CISA Wants Cybersecurity Community to Alert It to Vulnerability Exploitations

CISA asks cybersecurity community to alert it to vulnerability exploitation

The Cybersecurity and Infrastructure Security Agency is now letting security experts nominate vulnerabilities to the agency’s Known Exploited Vulnerabilities catalog.

CISA on Thursday published a form that technology vendors, independent researchers and anyone else can use to warn CISA that hackers are exploiting a vulnerability and it should be added to the KEV.

“This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” Chris Butera, CISA’s acting executive assistant director for cybersecurity, said in a statement. “Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale.”

The form asks submitters to provide as much information as possible about a vulnerability, including its CVE number, evidence of exploitation and mitigation guidance. The form also asks whether the vulnerability affects multiple vendors or products.

Trump yanked AI order after David Sacks raised industry concerns

Thursday’s abrupt postponement of President Donald Trump’s much-awaited executive order on artificial intelligence came after former AI czar David Sacks voiced industry concerns about the measure to Trump, according to a senior White House official and two people familiar with the matter.

Sacks’ 11th hour intervention — and his arguments that the order could prove too onerous for the rapidly evolving AI industry — came even though he had been briefed about the directive in recent days, one of the people told POLITICO. The people were granted anonymity to discuss internal conversations.

The executive order, which the White House planned to release Thursday afternoon, would have set in motion a voluntary oversight system in which developers of advanced AI models could submit their products to a review by federal agencies before releasing them, POLITICO previously reported. It was meant to address concerns that advanced AI products from companies like Anthropic could unleash devastating cyberattacks and other havoc if they fell into the wrong hands.

US to invest $2 billion in IBM, other quantum computing firms

The Trump administration will take $2 billion in equity stakes across nine quantum-computing companies, including a new IBM, in a major push to secure U.S. ‌leadership in the emerging technology and counter China.

The move shows the growing prominence of quantum computing, where recent technological breakthroughs have deepened investor interest in its potential to speed up tasks ranging from drug discovery to financial modelling and cryptography.

The U.S. Department of Commerce said on Thursday that IBM would receive $1 billion to set up a company to manufacture quantum chips, while contract chipmaker GlobalFoundries (GFS.O), opens new tab will get $375 million to build a U.S. factory producing components for different types of quantum machines.

IBM said the new company, Anderon, will be based in New Albany, New York, and become America's first dedicated quantum chip manufacturing ⁠facility. It did not disclose the government's stake in the new company.

Cybersecurity Incident Disclosure: Form 8-K Tracker (Two-Year Update)

Key Takeaways. Two years after the May 21, 2024 statement by the Securities and Exchange Commission’s (“SEC”) Division of Corporation Finance clarifying the intended use of Item 1.05 of Form 8-K for cybersecurity incident disclosures, voluntary Item 8.01 cybersecurity filings (where materiality has not yet been determined) have significantly outpaced Item 1.05 filings (for material cybersecurity incidents) and most incidents initially disclosed under Item 8.01 have not subsequently resulted in an Item 1.05 filing.

…

Background. In July 2023, we published a post summarizing the cybersecurity disclosure rules adopted by the SEC for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. Under these rules, Item 1.05 of Form 8-K requires U.S. public companies to disclose material cybersecurity incidents. We have been monitoring Form 8-K filings under the SEC requirements since the rules went into effect on December 18, 2023. This chart includes links to each of these filings, as well as the relevant dates and amendments (if any), updated as of May 21, 2026, together with brief summaries of each Item 1.05 disclosure.

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States.

A criminal complaint unsealed today in an Alaska district court charges Jacob Butler, a.k.a. “Dort,” of Ottawa, Canada with operating the Kimwolf DDoS botnet. A statement from the Department of Justice says the complaint against Butler was unsealed following the defendant’s arrest in Canada by the Ontario Provincial Police pursuant to a U.S. extradition warrant. Butler is currently in Canadian custody awaiting an initial court hearing scheduled for early next week.

Apple Blocked $2.2bn in App Store Fraud in the Last Year

Apple blocked App Store users from losing over $2.2bn in fraudulent transactions during the last year and prevented over a billion accounts from being created to commit fraud.

The total of fraudulent App Store transactions Apple has blocked over the last six years now stands at more than $11.2bn.

The Apple App Store contains over 680,000 apps which are used to sell goods and services. As a widely used ecosystem which people use to make payments, cybercriminals and fraudsters will naturally attempt to target users.

Apple said that by combining human review and machine learning, it has built AI models to accelerate fraud detection and quickly evaluate new deceptive tactics used by fraudsters.

“As the digital landscape expands, malicious actors continue to evolve their methods, often using deceptive tactics to target consumers and legitimate businesses,” Apple said in the blog post, published on May 20.