Driven by advancements in cryptographic research and the need for stronger security measures, the National Security Agency (NSA) introduced the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) to establish a set of quantum-resistant cryptographic standards. The NSA is now urging data center and computing markets to become post-quantum ready within the next two years. To help system architects meet evolving security demands, Microchip Technology has developed its MEC175xB embedded controllers with embedded immutable post-quantum cryptography support.

As a standalone controller, the MEC175xB family employs a modular approach for developers to efficiently adopt post-quantum cryptography, helping ensure long-term data protection without compromising existing functionality. These low-power controllers are designed with National Institute of Standards and Technology (NIST) approved post-quantum cryptographic algorithms, configurable secure boot solutions and an advanced Enhanced Serial Peripheral Interface (eSPI).

iStorage, the global leader in hardware encrypted data storage and cloud encryption solutions, has once again raised the bar in data security with the launch of the world's first 26 TB PIN authenticated, hardware encrypted desktop drive. The groundbreaking diskAshur DT3 and diskAshur DT2, already trusted by governments, defense organizations, financial institutions, healthcare providers and media agencies around the world, are now available in an industry-leading 26 TB capacity. These high-capacity drives continue to set the benchmark for robust, portable and user-friendly data protection.

Raising the Bar in Government-Grade Security
The diskAshur DT3 is among the first encrypted HDDs pending certification under the new FIPS 140-3 Level 3 standard, the latest U.S. government benchmark for cryptographic security. It features TAA compliance, FIPS PUB 197-validated AES-XTS 256-bit hardware encryption, and a Common Criteria EAL5+ certified secure microprocessor, ensuring maximum defense against unauthorized access.

Agentic AI is redefining the cybersecurity landscape—introducing new opportunities that demand rethinking how to secure AI while offering the keys to addressing those challenges. Unlike standard AI systems, AI agents can take autonomous actions—interacting with tools, environments, other agents and sensitive data. This provides new opportunities for defenders but also introduces new classes of risks. Enterprises must now take a dual approach: defend both with and against agentic AI.

Building Cybersecurity Defense With Agentic AI
Cybersecurity teams are increasingly overwhelmed by talent shortages and growing alert volume. Agentic AI offers new ways to bolster threat detection, response and AI security—and requires a fundamental pivot in the foundations of the cybersecurity ecosystem. Agentic AI systems can perceive, reason and act autonomously to solve complex problems. They can also serve as intelligent collaborators for cyber experts to safeguard digital assets, mitigate risks in enterprise environments and boost efficiency in security operations centers. This frees up cybersecurity teams to focus on high-impact decisions, helping them scale their expertise while potentially reducing workforce burnout. For example, AI agents can cut the time needed to respond to software security vulnerabilities by investigating the risk of a new common vulnerability or exposure in just seconds. They can search external resources, evaluate environments and summarize and prioritize findings so human analysts can take swift, informed action.

As enterprises increasingly adopt AI, securing AI factories—where complex, agentic workflows are executed—has never been more critical. NVIDIA is bringing runtime cybersecurity to every AI factory with a new NVIDIA DOCA software framework, part of the NVIDIA cybersecurity AI platform. Running on the NVIDIA BlueField networking platform, NVIDIA DOCA Argus operates on every node to immediately detect and respond to attacks on AI workloads, integrating seamlessly with enterprise security systems to deliver instant threat insights. The DOCA Argus framework provides runtime threat detection by using advanced memory forensics to monitor threats in real time, delivering detection speeds up to 1,000x faster than existing agentless solutions—without impacting system performance.

Unlike conventional tools, Argus runs independently of the host, requiring no agents, integration or reliance on host-based resources. This agentless, zero-overhead design enhances system efficiency and ensures resilient security in any AI compute environment, including containerized and multi-tenant infrastructures. By operating outside the host, Argus remains invisible to attackers—even in the event of a system compromise. Cybersecurity professionals can seamlessly integrate the framework with their SIEM, SOAR and XDR security platforms, enabling continuous monitoring and automated threat mitigation and extending their existing cybersecurity capabilities for AI infrastructure.

TP-Link Systems Inc., a global leader in networking and smart home solutions, today announced its official authorization by the Common Vulnerability and Exposures Program (CVE) as a CVE Numbering Authority (CNA). This designation empowers TP-Link to assign CVE IDs to certain vulnerabilities potentially related to its products, furthering its commitment to proactive cybersecurity measures.

The CVE Program is an international, community-driven initiative that identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities. CNAs are organizations that are responsible for assigning CVE IDs and publishing detailed information about vulnerabilities, contributing to a more secure digital ecosystem. TP-Link's new role as a CNA enhances its ability to respond swiftly to security threats and ensures greater transparency in vulnerability reporting.

Traditional cybersecurity measures are proving insufficient for addressing emerging cyber threats such as malware, ransomware, phishing and data access attacks. Moreover, future quantum computers pose a security risk to today's data through "harvest now, decrypt later" attack strategies. Cybersecurity technology powered by NVIDIA accelerated computing and high-speed networking is transforming the way organizations protect their data, systems and operations. These advanced technologies not only enhance security but also drive operational efficiency, scalability and business growth.

Accelerated AI-Powered Cybersecurity
Modern cybersecurity relies heavily on AI for predictive analytics and automated threat mitigation. NVIDIA GPUs are essential for training and deploying AI models due to their exceptional computational power.

The rapid evolution of generative AI has created countless opportunities for innovation across industry and research. As is often the case with state-of-the-art technology, this evolution has also shifted the landscape of cybersecurity threats, creating new security requirements. Critical infrastructure cybersecurity is advancing to thwart the next wave of emerging threats in the AI era. Leading operational technology (OT) providers today showcased at the S4 conference for industrial control systems (ICS) and OT cybersecurity how they're adopting the NVIDIA cybersecurity AI platform to deliver real-time threat detection and critical infrastructure protection.

Armis, Check Point, CrowdStrike, Deloitte and World Wide Technology (WWT) are integrating the platform to help customers bolster critical infrastructure, such as energy, utilities and manufacturing facilities, against cyber threats. Critical infrastructure operates in highly complex environments, where the convergence of IT and OT, often accelerated by digital transformation, creates a perfect storm of vulnerabilities. Traditional cybersecurity measures are no longer sufficient to address these emerging threats. By harnessing NVIDIA's cybersecurity AI platform, these partners can provide exceptional visibility into critical infrastructure environments, achieving robust and adaptive security while delivering operational continuity.

Broadcom Inc. today announced an industry-first—the new, innovative Emulex Secure Fiber Channel Host Bus Adapters (HBA)—a cost-effective, easy-to-manage solution that encrypts all data as it moves between servers and storage.

Encrypting mission-critical data is no longer a nice-to-have, but a must-have. The cost of ransomware attacks continues to rise with attacks in 2024 costing USD $5.37 million on average per attack. Upcoming generative AI and quantum computers magnify the risk if data is not encrypted at all points in the data center including the network.

Today, Lenovo announced the introduction of ThinkShield Firmware Assurance as part of its portfolio of enterprise-grade cybersecurity solutions. ThinkShield Firmware Assurance is one of the only computer OEM solutions to enable deep visibility and protection below the operating system (OS) by embracing Zero Trust Architecture (ZTA) component-level visibility to generate more accurate and actionable risk management insights.

As a security paradigm, ZTA explicitly identifies users and devices to grant appropriate levels of access so a business can operate with less risk and minimal friction. ZTA is a critical framework to reduce risk as organizations endeavor to complete Zero-Trust implementations.

A new vulnerability was recently discovered in a widely used print server that is installed by default on many Linux and Unix-based systems with a graphical user interface. The primary attack vector for the vulnerability is the CUPS (Common Unit Printing System) print scheduler, specifically cups-browsed, and has the potential to execute code remotely with zero user interaction required.

The vulnerability has reportedly been given a CVSS score of 9.9 by RHEL and Canonical, although this score is hotly debated, with some arguing it should have a lower score, because, although code can be remotely downloaded to the system, it cannot be executed without user intervention. Fortunately, there is no evidence of the vulnerability having been exploited, although the disclosure was leaked online ahead of a planned private reveal in October, prompting the developer that discovered the vulnerability to post the full explanation in a write-up on their blog. This being the case, the vulnerability could very well start being exploited by malicious actors.

A faulty software update to enterprise computers by cybersecurity firm CrowdStrike has taken millions of computers offline, most of which are in a commercial or enterprise environment, or are Azure deployments. CrowdStrike provides periodic software and security updates to commercial PCs, enterprise PCs, and cloud instances, with a high degree of automation. The latest update reportedly breaks the Windows bootloader, causing bluescreens of death (BSODs), and if configured, invokes Windows Recovery. Enterprises tend to bulletproof the bootloaders of their client machines, and disable generic Windows Recovery tools from Microsoft, which means businesses around the world are left with large numbers of machines that will each take manual fixing. The so-called "Windows CrowdStrike BSOD deluge" has hit critical businesses such as banks, airlines, supermarket chains, and TV broadcasters. Meanwhile, sysadmins on Reddit are wishing each other a happy weekend.

AMD has reportedly suffered a cybersecurity breach, with an organization that goes by "IntelBroker" claiming to have stolen company data on future products, customer databases, and financial records, among others. In a statement to Reuters, AMD said that it is working closely with law enforcement agencies and a third-party hosting partner, to investigate the claim of a data breach by IntelBroker. "We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data," the company said. The AMD stock traded slightly down (by 2.38% as of this writing) on Tuesday.

HackRead goes into the details of the data IntelBroker claims to have stolen. There are broadly two categories of data in the breach—IP and product information; and business information. In terms of IP, IntelBroker claims to have done away with files related to device firmware, ROMs, source code, IP files, future AMD product plans, and technical specifications. The business information leaked includes employee databases, customer databases, financial information, user IDs (probably of employees), job designation, employment statuses, and business phone numbers.

AEWIN provides a series of performant Network Appliances and Edge Server powered by single AMD Zen 4c EPYC 8004 processor codenamed Siena. The latest AMD Siena CPU is produced with 5 nm manufacturing technology to have up to 64 cores (extreme density of 2CCX/CCD) and 225 W TDP with lower energy consumption compared to EPYC SP5. Siena SP6 CPU has the best performance per watt and is with the support of rich I/O and CXL 1.1.

SCB-1945 (1U) and SCB-1947A (2U) are two performant Network Appliances supporting 12x DDR5 sockets and 4x/8x PCIe Gen 5 slots for AEWIN self-design NICs with 1G to 100G copper/fiber interfaces (with/without bypass function) or other accelerators and NVMe SSDs. Both models provide the flexibility to change 2x front panel PCIe slots to 1x PCIe x16 slot for installing off-the-shelf add-on card for additional functions required. It can support 400G NIC card installed such as NVIDIA Mellanox PCIe 5.0 NIC.

Nations have long invested in domestic infrastructure to advance their economies, control their own data and take advantage of technology opportunities in areas such as transportation, communications, commerce, entertainment and healthcare. AI, the most important technology of our time, is turbocharging innovation across every facet of society. It's expected to generate trillions of dollars in economic dividends and productivity gains. Countries are investing in sovereign AI to develop and harness such benefits on their own. Sovereign AI refers to a nation's capabilities to produce artificial intelligence using its own infrastructure, data, workforce and business networks.

Why Sovereign AI Is Important
The global imperative for nations to invest in sovereign AI capabilities has grown since the rise of generative AI, which is reshaping markets, challenging governance models, inspiring new industries and transforming others—from gaming to biopharma. It's also rewriting the nature of work, as people in many fields start using AI-powered "copilots." Sovereign AI encompasses both physical and data infrastructures. The latter includes sovereign foundation models, such as large language models, developed by local teams and trained on local datasets to promote inclusiveness with specific dialects, cultures and practices. For example, speech AI models can help preserve, promote and revitalize indigenous languages. And LLMs aren't just for teaching AIs human languages, but for writing software code, protecting consumers from financial fraud, teaching robots physical skills and much more.

We have provided an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

IBM has announced the official opening of the new IBM X-Force Cyber Range in Washington, DC. The range includes new custom training exercises specifically designed to help U.S. federal agencies, their suppliers and critical infrastructure organizations more effectively respond to persistent and disruptive cyberattacks, and threats posed by AI. The state-of-the-art facility is designed to help everyone from legal and mission-critical leaders, to the C-Suite and technical security leaders prepare for a real-world cyber incident. According to IBM's 2023 Cost of a Data Breach report the global average cost of a data breach reached $4.45 million, with the US facing the highest breach costs across all regions. Organizations that formed an incident response (IR) team and tested their IR plan experienced faster incident response times and lower costs than organizations that did neither. In fact, the report found that high levels of IR planning and testing saved industry and government nearly $1.5 million in breach costs and 54 days from the data breach lifecycle.

"From national security threats to supply chain disruptions impacting the goods and services we rely on every day, cyberattacks on government and critical infrastructure can have ramifications that go far beyond the balance sheet," said Alice Fakir, Partner, Lead of Cybersecurity Services, US Federal Market for IBM Consulting. "The elite and highly customizable cyber response training we provide at our new DC range helps organizations and federal agencies better defend against existing and emerging threats, and also addresses federal mandates like those in the Biden Administration's Executive Order 14028 focused on improving the nation's cybersecurity."

Every country needs to own the production of their own intelligence, NVIDIA founder and CEO Jensen Huang told attendees Monday at the World Governments Summit in Dubai. Huang, who spoke as part of a fireside chat with the UAE's Minister of AI, His Excellency Omar Al Olama, described sovereign AI—which emphasizes a country's ownership over its data and the intelligence it produces—as an enormous opportunity for the world's leaders. "It codifies your culture, your society's intelligence, your common sense, your history - you own your own data," Huang told Al Olama during their conversation, a highlight of an event attended by more than 4,000 delegates from 150 countries.

"We completely subscribe to that vision," Al Olama said. "That's why the UAE is moving aggressively on creating large language models and mobilizing compute." Huang's appearance in the UAE comes as the Gulf State is moving rapidly to transform itself from an energy powerhouse into a global information technology hub. Dubai is the latest stop for Huang in a global tour that has included meetings with leaders in Canada, France, India, Japan, Malaysia, Singapore and Vietnam over the past six months. The Middle East is poised to reap significant benefits from AI, with PwC projecting a $320 billion boost to the region's economy by 2030.

IBM has announced IBM LinuxONE 4 Express, extending the latest performance, security and AI capabilities of LinuxONE to small and medium sized businesses and within new data center environments. The pre-configured rack mount system is designed to offer cost savings and to remove client guess work when spinning up workloads quickly and getting started with the platform to address new and traditional use cases such as digital assets, medical imaging with AI, and workload consolidation.

Building an integrated hybrid cloud strategy for today and years to come
As businesses move their products and services online quickly, oftentimes, they are left with a hybrid cloud environment created by default, with siloed stacks that are not conducive to alignment across businesses or the introduction of AI. In a recent IBM IBV survey, 84% of executives asked acknowledged their enterprise struggles in eliminating silo-to-silo handoffs. And 78% of responding executives said that an inadequate operating model impedes successful adoption of their multicloud platform. With the pressure to accelerate and scale the impact of data and AI across the enterprise - and improve business outcomes - another approach that organizations can take is to more carefully identify which workloads should be on-premises vs in the cloud.

In collaboration with Microsoft, Durabook today announced the availability of Windows 11 Secured-core PCs for its mobile rugged computing portfolio. The Durabook S15 Rugged Laptop and U11 Rugged Tablet with advanced Windows 11 security are immediately available to protect sensitive data for professionals on the move.

Mobile, Rugged, Secure for a Perilous World
Executives, military officers, and other professionals who work in potentially hazardous environments are often responsible for highly sensitive data such as financial information, classified intelligence, and intellectual property. They are also often on the road where their computing devices are exposed to abundant cybersecurity threats, including malware and firmware attacks. These attacks are in addition to the physical perils such as being dropped, exposed to dust and potentially combustible fine particulate in the air, extreme temperatures, high humidity and water intrusion.

IQM Quantum Computers (IQM), a global leader in building quantum computers, today announced a collaboration with NVIDIA to advance future hybrid quantum applications through NVIDIA CUDA Quantum, an open-source platform for integrating and programming quantum processing units in one system. As part of this collaboration, users of IQM's quantum processing units across enterprises and research institutions can program and develop the next generation of hybrid quantum-classical applications with NVIDIA CUDA Quantum.

The collaboration aims to accelerate the development and utilization of quantum computing in various applications, fostering innovation, collaboration, and potential breakthroughs in science and industry. Leading institutions, such as CSC - IT Centre for Science and the VTT Technical Research Centre of Finland, plan to utilise CUDA Quantum on VTT's 5-qubit quantum computer developed in co-innovation partnership by IQM and VTT.

Hardware cybersecurity pioneer and industrial NAND storage specialist, Flexxon, today announced the launch of its latest security product, Xsign. Now available globally, the Xsign provides enhanced security through an innovative approach to unlocking sensitive data reserved only for authorized personnel.

With the use of the Xsign hardware security key, organisations will be provided with a tailored software platform that syncs only with the Xsign key, thereby granting access to pre-defined users. Beyond its function as a security key, the Xsign also operates as a traditional storage card, equipped with Flexxon's industry leading reliability and performance. Key beneficiaries of the solution include industries that handle personal and sensitive data like the healthcare, finance, and government and defense sectors.

Fault-tolerant quantum computers that offer radical new solutions to some of the world's most pressing problems in medicine, finance and the environment, as well as facilitating a truly widespread use of AI, are driving global interest in quantum technologies. Yet the various timetables that have been established for achieving this paradigm require major breakthroughs and innovations to remain achievable, and none is more pressing than the move from merely physical qubits to those that are fault-tolerant.

In one of the first meaningful steps along this path, scientists from Quantinuum, the world's largest integrated quantum computing company, along with collaborators, have demonstrated the first fault-tolerant method using three logically-encoded qubits on the Quantinuum H1 quantum computer, Powered by Honeywell, to perform a mathematical procedure.

Earlier today Logitech International was invited and honored to participate in the US National Label for Consumer IoT Security launch at the White House in Washington DC. The event, sponsored by the National Security Council, was led by chairwoman of the FCC, Jessica Rosenworcel, and included members of both organizations, as well as other leading tech companies focused on and making strides in product security for consumers.

Logitech is an active contributor in industry efforts to integrate security into the core standards that its products use. Through its participation in the Product Security Working Group (PSWG) and Matter Working Group within the Connectivity Standards Alliance (CSA), the company continues to work with others in the industry to write and certify the standards by which next generation products will operate.

Today, U.S. Deputy National Security Advisor Anne Neuberger, Chairwoman of the Federal Communications Commission (FCC) Jessica Rosenworcel, and Laurie Locascio, Director of the National Institute of Standards and Technology (NIST) unveiled the U.S. national IoT security label at the White House.

Infineon Technologies AG supports this action to address the growing need for IoT security. The new label supports the IoT security requirements under NISTIR 8425, which resulted from an Executive Order to improve the nation's cybersecurity. This label will recognize products that meet these requirements by permitting them to display a U.S. government label and be listed in a registry indicating that these products meet U.S. cybersecurity standards.

MSI suffered a massive data breach at the start of April and the Taiwanese electronics company promptly alerted its customers about the cyberattack on its "information systems." A few days later it emerged that a relatively young ransomware group "Money Message" was behind the hacking effort - these cybercriminals stated that they had infiltrated MSI's internal network. Gang members proceeded to acquire sensitive company files, database information and source code. At the time, Money Message demanded that MSI pay them a ransom of $4 million, with the added threat of stolen data getting leaked to the general public on the internet (in the event of MSI failing to pay up).

Money Message has this week claimed that MSI has refused to meet their demands - as a result, an upload of stolen data started on Thursday with files appearing on the group's own website, and spreading to the dark web soon after. Binarly, a cybersecurity firm, has since analyzed the leaked files and discovered the presence of many private code signing keys within the breached data dump. Alex Matrosov, Binarly's CEO states via Twitter: "Recently, MSI USA announced a significant data breach. The data has now been made public, revealing a vast number of private keys that could affect numerous devices. FW Image Signing Keys: 57 products (and) Intel Boot Guard BPM/KM Keys: 166 products." Binary has provided a list of affected MSI devices (gaming laptops & mobile workstations) on their GitHub page.