Category: Cyber Security CII sector

Cyber Security CII sector

Supply Chain Compromises Impact Nx Console and GitHub Repositories

Cyber Security CII sector, Industry News
CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and processes that support enterprise, cloud, and DevOps environments—specifically CI/CD pipelines, code extensions and workflows.
Threat actors leveraged a prior compromise of Nx developer systems to compromise a GitHub employee’s device through a poisoned third-party VS Code extension, resulting in unauthorized access and exfiltration of internal GitHub repositories. The malicious extension version (18.95.0) was distributed through VS Code’s automatic update mechanism, meaning systems with Nx Console previously installed may have received the malicious build without developers taking any manual installation action. GitHub released a security advisory on this activity, and CVE-2026-48027 has been assigned to the malicious version of Nx Console and added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
Additionally, in a campaign known as “Megalodon,” a cyber threat actor injected malicious GitHub Action workflows to harvest CI/CD secrets, cloud credentials, and tokens, impacting both development and deployment pipelines in public GitHub repositories.
CISA urges organizations to implement the following recommendations to detect and remediate a potential compromise:
- Monitor and audit workflow files and contributor activity for suspicious pull requests and direct commits, particularly those authored by automated accounts.
- Revert unauthorized changes, especially from automated accounts, e.g., build-bot, auto-ci, ci-bot, pipeline-bot and especially those made after May 18, 2026.
If your organization discovers a compromise resulting from previously compromised GitHub or Nx Console software, CISA recommends the following steps:
- Conduct a forensics review of CI/CD logs, cloud audit trails, and affected developer machines.
- Rotate/revoke all secrets including: all credentials, tokens, and secrets accessible to CI/CD pipelines, including API keys, cloud provider credentials (Amazon Web Services, Google Cloud Platform, Microsoft Azure), SSH keys, Docker/npm/PyPI/Vault/Terraform/Kubernetes tokens, GitHub/GitLab/Bitbucket tokens, and developer or pipeline secrets.
- Notify proper stakeholders if necessary.
CISA recommends the following best practices for using package repos:
- Wait at least three hours before pulling a new package. This gives the software community time to identify suspicious or malicious packages before they are widely downloaded.
- Pin software to specific trusted versions. Pinning software prevents pulling a malicious or unscreened package during the build process.
- Only pull packages from known and trusted sources. Relying on known and trusted sources reduces the likelihood of downloading a package that has been maliciously forked.
Leave a comment

CISA, NCSC-UK and Partners Release Cybersecurity Advisory on Chinese Government-Linked Covert Networks

Agency News, Cyber Security CII sector, Industry News
CISA and the United Kingdom’s National Cyber Security Centre, in collaboration with other federal and international partners, have released a cybersecurity advisory, Defending Against China-nexus Covert Networks of Compromised Devices, providing network defenders with vital tools and resources to combat the threat posed by Chinese government-linked threat actors’ use of covert networks of compromised devices.
The advisory outlines tactics, techniques, and procedures associated with Chinese government-linked covert networks built from compromised small-office-home-office routers, Internet of Things, and smart devices. It explains how threat actors leveraging these covert networks, including those previously tied to groups such as Volt Typhoon and Flax Typhoon, use large scale botnet infrastructure to obscure attribution and enable reconnaissance, intrusion, command-and-control, and data exfiltration.
The advisory provides tailored defensive guidance for cyber defenders to identify, baseline, and mitigate activity originating from dynamic, deniable covert networks to reduce the risk of organizational compromise.
CISA and partners recommend the following steps to protect against this threat:
• Map and understand network edge devices, developing a clear understanding of organizational assets and what should be connected to them.
• Baseline normal connections, especially to corporate VPNs or other similar devices.
• Maintain log collection and storage solutions to assist with detecting and responding to unauthorized access attempts.
• Implement multifactor authentication for remote connections.
For more information on Chinese government-linked threat actor activity, please visit CISA's China Threat Overview and Advisories page.
Leave a comment

CISA Helps Johnny Secure Operational Technology: New Guidance Addresses Cyber Risks from Legacy Protocols

Cyber Security CII sector, Industry News
CISA released the guidance Barriers to Secure OT Communication: Why Johnny Can’t Authenticate. This guidance highlights the known issues with insecure-by-design legacy industrial protocols and seeks to understand why the technology to secure these protocols is not widely adopted. CISA developed this guidance in partnership with operational technology (OT) equipment manufacturers and standard development organizations, by interviewing OT asset owners and operators to understand:
1. What motivates owners and operators to secure communication, and
2. What barriers prevent successful adoption from design through deployment and operations.
Legacy OT protocols lack strong protections against data alteration, device impersonation, and unauthorized access, making critical infrastructure vulnerable to cyber threats. Securing these protocols requires solutions that are practical for current operators as well as cyber experts. Based on the research conducted, CISA provides recommendations for how owners and operators can avoid the negative experiences of their peers, as well as recommendations to OT manufacturers to drive sustainable, more usable capabilities.
For OT Owners and Operators:
• Learn why message signing is the foundation for secure OT communication and when encryption is essential.
• Discover practical strategies for phased adoption of secure protocols to minimize operational risk.
• Identify which OT communications should be prioritized for enhanced security and resilience.
• Explore ways to simplify secure workflows and key management for easier implementation.
For Manufacturers:
• Gain insights from customer research to reduce customer friction and deliver more usable, secure products.
• Explore actionable recommendations to address cost and complexity barriers to secure communication.
• Learn how usability metrics like deployment time and ease of integration can differentiate your solutions and accelerate adoption.
CISA encourages critical infrastructure organizations and OT manufacturers to review and implement the recommendations in this guidance.
Leave a comment

Ignitis Gamyba Allocates €1.1 Million in Humanitarian Aid for Ukraine’s Critical Infrastructure

Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector
From September 2024 to this October, Ignitis Gamyba allocated €1.1 million in humanitarian aid to support the restoration of Ukraine’s war‑damaged energy infrastructure. According to the European Commission, this is the largest logistical operation it has ever coordinated.
In just over a year, 145 lorries loaded with equipment were dispatched from the Vilnius TE‑3 Combined Heat and Power Plant. According to the company’s calculations, a total of 2,681 tonnes of equipment have been allocated for humanitarian aid.
“In this challenging period, as Ukraine experiences continued russian aggression and the destruction of its energy infrastructure, we remain firmly committed to supporting the Ukrainian people. Lithuania’s initiative to relocate a full thermal power plant, with a combined heat and electricity capacity of nearly 1,000 MW, to Ukraine through the EU Civil Protection Mechanism is a powerful example of solidarity and cooperation. A thermal power plant of this size can provide heating for approximately half of Vilnius households. This support is necessary to rebuild the energy sector, which is vital to the daily lives of Ukrainians. I am sincerely grateful to all the countries, companies and institutions involved in this massive project. This operation only became possible through the efforts of all of our partners,” says Minister of Energy Žygimantas Vaičiūnas.
The principal activities of Ignitis Gamyba’s TE‑3 were suspended in 2015 due to high operating costs and an assessment that operation of the power units would not have a significant impact on the stability of the electric power system.
“For more than 30 years, this power plant provided heating for roughly half of Vilnius households. Now it is no longer being used, but the equipment we preserved and kept operational was able to contribute to restoring vital functions in Ukraine,” said Ignitis Group CEO Darius Maikštėnas.
The transfer of equipment was officially confirmed on 15 July 2024, following the signing of a support agreement between Ignitis Gamyba and the electricity distribution network operator in Ukraine. For security reasons, more detailed information about the aid being provided, including the exact names of the equipment as well as the power plants it will be going to, cannot be disclosed.
Leave a comment

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps

Agency News, Cyber Security CII sector, Industry News
In December 2025, a malicious cyber actor(s) targeted and compromised operational technology (OT) and industrial control systems (ICS) in Poland’s Energy Sector—specifically renewable energy plants, a combined heat and power plant, and a manufacturing sector company—in a cyber incident. The malicious cyber activity highlights the need for critical infrastructure entities with vulnerable edge devices to act now to strengthen their cybersecurity posture against cyber threat activities targeting OT and ICS.
A malicious cyber actor(s) gained initial access in this incident through vulnerable internet-facing edge devices, subsequently deploying wiper malware and causing damage to remote terminal units (RTUs). The malicious cyber activity caused loss of view and control between facilities and distribution system operators, destroyed data on human machine interfaces (HMIs), and corrupted system firmware on OT devices. While the affected renewable energy systems continued production, the system operator could not control or monitor them according to their intended design.
CERT Polska’s incident report highlights:
- Vulnerable edge devices remain a prime target for threat actors.
  - As indicated by CISA’s Binding Operational Directive (BOD) 26-02: Mitigating Risk From End-of-Support Edge Devices, end-of-support edge devices pose significant risks.
- OT devices without firmware verification can be permanently damaged.
  - Operators should prioritize updates that allow firmware verification when available; if updates are not immediately feasible, ensure that cyber incident response plans account for inoperative OT devices to mitigate prolonged outages.
- Threat actors leveraged default credentials, a vulnerability not limited to specific vendors, to pivot onto the HMI and RTUs.
  - Operators should immediately change default passwords and establish requirements for integrators or OT suppliers to enforce password changes in the future.
CISA and the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (DOE CESER) urge OT asset owners and operators to review the following resources for more information about the malicious activity and mitigations:
- CERT Polska’s Energy Sector Incident Report - 29 December 2025.
- CISA’s joint fact sheet with FBI, EPA, and DOE Primary Mitigations to Reduce Cyber Threats to Operational Technology.
- DOE’s Energy Threat Analysis Center’s threat advisories.
Leave a comment

Draft NIST Guidelines Rethink Cybersecurity for the AI Era

Agency News, Cyber Security CII sector, Industry News
Artificial intelligence (AI) is impacting many organizations’ activities, and cybersecurity is no exception. For anyone interested in the opportunities and risks at the intersection of cybersecurity and AI, the National Institute of Standards and Technology (NIST) has released a preliminary draft of its Cyber AI Profile.
The publication, whose full title is the Cybersecurity Framework Profile for Artificial Intelligence (NISTIR 8596), offers guidelines for using the NIST Cybersecurity Framework (CSF 2.0) to accelerate the secure adoption of AI. The profile helps organizations think about how to strategically adopt AI while addressing emerging cybersecurity risks that stem from AI’s rapid advance.
“Regardless of where organizations are on their AI journey, they need cybersecurity strategies that acknowledge the realities of AI’s advancement,” said Barbara Cuthill, one of the profile’s authors.
The draft resulted from a yearlong effort on the part of NIST cybersecurity and AI experts. Over that time, more than 6,500 individuals have joined the community of interest to contribute to NIST’s development of the profile. After releasing an initial concept paper in February 2025, conducting a workshop the following April, and hosting a series of community of interest meetings in the summer, NIST is now releasing the preliminary draft of the profile for a 45-day public comment period.
The Cyber AI Profile centers on three focus areas:
- Securing AI systems: identifying cybersecurity challenges when integrating AI into organizational ecosystems and infrastructure
- Conducting AI-enabled cyber defense: identifying opportunities to use AI to enhance cybersecurity, and understanding challenges when leveraging AI to support defensive operations
- Thwarting AI-enabled cyberattacks: building resilience to protect against new AI-enabled threats
“The three focus areas reflect the fact that AI is entering organizations’ awareness in different ways,” Cuthill said. “But ultimately every organization will have to deal with all three.”
The Cyber AI Profile can help organizations use the CSF to crystallize their cybersecurity goals with respect to AI and CSF 2.0. The profile offers insights to help organizations understand, examine and address the cybersecurity concerns related to AI and thoughtfully integrate AI into their cybersecurity strategies.
NIST uses the term “community profile” to describe the application of CSF 2.0 to address shared interests and goals among organizations. The Cyber AI Profile joins other community profiles that NIST has created for the manufacturing, financial and telecommunications communities, among others.
The preliminary draft release is intended to seek feedback from the public to inform an initial public draft, which Cuthill says will further refine the profile and include mapping of additional relevant resources to the CSF. Following the 45-day comment period, NIST plans to develop the initial public draft for release in 2026.
When finalized, the profile will help organizations incorporate AI into their cybersecurity planning by suggesting key actions to prioritize, highlighting special considerations from specific parts of the CSF when considering AI, and providing mappings to other NIST resources, including the AI Risk Management Framework.
Cuthill said the authors hope to continue developing the profile as a tool that will prove useful to the community.
“The Cyber AI Profile is all about enabling organizations to gain confidence on their AI journey,” she said. “We hope it will help them feel equipped to have conversations about how their cybersecurity environment will change with AI and to augment what they are already doing with their cybersecurity programs.”
Leave a comment

NIST Launches Centers for AI in Manufacturing and Critical Infrastructure

Agency News, Cyber Security CII sector, Industry News
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has expanded its collaboration with the nonprofit MITRE Corporation as part of its efforts to ensure U.S. leadership in artificial intelligence (AI). Through this award, NIST is investing $20 million to establish two centers to advance the delivery of AI-based technology solutions to strengthen U.S. manufacturing and cybersecurity for critical infrastructure.
“This investment will help accelerate the application of AI in American manufacturing and help drive the American manufacturing renaissance,” said Deputy Secretary of Commerce Paul Dabbar. “We can harness AI to increase the competitiveness of our manufacturers and attract investment in America.”
The award is an important step in implementing NIST’s Strategy for American Technology Leadership in the 21st Century to accelerate the progress of critical and emerging technologies from development to adoption, in close partnership with U.S. industry.
“Our goal is to remove barriers to American AI innovation and accelerate the application of our AI technologies around the world,” said Acting Under Secretary of Commerce for Standards and Technology and Acting NIST Director Craig Burkhardt. “This new agreement with MITRE will focus on enhancing the ability of U.S. companies to make high-value products more efficiently, meet market demands domestically and internationally, and catalyze discovery and commercialization of new technologies and devices.”
The AI Economic Security Center for U.S. Manufacturing Productivity and the AI Economic Security Center to Secure U.S. Critical Infrastructure from Cyberthreats will drive the development and adoption of AI-driven tools, or “agents,” in these two national priority areas. The centers will develop the technology evaluations and advancements that are necessary to effectively protect U.S. dominance in AI innovation, address threats from adversaries’ use of AI, and reduce risks from reliance on insecure AI.
NIST will rely on existing resources to build on its expertise and carry forward recommendations in the White House’s July 2025 America’s AI Action Plan, including Pillar I: Accelerate AI Innovation and Pillar II: Build American AI Infrastructure.
These are important first steps in NIST’s programmatic plan to coordinate innovation-based research efforts for accelerating the development and deployment of critical technologies in areas of national priority. Building on its long history of public-private collaboration, NIST plans to use adaptive and flexible partnerships to develop, pilot and implement new advances to establish U.S. leadership and innovation in critical and emerging technologies such as AI, quantum information science and technology, and biotechnology.
The partnership will leverage MITRE’s long-standing mission to operate federally funded research and development centers. NIST expects the AI centers to enable breakthroughs in applied science and advanced technology and deliver disruptive innovative solutions to tackle the most pressing challenges facing the nation.
This agreement expands NIST’s portfolio of AI-focused programs and builds on the private-public partnerships leveraged by the Center for AI Standards and Innovation (CAISI), which leads evaluations of U.S. and adversary systems and contributes to NIST’s efforts to develop best practices. CAISI has established voluntary agreements with multiple developers of leading-edge or “frontier” AI models to enable collaborative research and voluntary testing of industry models for priority national security capabilities.
In the coming months, NIST plans to announce its award for the AI for Resilient Manufacturing Institute, through the Manufacturing USA program. With up to $70 million in investment over a five-year period from NIST and at least that much in nonfederal funding, the institute will bring together expertise in AI, manufacturing and supply chain networks to promote manufacturing resilience.
Combined, these efforts will enhance NIST’s core research, standards and technology mission to tackle barriers preventing U.S. innovation and leadership in AI.
Leave a comment

NSA Releases First in Series of Zero Trust Implementation Guidelines

Agency News, Cyber Security CII sector, Industry News
The National Security Agency (NSA) is releasing the first two products in a series of Zero Trust Implementation Guidelines (ZIGs) to provide practical, actionable recommendations to facilitate the implementation of Zero Trust (ZT).
This series of reports outlines the steps to implement the technologies and processes that support achieving the Target-level ZT Capabilities, Activities, and Expected Outcomes described in the Department of War (DoW) CIO ZT Framework.
The Primer and Discovery Phase are the gateway to ZT implementation, providing guidance and direction to ensure organizations are fully equipped to digest and implement the Phase 1 and Phase 2 ZIGs upon their release.
The Primer outlines the strategy and principles used to develop the ZIGs and provides a holistic approach to maximizing the usage of the series. Notably, the ZIGs are designed to be modular, allowing organizations at different levels of ZT maturity to select and implement the capabilities most relevant to the needs of their environment.
The Discovery Phase is intended to help organizations establish foundational visibility and understand the critical data, applications, assets, and services, as well as access and authorization activity existing within the architecture. The goal of this initial phase is to enable informed prioritization and planning by creating a reliable baseline that supports effective ZT implementation.
System owners, cybersecurity professionals, and stakeholders should review these foundational guidelines to gain a deeper understanding of ZT activities and their organization’s operational landscape in preparation for the release of the Phase 1 and Phase 2 ZIGs.
Leave a comment

CISA Unveils Enhanced Cross-Sector Cybersecurity Performance Goals

Agency News, Cyber Security CII sector, Industry News
New Benchmarks Empower Organizations to Counter Emerging Threats, Build Cyber Resilience, and Strengthen Governance
the Cybersecurity and Infrastructure Security Agency (CISA) released version 2.0 of its Cross-Sector Cybersecurity Performance Goals (CPGs), offering organizations a more robust framework for integrating cybersecurity into daily operations. The updated CPGs align with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, incorporates three years of operational insights, and address emerging threats through data-driven, actionable guidance. These enhancements are designed to promote accountability, improve risk management, and support strategic cybersecurity governance across sectors.
The Cross-Sector CPGs represent a targeted subset of best practices, carefully selected through extensive consultation with industry leaders, government stakeholders, and cybersecurity experts. Designed to meaningfully reduce risks to critical infrastructure and safeguard the American public, these goals offer a practical starting point for small and medium-sized organizations. By focusing on a limited set of high-impact actions, the CPGs help prioritize cybersecurity investments that deliver measurable improvements in resilience and risk reduction.
The updated goals offer expanded and clarified guidance across key cybersecurity domains—including account and device security, data protection, governance, vulnerability management, supply chain risk, and incident response and recovery. Building on the foundation of version 1.0.1, CPG 2.0 introduces several notable improvements:
- Governance Emphasis: A new “Govern” function underscores the critical role of organizational leadership in cybersecurity, regrouping existing goals and introducing two new ones focused on risk management strategy, policy development, and executive accountability.
- Unified Goal Structure: Operational Technology (OT) and Information Technology (IT) goals are now consolidated into universal goals, eliminating silos across IT, Internet of Things (IoT), and OT environments.
- Threat-Responsive Expansion: New goals address emerging threats, third-party risk, zero trust architecture, and incident communication protocols.
- Streamlined Framework: Redundant, unclear, or underutilized goals have been removed to improve clarity and usability.
- Enhanced Documentation: Each goal now includes clearer methodology and supporting materials to reduce guesswork and improve implementation.
“Over the past year, CISA has engaged extensively with hundreds of stakeholders across both the public and private sectors to ensure the updated goals reflect real-world challenges and operational realities,” said Madhu Gottumukkala, Acting CISA Director. “Version 2.0 demonstrates our commitment to listening to and incorporating partner feedback to deliver practical, outcome-driven guidance that organizations can act on. These goals are applicable across all critical infrastructure sectors and offer foundational protection for organizations regardless of their cybersecurity maturity. We encourage all organizations to adopt the new CPGs and continue sharing feedback to help us refine future iterations.”
The Cross-Sector CPGs serve three primary purposes:
- Provide measurable actions that critical infrastructure entities can take to achieve a basic level of cybersecurity.
- Bridge communication gaps between IT/OT technical staff and organizational leadership to align on cybersecurity priorities.
- Support strategic planning by offering clear guidance that informs both near- and long-term cybersecurity investments.
CISA encourages organizations to adopt the voluntary Cross-Sector CPGs. To learn more about the updated Cybersecurity Performance Goals and how they can support your organization’s cybersecurity program, visit Cross-Sector Cybersecurity Performance Goals and Objectives.
Leave a comment

Mistaking AI vulnerability could lead to large-scale breaches, NCSC warns

Agency News, Cyber Security CII sector, Industry News
NCSC raises alert on “dangerous” misunderstanding of emergent class of vulnerability in generative artificial intelligence (AI) applications.
The National Cyber Security Centre (NCSC) – a part of GCHQ – has shared critical insights cautioning cyber security professionals against comparing prompt injection and more classical application vulnerabilities classed as SQL injection.
A new blog advises that, contrary to first impressions, prompt injection attacks against generative artificial intelligence applications may never be totally mitigated in the way SQL injection attacks can be.
Unlike SQL mitigation techniques, which hinge on enforcing a clear separation between data and instructions, prompt injection exploits the inability of large language models (LLMs) to distinguish between the two.
Without action addressing this misconception, the NCSC warns, websites risk falling victim to data breaches exceeding those seen from SQL injection attacks in the 2010s, impacting UK businesses and citizens into the next decade.
Backing proactive adoption of cyber risk management standards, the NCSC challenges claims that prompt injections can be ‘stopped’.
Instead, it suggests efforts should turn to reducing the risk and impact of prompt injection and driving up resilience across AI supply chains.
As AI technologies become embedded in more UK business operations, the NCSC calls on AI system designers, builders and operators to take control of manageable variables, acknowledging that LLM systems are “inherently confusable” and their risks managed in different ways.
Leave a comment
1 2 3 35