The leadership structure, commonly referred to as the “dual-hat” arrangement, assigns a single individual to oversee both organizations.
The post Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command appeared first on SecurityWeek.
CISA is currently operating at roughly 38% capacity (888 out of 2,341 staff) due to the DHS shutdown that began February 14, 2026.
The post CISA Navigates DHS Shutdown With Reduced Staff appeared first on SecurityWeek.
Other noteworthy stories that might have slipped under the radar: vulnerabilities at 277 water systems, DoD employee acting as money mule, 200 airports exposed by flaw.
The post In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M Fine appeared first on SecurityWeek.
Officials said data will now be classified as one of four categories: “public,” “sensitive,” “confidential” or “restricted.”
The post Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack appeared first on SecurityWeek.
Edge devices that are no longer supported have been targeted in attacks by state-sponsored hackers, the US says.
The post Organizations Urged to Replace Discontinued Edge Devices appeared first on SecurityWeek.
The news comes after the Department of Energy conducted its annual Liberty Eclipse cybersecurity exercise.
The post 5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel appeared first on SecurityWeek.
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks.
The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek.
In 2025 a threat group compromised government and critical infrastructure in 37 countries, with reconnaissance in 155.
The post The Shadow Campaigns: Uncovering Global Espionage appeared first on Unit 42.
Palo Alto Networks has not attributed the APT activity to any specific country, but evidence points to China.
The post Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries appeared first on SecurityWeek.
For over 90 years, the Royal Air Forces Association (RAFA) has championed a simple yet profound belief: No member of the RAF community should ever be left without the help they need. Serving personnel, veterans and their families, the RAF Association provides crucial welfare support, responding to increasingly complex needs in an era of operational changes and challenges, including persistent global deployment.
Delivering on their mission today requires not only compassion and expertise but also resilient digital foundations. To strengthen and future-proof its operations, RAFA has entered into a strategic partnership with Palo Alto Networks. Together, we are modernising the Association's cyber security posture through a secure-by-design, zero trust architecture to enhance organisational resilience, secure sensitive beneficiary data, and improve operational agility. This helps ensure they can focus on their mission of support, not security management.
As Nick Bunting OBE, Secretary General at the RAF Association, puts it:
Cybersecurity is essential to safeguarding the trust people place in our organisation. This transformation will give us greater protection for our data and systems, ensuring that our services remain dependable and that our organisation is secure, resilient and ready for the future. Strong digital security is not just a technical requirement, it is a fundamental part of how we uphold our duty of care to every individual who relies on us.
The RAF Association operates in a distributed environment comprising headquarters’ functions, remote caseworkers, and more than 20 RAFAKidz nursery sites, supported by a growing portfolio of cloud-based services. In this context, cybersecurity is not simply an IT concern. It is a safeguarding imperative.
Disruption to systems or a compromise of sensitive beneficiary data could directly impact RAFA’s ability to deliver services and maintain the trust of the communities it supports. By consolidating fragmented legacy tools into a unified platform, this partnership ensures the Association’s digital evolution aligns security controls with GDPR obligations and safeguarding requirements.
To support RAFA's lean IT operational model, this transformation will move them away from fragmented legacy tools toward a unified platform approach. The deployment of Prisma® SASE (secure access service edge) and Cortex XDR® will provide RAFA with consistent visibility and control across users, devices, applications and data, regardless of location. This consolidation replaces complexity with clarity, allowing the organisation to inspect traffic for threats in real-time. Security policies are now enforced continuously, threats are detected and contained faster, and access to critical systems is governed by zero trust principles without compromising the user experience.
As Phil Sherwin, Chief Information Officer, at the RAF Association states:
Our data is one of our most valuable assets and the protection of that data, as we continue to provide life-changing support to members of the RAF community, is our most important priority. This partnership will move us into the next generation of security tools that adopt zero trust principles and is a crucial step on our journey to providing a layered approach to data protection.
One of the most critical aspects of this modernisation is supporting RAFA’s diverse workforce, particularly within the RAFAKidz nursery sites. These environments rely on nondesk-based staff using iPads and mobile devices to get their critical work done.
Using zero touch provisioning and the Prisma Browser™, we are enabling secure, seamless connectivity for unmanaged devices. This ensures that nursery staff can access necessary SaaS applications safely without complex login hurdles or manual configuration, improving their agility and allowing them to focus on caring for children rather than troubleshooting technology.
As a charity, RAFA has a responsibility to ensure resources are used efficiently. A critical goal of this partnership is to improve productivity and allow the organisation to scale its services without increasing the IT burden.
By adopting Strata™ Cloud Manager with AIOps (artificial intelligence for IT operations), RAFA is shifting from reactive security operations to proactive, automated management. Machine learning helps identify configuration risks and performance issues before they affect users, while standardized policies enable the secure, consistent onboarding of new sites. This shift is projected to significantly reduce operational overhead, enabling RAFA to scale its support network cost-effectively. This shift is projected to reduce operational overhead by 40–50%.
This partnership is about more than deploying technology. It is about ensuring RAFA remains resilient, trusted and capable of supporting the RAF community for decades to come.
As Darren Bisbey, Head of Group Information Security for the RAF Association, puts it:
We live in an era where digital threats are accelerating in both scale and sophistication, creating unprecedented challenges for organisations. Our partnership with Palo Alto is a statement of intent, reflecting our unwavering commitment to building the most secure environments possible for our data.
At Palo Alto Networks, we are honored to support RAFA in this journey, providing the digital armour and operational advantage necessary to protect those who serve and have served.
As Alistair Wildman, Palo Alto Networks CEO for Northern Europe states:
For over 90 years, RAFA has been a lifeline for the RAF community; it is our privilege to ensure that legacy endures in a digital-first world. By embracing a unified, AI-driven platform, RAFA is moving beyond complex, fragmented security to a posture that is Secure by Design. This partnership allows them to navigate today’s threat landscape with confidence, ensuring their resources remain focused where they belong: on the families who need them.
The post Empowering the RAF Association with Next-Generation Cyber Resilience appeared first on Palo Alto Networks Blog.
Japan and Britain agree to accelerate cooperation on cybersecurity and the supply of critical minerals, as China’s influence grows in the region.
The post Japan, Britain to Boost Cybersecurity and Critical Minerals Cooperation as China’s Influence Grows appeared first on SecurityWeek.
In our latest webinar, Flashpoint unpacks the architecture of the Chinese threat actor cyber ecosystem—a parallel offensive stack fueled by government mandates and commercialized hacker-for-hire industry.
Table Of ContentsFor years, the global cybersecurity community has operated under the assumption that technical information was a matter of public record. Security research has always been openly discussed and shared through a culture of global transparency. Today, that reality has fundamentally shifted. Flashpoint is witnessing a growing opacity—a “Walled Garden”—around Chinese data. As a result, the competence of Chinese threat actors and APTs has reached an industrialized scale.
In Flashpoint’s recent on-demand webinar, “Mapping the Adversary: Inside the Chinese Pentesting Ecosystem,” our analysts explain how China’s state policies surrounding zero-day vulnerability research have effectively shut out the cyber communities that once provided a window into Chinese tradecraft. However, they haven’t disappeared. Rather, they have been absorbed by the state to develop a mature, self-sustaining offensive stack capable of targeting global infrastructure.
The “Walled Garden” is a direct result of a Chinese regulatory turning point in 2021: the Regulations on the Management of Security Vulnerabilities (RMSV). While the gradual walling off of China’s data is the cumulative result of years of implementing regulatory and policy strategies, the 2021 RMSV marks a critical turning point that effectively nationalized China’s vulnerability research capabilities. Under the RMSV, any individual or organization in China that discovers a new flaw must report it to the Ministry of Industry and Information Technology (MIIT) within 48 hours. Crucially, researchers are prohibited from sharing technical details with third parties—especially foreign entities—or selling them before a patch is issued.
It is important to note that this mandate is not limited to Chinese-based software or hardware; it applies to any vulnerability discovered, as long as the discoverer is a Chinese-based organization or national. This effectively treats software vulnerabilities as a national strategic resource for China. By centralizing this data, the Chinese government ensures it has an early window into zero-day exploits before the global defensive community.
For defenders, this means that by the time a vulnerability is public, there is a high probability it has already been analyzed and potentially weaponized within China’s state-aligned apparatus.
Flashpoint analysts have observed that within this Walled Garden, traditional Western reconnaissance tools are losing their effectiveness. Chinese threat actors are utilizing an indigenous suite of cyberspace search engines that create a dangerous information asymmetry, allowing them to peer at defender infrastructure while shielding their own domestic base from Western scrutiny.
While Shodan remains the go-to resource for security teams, Flashpoint has seen Chinese threat actors favor three IoT search engines that offer them a massive home-field advantage:
In the full session, we demonstrate exactly how Chinese operators use these tools to fuse reconnaissance and exploitation into a single, automated step—a capability most Western EDRs aren’t yet tuned to detect.
Leveraging their knowledge of vulnerabilities and zero-day exploits, the illicit Chinese ecosystem is building tools designed to dismantle the specific technologies that power global corporate data centers and business hubs.
In the webinar, our analysts explain purpose-built cyber weapons designed to hunt VMware vCenter servers that support one-click shell uploads via vulnerabilities like Log4Shell. Beyond the initial exploit, Flashpoint highlights the rising use of Behinder (Ice Scorpion)—a sophisticated web shell management tool. Behinder has become a staple for Chinese operators because it encrypts command-and-control (C2) traffic, allowing attackers to evade conventional inspection and deep packet analytics.
By understanding this “Walled Garden” architecture, defenders can move beyond generic signatures and begin to hunt for the specific TTPs—such as high-entropy C2 traffic and proprietary Chinese scanning patterns—that define the modern Chinese threat actor.
How can Flashpoint help? Flashpoint’s cyber threat intelligence platform cuts through the generic feed overload and delivers unrivaled primary-source data, AI-powered analysis, and expert human context.
Watch the on-demand webinar to learn more, or request a demo today.
The post How China’s “Walled Garden” is Redefining the Cyber Threat Landscape appeared first on Flashpoint.
Other noteworthy stories that might have slipped under the radar: Apple updates platform security guide, LastPass detects new phishing wave, CISA withdraws from RSA Conference.
The post In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak appeared first on SecurityWeek.
Two Biden-era memorandums have been revoked, but some of the resources they provide can still be used by government organizations.
The post White House Scraps ‘Burdensome’ Software Security Rules appeared first on SecurityWeek.
The early weeks of 2026 have already made one thing clear: Government cybersecurity is in a new phase, shaped not by incremental change, but by the rapid integration of AI into core public-sector missions. AI systems are now embedded in critical infrastructure, federal service delivery, research environments, as well as state and local operations. At the same time, nation-state adversaries are leveraging AI to accelerate intrusion, scale deception and manipulate trusted systems in ways not possible even a year ago.
As Senior Vice President of Public Sector at Palo Alto Networks, I see a decisive shift underway. Defending the public sector in 2026 means navigating a world where security depends on verifying identity, securing data and governing AI-driven systems that act without human intervention. Success now hinges on architectures that assume automation, operations that prioritize coordination, and governance frameworks capable of managing AI at mission scale.
Here are the developments that will define the year ahead.
1. AI-Native Security Must Become Integral to Federal Operations
AI in federal environments is no longer an experiment. Agencies are now designing workflows, SOC missions and cloud architectures around AI-driven detection and response. The emphasis is shifting from supplementing human analysts to building systems that maintain visibility, correlate threats, and respond autonomously when human capacity is limited. This builds on what we forecasted last year, when federal cybersecurity teams began using AI to replace manual workflows and drive down detection and response times.
The shift will be practical. Federal teams must plan to deploy AI systems that correlate logs, identify behavioral anomalies, prioritize threats, and suppress noise before analysts ever see an alert. Manual, ticket-based workflows will no longer meet federal timelines for investigation or reporting, particularly as adversaries automate more phases of attack.
2. Identity Emerges as the Central Federal Security Challenge
The biggest shift in 2026 will be the collapse between “identity” and “attack surface.” Deepfake technologies now operate in real time. AI-generated voices and video can impersonate senior leaders at a level undetectable by traditional controls. Machine identities continue to proliferate; they will outnumber human identities this year. And autonomous agents can initiate high-impact actions without human oversight. This reflects a broader crisis of authenticity now reshaping how enterprises defend identity itself.
Identity abuse will no longer be limited to credential theft. This turns identity into a systemic risk. One compromised identity (human, machine or agent) can cascade through automated systems with little friction. Federal programs will need to prioritize continuous identity verification, stronger proofing and governance frameworks that validate the legitimacy of both human and AI-driven activity.
3. AI Systems Must Be Secure-by-Design
Stemming from the clear mandate in the AI Action Plan (and subsequent work by NIST to develop an AI/Cyber Profile on top of the existing Cybersecurity Framework) agencies will steadily integrate AI security into their deployment of AI technologies.
This imperative is critical as AI systems are susceptible to novel threats. Data poisoning of training sets, manipulated inputs and hidden instructions in untrusted datasets compromise the intelligence that agencies rely on for analysis, planning and mission support. To support the security of this AI-first moment, Palo Alto Networks was proud to make its AI security platform, Prisma® AIRS™, available through the GSA OneGov initiative.
4. Nation-State Operations Expand Through AI Automation
Adversaries will use AI to compress the time between reconnaissance, exploitation and lateral movement. We expect rapidly increasing the use of AI to chain vulnerabilities, tailor social engineering campaigns, and generated malware variants that adapt in real time.
The focus will broaden beyond IT networks. AI will be used to disrupt OT systems and target sensitive research environments. Foreign intelligence services will weaponize AI to blur the line between intrusion and information operations, producing hybrid campaigns that attack both systems and the legitimacy of institutions.
5. Autonomous SOC Capabilities Become Essential
Federal SOCs will evolve from human-centered command centers to hybrid operations where autonomous agents run major components of the detection and response mission. These agents will triage alerts, enforce containment, and initiate predefined responses.
This evolution comes with risk. AI agents with broad authority can be misused or manipulated if not properly governed. Agencies will need safeguards to track agent behavior, enforce least privilege on agents, and prevent misuse through runtime monitoring and “AI firewall” controls designed to stop malicious prompts and unauthorized actions. The same pressures are shaping enterprise security, where controls like AI firewalls and circuit breaker mechanisms are becoming standard practice. Automation will only strengthen federal security if paired with rigorous oversight and continuous validation of agent activity.
6. Shared and Federated SOC Structures Gain Momentum
As threats scale, agencies will increasingly operate through shared or federated security structures. Instead of isolated SOCs, agencies will adopt analytics layers capable of correlating activity across departments and exchanging findings in real time.
This shift will reduce redundancy and provide faster insight into nation-state campaigns that cross federal boundaries. Early adopters will establish shared analytic and response frameworks that allow agencies to coordinate without sacrificing mission-specific control. Civilian agencies will lead early adoption with broader participation across defense and national security stakeholders expected later in the year.
7. The Post-Quantum Deadline Becomes Immediate
In 2026, post-quantum cryptography planning will move to implementation. Accelerated advances in quantum computing and AI-based cryptanalysis will push agencies to transition from pilot efforts to mandated modernization.
Agencies will focus on discovering where vulnerable algorithms are used, replacing outdated libraries, and implementing crypto-agility so systems can evolve without major redesigns. Systems with unpatchable cryptographic components will be flagged for full replacement, forcing agencies to reconcile years of accumulated “crypto debt.”
8. Data Trust and Cloud Workload Protection Become Priority Missions
The rise of AI workloads will force agencies to rethink how they protect data. Infrastructure controls alone cannot detect when training data has been manipulated or when model outputs no longer reflect real-world conditions.
Agencies will unify developer and security workflows and use tools like Data Security Posture Management and AI security posture management (AI-SPM) to track data lineage and enforce protections at runtime. Enterprises are addressing the same issue by bringing development and security teams together under shared data governance models. Ensuring model trustworthiness will become a mission-support requirement, not just a security objective.
9. Platform Consolidation Becomes Necessary
Fragmented tools cannot support the visibility and oversight required for AI governance. Executives will push for platform consolidation to unify network, identity, cloud, endpoint and AI security. Integrated platforms will gain favor because they enable consistent policy enforcement and a single operational picture across increasingly automated environments.
1. AI Adoption Splits SLED into Distinct Tiers
In 2026, disparities in funding and technical capacity will widen. Some states will deploy AI across security operations, citizen services and identity verification. Others will struggle to maintain legacy systems.
Well-resourced jurisdictions will reduce response times and improve resilience. Underfunded ones will remain exposed to ransomware and disruption. Without targeted modernization efforts, a national divide in SLED cybersecurity maturity will deepen.
2. Regional Models Become the Practical Path Forward
Silos are no longer sustainable. SLED organizations will rely on shared SOCs, regional threat intelligence hubs and coordinated incident response agreements. States will formalize partnerships to share expertise, reduce costs and defend interconnected systems. This evolution represents the maturation of the “team sport” mentality we predicted in 2025. These models reflect operational reality: Compromised data or infrastructure in one jurisdiction often creates immediate risk for its neighbors.
3. Higher Education Redesigns Its Security Baseline
Universities will classify cybersecurity alongside energy, research infrastructure and physical security as essential institutional functions. Secure browser adoption, stronger vendor oversight and centralized identity governance will become the norm.
AI research environments will receive increased scrutiny, and universities participating in federally funded research will face stricter compliance requirements to prevent data poisoning and model manipulation. Institutions with large research portfolios will prioritize securing lab environments where AI models are trained and evaluated.
4. K–12 Systems Enter a New Phase of Security Oversight
States will introduce new security mandates for K–12 environments, covering MFA, network segmentation, secure browsers, identity verification and foundational zero trust principles. AI-enabled ransomware will remain a threat. Smaller districts will adopt managed services or regional support structures as they confront growing operational and compliance demands. Districts that modernize identity controls and browser security will significantly reduce their exposure compared to those reliant on legacy tools. Building on the regulatory momentum we predicted in 2025, K–12 institutions will continue moving from defensive posture to proactive security adoption.
5. Local Governments Face Escalating AI-Driven Ransomware
Municipal governments remain high-value targets due to limited staffing and aging infrastructure. AI gives threat actors the ability to automate reconnaissance, craft targeted phishing messages, and identify vulnerabilities with little effort.
Attacks timed to public safety incidents or weather emergencies will increase, meaning local governments will need stronger identity controls, automated endpoint protection and access to managed detection and response. Operational continuity will depend on reducing time-to-detect and time-to-contain, capabilities that smaller municipalities cannot achieve without external support.
6. Managed Services and Platform Consolidation Become Standard
As technical demands grow, SLED organizations will move toward managed SOC models and consolidated vendor ecosystems. Platforms that integrate data protection, threat detection, identity governance and AI oversight will gain traction. Point tools without interoperability will decline. Budget-constrained environments will favor comprehensive platforms that reduce operational burden and simplify compliance.
7. Identity and Data Trust Become Central SLED Priorities
SLED organizations manage sensitive student records, election data and social services information. These environments are increasingly strained by the rapid growth of machine identities and AI-driven applications.
Synthetic identities and AI-generated credentials will be used to infiltrate systems with limited oversight. Continuous identity verification, data lineage tracking and posture management will become essential to prevent fraud, service disruption and data manipulation. Identity assurance and data integrity will become the foundation of public trust at the state and local level.
The post 2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust appeared first on Palo Alto Networks Blog.
Under the new rules, measures for 5G cybersecurity would become mandatory.
The post EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China appeared first on SecurityWeek.
The mission to modernize government IT is accelerating at lightning speed, largely thanks to the transformative power of artificial intelligence (AI). Federal agencies are strategically leveraging AI to boost efficiency, enhance citizen services, and strengthen national security – a vision fully supported by the administration’s AI Action Plan.
At Palo Alto Networks, we are all-in on helping agencies deploy AI bravely and securely. Because the challenge isn't just about using AI for cyberdefense, but also about defending AI itself. We appreciate the U.S. General Services Administration (GSA) recognizing the critical need for scalable, efficient solutions.
That is precisely why the GSA OneGov Initiative is a massive, game-changing step forward. We are proud to be the first pure-play cybersecurity vendor to secure a OneGov agreement with the GSA. This strategic alliance simplifies and standardizes the process for agencies to access our world-class, AI-powered security platform, ensuring security is foundational to this crucial modernization mission.
If you needed a clear sign that AI has fundamentally shifted the cybersecurity landscape, our own Unit 42 research provides it. The new reality isn't just about hackers using AI in their attacks; it’s also about how internal AI provides another attack surface for threat actors.
The most insidious new threat we've observed is AI Agent Smuggling, where malicious attackers use AI agents to exploit other agents. Our Unit 42 research highlights two major vectors:
This confirms our core belief as stated in a recent secure AI by Design blog: The AI ecosystem (the models, data and infrastructure) is now a complex, expanding attack surface that traditional perimeter defenses were simply not designed to protect.
As I’ve said before, “If you’re deploying AI, you must deploy AI security.”
The GSA’s OneGov Initiative aims to streamline procurement and drive down costs by leveraging the purchasing power of the entire federal government. This is more than an agreement; it’s a direct response to the call for a "secure-by-design" approach to federal AI adoption. This agreement simplifies and standardizes the process for agencies to access our world-class, AI-powered security platform, ensuring that security is foundational, not an afterthought. It provides industry leading AI security tools into the hands of our cyber defenders today.
To counter the autonomous threats we’re seeing, we provide a platform that protects the entire AI lifecycle, from the developer's keyboard to the data center.
Securing the AI supply chain requires visibility across every stage, especially during runtime when models are processing sensitive data.
delivers comprehensive security for the entire AI lifecycle, in one unified platform. It allows organizations to deploy traditional apps as well as AI applications, models and agents with confidence by reducing risk from misuse, data loss and sophisticated AI-driven threats. Prisma AIRS provides a clear, connected view of assets in multicloud environments, so teams can eliminate silos, accelerate responses, as well as scale cloud and AI apps securely. solution to secure the entire application lifecycle from development to runtime. Our industry-leading CNAPP eliminates silos to deliver comprehensive visibility and best-in-class protection across multicloud environments.Even the most advanced AI defenses are undermined if users accessing applications and data are left vulnerable outside corporate security boundaries. The explosive growth of generative AI tools and the unseen behavior of AI agents are amplifying data exposure risks.
(FedRAMP-Moderate Authorized) integrate security capabilities, like zero trust network access (ZTNA), secure web gateway (SWG) and cloud access security broker (CASB), to provide a unified policy framework and a consistent user experience.The GSA OneGov agreement is a pivotal moment that provides federal agencies with the cost-effective, streamlined access they need to deploy AI with confidence. By leveraging our unified, AI-powered platform, government organizations can stop reacting to threats and start building secure-by-design AI environments. We are committed to remaining a key partner in this strategic initiative and helping the government achieve its mission outcomes safely.
For more information and access to promotional offers for new contracts signed on or before January 31, 2028, federal agencies can visit the GSA OneGov website.
The post Securing the AI Frontier appeared first on Palo Alto Networks Blog.
US officials told The New York Times that cyberattacks were used to turn off the lights in Caracas and disrupt air defense radars.
The post New Reports Reinforce Cyberattack’s Role in Maduro Capture Blackout appeared first on SecurityWeek.
Login
