Cybersecurity

HITRUST CSF v11.6 Assessment Creation Deadline

HITRUST has announced that effective August 22, 2025, all new e1 and i1 assessments must be created using CSF v11.6.0. Existing assessments using v11.5.1 can still be submitted, with a future deadline to be announced.

HITRUST CSF v11.6 Assessment Creation Deadline

HITRUST has announced deadlines for creating and submitting e1 and i1 assessments using CSF v11.6.0. The ability to create new assessments using v11.6.0 will be disabled on March 31, 2026, and submission will be disabled on June 30, 2026.

HITRUST CSF v11.7.0 Release Notes

HITRUST has released version 11.7.0 of its Common Security Framework (CSF), effective December 18, 2025. This update includes new authoritative sources, consolidation of requirement statements, and modifications to the e1 and i1 assessment baselines.

NCSC Warns of Hacktivist DoS Attacks on UK Organisations

The UK's National Cyber Security Centre (NCSC) has issued a warning regarding persistent denial of service (DoS) attacks by Russian-aligned hacktivist groups targeting UK organisations, particularly local government and critical infrastructure operators. The NCSC urges organisations to review their cyber defences and resilience measures.

CYBERUK 2026 Conference Announcement

The UK's National Cyber Security Centre (NCSC) has announced details for the flagship CYBERUK 2026 conference in Glasgow, scheduled for April 21-23. The event will focus on accelerating cyber defences and will feature international security chiefs and industry leaders. Registration for private sector delegates remains open until April 2, 2026.

NCSC Advises UK Organizations on Middle East Conflict Cyber Threats

The UK's National Cyber Security Centre (NCSC) has issued an alert advising UK organizations to review their cybersecurity posture due to the evolving conflict in the Middle East. The advisory highlights a heightened risk of indirect cyber threats and encourages organizations to implement enhanced monitoring and review their external attack surface.

NCSC Alert: Cisco SD-WAN Exploited Globally

The UK's NCSC, along with international partners, has issued an alert regarding the exploitation of Cisco Catalyst SD-WAN devices. Threat actors are gaining root and persistent access, and organizations are urged to investigate potential compromises and apply security updates.

NCSC: Pro-Russia Hacktivists Target UK Organisations with DDoS Attacks

The UK's National Cyber Security Centre (NCSC) has issued guidance warning that pro-Russia hacktivist groups, particularly NoName057(16), continue to target UK organisations with DDoS attacks. The NCSC urges local government and critical infrastructure operators to review and harden their denial-of-service defences.

CISA Advisory: Trane Tracer SC/SC+/Concierge Vulnerabilities

CISA issued an advisory regarding multiple vulnerabilities (CVE-2026-28252, CVE-2026-28253, CVE-2026-28254) affecting Trane Tracer SC, Tracer SC+, and Tracer Concierge systems. Exploitation could lead to sensitive information disclosure, arbitrary command execution, or denial-of-service.

Siemens SIDIS Prime Vulnerabilities Advisory

CISA has issued an advisory regarding multiple vulnerabilities in Siemens SIDIS Prime versions prior to V4.0.800, affecting components like OpenSSL, SQLite, and Node.js packages. Siemens recommends updating to the latest version to address these high-severity issues.