#critical-infrastructure

#critical-infrastructure

The US State Department has put a $10 million bounty on the heads of three Russians accused of being intelligence agents hacking America's critical infrastructure - primarily via old Cisco kit, it seems. The alert directly connects them to reports of the Russian Federal Security Service's (FSB) Center 16 - aka Berserk Bear - accused of using a flaw (CVE-2018-0171) Cisco patched in 2018, but attackers recently exploited it in the Salt Typhoon hacking campaign,

A Deutsche Bahn (DB) spokeswoman told the dpa news agency that the fire appeared to have been fueled by an accelerant. Initial findings indicated cable sheathing had been set on fire near railway switches the mechanisms that let a train move from one track to another. Police described it as a "switch fire" that was large enough to have been noticed by a nearby resident who informed authorities shortly before midnight.

Let's dig into what this really means, why it matters, and where we go from here. But then I thought a bit more. It's not just necessary-it's overdue. And not only for national security systems. This gap in software understanding exists across nearly every enterprise and agency in the public and private sector. The real challenge is not recognizing the problem. It's addressing it early, systemically and sustainably-especially in a DevSecOps context.

At least one implementation of the end-to-end encryption solution endorsed by ETSI has a similar issue that makes it equally vulnerable to eavesdropping.

ENISA found a need to align requirements across borders in each NIS sector, emphasizing that collaboration must be strengthened through community building events and cooperation.

The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months.