Insights

28 Apr

From DMV to Wallet: Understanding Verifiable Digital Credential Issuance

Insights

In our last post in this series, we compared two credential formats that shape the digital identity ecosystem: ISO/IEC 18013-5 and -7 mobile documents (mdocs) and W3C Verifiable Credentials (VCs). Both formats define how a credential is structured and shared, but neither can function without an issuance process.  This blog post explores what it takes to issue verifiable digital credentials, with a focus on mobile driver’s licenses (mDLs). We’ll look at how issuance works today…

Read More
21 Apr

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

Data Breaches, Information, Insights

A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors. Buchanan’s hacker handle “Tylerb” once graced a…

Read More
20 Apr

​​Supply Chain Compromise Impacts Axios Node Package Manager​

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments.  On March 31, 2026, two npm packages for versions axios@1.14.1 and axios@0.30.4 of Axios npm injected the malicious dependency plain-crypto-js@4.2.1 that downloads multi-stage payloads from cyber threat actor infrastructure, including…

Read More
14 Apr

Patch Tuesday, April 2026 Edition

Information, Insights

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution. Redmond warns that attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft…

Read More
07 Apr

Russia Hacked Routers to Steal Microsoft Office Tokens

Information, Insights

Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. Microsoft said in a blog post today it identified more than 200 organizations and 5,000 consumer devices that were caught up…

Read More
05 Apr

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

Information, Insights

An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021. Shchukin was named as UNKN (a.k.a. UNKNOWN) in an advisory published by the German…

Read More
23 Mar

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

Information, Insights

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP. In December 2025, the group began compromising…

Read More
23 Mar

Reflections from the Second NIST Cyber AI Profile Workshop

Insights

Thank you to everyone who participated in the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) Workshop in January! The input we received on the Preliminary Draft during this workshop has been invaluable and is informing the development of the next draft of the NIST Cyber AI Profile. We are working toward publishing a full workshop summary soon that captures themes and highlights from the event. In the interim, we would like to share…

Read More
20 Mar

All aboard: the NIST Cybersecurity for IoT Program is headed to our next stop! Share your input on where we’re headed during our Future Directions Two-Day Workshop on March 31st.

Insights

Credit: NIST Workshop Details… We’re looking forward to hearing from the community during our “Future Directions” Workshop!  Date: March 31 – April 1, 2026Where: NIST’s Gaithersburg campus! Registration and Details: HERE Can’t make it? We still want to hear from you – email us at IoTSecurity [at] nist.gov (IoTSecurity[at]nist[dot]gov). All Aboard for Product Cybersecurity The NIST Cybersecurity for Internet of Things (IoT) Program was established to help real-world practitioners navigate the gray areas between IT and…

Read More
19 Mar

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

Information, Insights

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline. Image: Shutterstock, @Elzicon. The Justice…

Read More