NIST Cybersecurity Framework and CTEM Alignment

The NIST Cybersecurity Framework gives security leaders a common language for managing cyber risk, but it does not tell teams which exposed asset to fix first on Monday morning. Continuous Threat Exposure Management fills that execution gap. When the NIST cybersecurity framework and CTEM are...

Top Cybersecurity Frameworks Compared

Top Cybersecurity Frameworks Compared: NIST, CIS, and MITRE ATT&CK Security leaders do not need another framework for the sake of paperwork. They need a practical way to decide which cybersecurity frameworks help the business govern risk, harden defenses, and validate whether controls can withsta...

Operationalizing Cybersecurity Governance for Mitigation Planning with Attack-Path Modeling and Reinforcement Learning

We address a fundamental challenge in cybersecurity operations of translating governance frameworks into actionable mitigation decisions under realistic resource constraints. Frameworks such as the NIST Cybersecurity Framework CSF provide widely adopted measures of organizational maturity, but do...

Formulating Subgroup Discovery As a Quantum Optimization Problem for Network Security

While current network intrusion detection systems achieve satisfactory accuracy, they often lack explainability. Subgroup Discovery SD addresses this by building interpretable rules that characterize feature interactions associated with attack traffic. With large datasets, classical heuristic bea...

Arbitrary Command Injection

Overview cai-framework is a Cybersecurity AI Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the findfile function, which calls subprocess.Popen with shell=True. An attacker can execute arbitrary commands on the host system by injecting malicious...

From Tabletop to Turnkey: Building Cyber Resilience in Financial Services

Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice to an operational necessity to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have...

EUVD-2025-15385

Malicious code in bioql PyPI...

A Cyberattack Victim Notification Framework

Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true...

Cybersecurity AI: Hacking the AI Hackers Via Prompt Injection

We demonstrate how AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks. Prompt injection is reminiscent of cross-site scripting XSS: malicious text is hidden within seemingly trusted content, and when the system processes it, that text is transformed...

New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework

NIST has released a concept paper for new control overlays to secure AI systems, built on the SP…...

Advancing Autonomous Incident Response: Leveraging LLMs and Cyber Threat Intelligence

Effective incident response IR is critical for mitigating cyber threats, yet security teams are overwhelmed by alert fatigue, high false-positive rates, and the vast volume of unstructured Cyber Threat Intelligence CTI documents. While CTI holds immense potential for enriching security operations...

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It's where 85% of modern work now happens. It's also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices crea...

Bridging the Gap: How Qualys Simplifies NCA ECC 2024 Compliance for Businesses

As the digital environment advances, new and more sophisticated cyber threats emerge, necessitating stronger and more adaptive cybersecurity measures. Recognizing this need, the National Cybersecurity Authority NCA of Saudi Arabia has introduced the Essential Cybersecurity Controls ECC 2024...

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

It's been a decade since the National Institute of Standards and Technology NIST introduced its Cybersecurity Framework CSF 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing...

Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0

On February 26, 2024, NIST released version 2.0 of the Cybersecurity Framework. This blog reviews the fundamental changes introduced in CSF 2.0 and data-centric security considerations that should be made when aligning with the new framework. As cybercriminals become more sophisticated, efficient...

Achieving NIST CSF 2.0 Top Tier Adaptable Status

An Overview of NIST CSF 2.0 The National Institute of Standards and Technology NIST recently updated its popular Cybersecurity Framework CSF to version 2.0 to help organizations reduce cybersecurity risks. Designed for virtually all industry sectors, from small to medium businesses SMBs to larger...

SaaS Compliance through the NIST Cybersecurity Framework

The US National Institute of Standards and Technology NIST cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS. One of the challenges facing those tasked with securing SaaS applications is t...

Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives

Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework CSF. It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to...

How to Apply NIST Principles to SaaS in 2023

The National Institute of Standards and Technology NIST is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance ...

Microsoft contributes S2C2F to OpenSSF to improve supply chain security

On August 4, 2022, Microsoft publicly shared a framework.pdf that it has been using to secure its own development practices since 2019, the Secure Supply Chain Consumption Framework S2C2F, previously the Open Source Software-Supply Chain Security OSS-SSC Framework. As a massive consumer of and...