware as the top threats to critical infrastructure.
NIST released final guidelines for organizations to transition from classical to post-quantum cryptographic algorithms, establishing timelines and priorities for migration across different use cases.
The EU Cyber Resilience Act's vulnerability reporting obligations take effect, requiring manufacturers of products with digital elements to report actively exploited vulnerabilities within 24 hours.
An expanded international law enforcement operation seized remaining LockBit ransomware infrastructure, arrested additional administrators, and released decryption keys benefiting thousands of victims.
PyPI now requires all newly published packages to include build provenance attestations using Sigstore, marking a major milestone in supply chain security for the Python ecosystem.
Google Cloud began enforcing mandatory multi-factor authentication for all user accounts, completing a phased rollout that started in late 2024 and affecting millions of cloud platform users worldwide.
CISA and NSA published joint guidance addressing security risks of AI system deployment in critical infrastructure, covering supply chain, model integrity, and adversarial attack mitigations.
The US Department of Justice announced federal charges against additional members of the Scattered Spider cybercriminal group responsible for high-profile social engineering attacks against major US corporations.
CISA and FBI publish joint guidance urging software manufacturers to adopt memory-safe programming languages and practices to eliminate buffer overflow vulnerabilities at their source.
CISA has issued an emergency directive ordering federal agencies to mitigate Ivanti Connect Secure vulnerabilities amid widespread exploitation by nation-state actors.