Congress Advances Bill to Add AI to National Vulnerability Database
The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.
Incident coverage examines breaches, outages, and response failures to explain how security events affect systems, data, and organizations.
Search across headline titles and summaries.
Background for this topic.
An incident is a suspected or confirmed event that threatens the confidentiality, integrity, or availability of information or systems, or violates a security policy. Examples include unauthorized access, malware execution, exposed credentials, data loss, and disruptive attacks. Not every alert is an incident: triage determines whether an event is credible, its scope, and the assets or data involved.
Incident handling requires timely detection, analysis, containment, eradication, and recovery. Practitioners must preserve relevant evidence, identify affected accounts and systems, assess whether data was accessed or altered, and prevent recurrence. Clear escalation and documentation support privacy or regulatory notifications when applicable. Findings should feed security improvements such as closing exploited vulnerabilities, strengthening access controls, and updating detection and response procedures.
The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.
British Transport Police and Network Rail are investigating the incident, in which bad actors posted Islamophobic messages on the transport system's network.
See it, say it… not sorted just yet as network access remains offline A cybersecurity incident is being probed at Network Rail, the UK non-departmental public body responsible for repairing and developing train infrastructure, after unsavory messaging was displayed to those connecting to major stations' free Wi-Fi portals.…
Millions of Customers Will Also Be Offered Monitoring of Genetic Data on Dark WebGenetics testing firm 23andMe will offer cash payments to millions of individuals whose sensitive data was compromised in a 2023 credential stuffing incident. Under the proposed $30 million lawsuit settlement, affected customers will also be offered dark web monitoring of their genetic data.
A water treatment facility in a small city took serious precautions to prevent any bad outcomes from a hazy cyber incident.
Arkansas City’s water treatment facility faced a cyber incident on Sunday and has since switched to manual operations