Cisco Zero-Day Under Active Attack, US Issues AI Security Order, and New "HTTP/2 Bomb" Threatens Web Servers

Further details on the 'Promoting Advanced Artificial Intelligence Innovation and Security' executive order reveal an NSA-led consortium will develop a classified benchmarking process within 60 days to define 'covered frontier models.' Additionally, the Attorney General is directed to prioritize enforcement of federal laws against the malicious use of AI for cybercrime. CISA is also tasked with issuing binding operational directives to federal agencies to implement the EO's security goals, providing more clarity on the order's operational rollout and enforcement mechanisms.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has now partnered with the FBI, NSA, and Department of Energy to issue an urgent warning regarding ongoing cyberattacks targeting internet-exposed automatic tank gauge (ATG) systems. The updated advisory provides more specific details on potential impacts, including fuel supply chain disruptions, economic damage, and explicit safety hazards like fires or explosions from manipulated readings. New mitigation recommendations include network segmentation and regular firmware updates, alongside previous advice on removing systems from public internet exposure and strengthening credentials. Attackers are using internet scanning (T1595) and exploiting public-facing applications (T1190) to manipulate control systems (T0829, T0814).

The EU is advancing a new cybersecurity package that includes an update to the EU Cybersecurity Act (CSA2), targeted amendments to the NIS2 Directive, and a new Digital Networks Act. The amendments to NIS2 aim to simplify certification provisions and better align it with the updated CSA2. This package seeks to bolster digital defenses, secure ICT supply chains, and strengthen the role of ENISA, while also accelerating the deployment of secure, high-speed network infrastructure across the EU. The proposal is currently under review by the TTE Council, with further legislative steps expected.

The cybersecurity market is seeing a wave of new product launches leveraging AI and automation to counter agentic attacks. Noma introduced Agent Access Control for governing AI agents, Asimily launched Segmentation Orchestration for automated network policy, Diligent unveiled an AI-powered Cyber Risk Management platform, and MazeBolt released RADAR VectorAI for simulating advanced DDoS attacks. These innovations directly address the need for faster, more automated defense mechanisms against the rapid pace of AI-driven threats, shifting security operations towards proactive and predictive models. This market response indicates a significant step towards closing the speed mismatch identified previously.

The Qilin ransomware group has continued its activity, claiming new victims in diverse sectors. Recent attacks include Austrian private aviation company Avcon Jet, Canadian oilfield services firm Trican Well Service, and Slovenian food manufacturer Don Don. This indicates a broadening of Qilin's targeting beyond the previously reported heavy focus on healthcare, demonstrating its opportunistic nature and wider impact across various industries.