In today’s cybersecurity news…
Steel producer disrupted by cyberattack
Nucor Corporation, the largest steel producer in the US, disclosed in an 8-K filing with the US Securities and Exchange Commission that it suffered a cyberattack “involving unauthorized third-party access to certain information technology systems.” No other information on date, threat actor, or the type of attack was disclosed. The attack halted production at several locations, although the company began slowly restarting operations. No threat group has taken credit for the attack so far.
European Vulnerability Database (EUVD) is online
The European Union Agency for Cybersecurity, ENISA, announced in June 2024 that it would start work on the database as part of the EU’s Network and Information Security 2 Directive. A closed beta for the EUVD rolled out last month. Now a full version is available online. Like the US government’s National Vulnerability Database, the EUVD will identify disclosed vulnerabilities. These vulnerabilities will carry standard CVE-assigned IDs and EUVD identifiers. It features dashboards for critical and actively exploited vulnerabilities. The EUVD claims near real-time updates, sourced from open-source databases, vendor guidelines, and national advisories.
CISA pauses advisory overhaul
The US Cybersecurity and Infrastructure Security Agency announced on May 13th that it planned to stop publishing standard updates on its Cybersecurity Alerts & Advisories site and instead shift to publishing advisories and other updates through email and social media. This would end the ability for professionals to subscribe to alerts through RSS. The agency framed the overhaul as a way to prioritize urgent alerts. Following a flurry of feedback, on May 14th the agency said, “We have paused immediate changes while we re-assess the best approach to sharing with our stakeholders.”
Australian Human Rights Commission leaks data
The AHRC is an independent statutory body created by the Australian government that receives complaints about human rights abuses. The organization announced that 670 documents were exposed online from April 3 through May 5, 2025 and indexed by search engines. These documents contain complaint webform content with private personal information and submissions to the National Anti-Racism Framework paper. The AHRC said this incident did not represent a malicious external attack. It temporarily disabled all web forms to prevent subsequent issues due to a misconfiguration and requested the indexed search engines to remove the content.
Huge thanks to our sponsor, Vanta
But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines.
Advanced Protection comes to Android
In 2017, Google debuted an Advanced Protection feature for Google accounts, giving further layers of security for particularly at-risk users, like journalists, public figures, or dissidents. Now the company is extending this feature to phones running Android 16. Like Apple’s Lockdown Mode on iOS, this blocks connections to legacy 2G data networks and disables JavaScript optimizations in the default browser. It also offers Intrusion Logging, which is stored end-to-end encrypted in the cloud to provide indelible logs that will survive even if a phone or Google account is compromised. Google will also offer an API for third-party app integration with Advanced Protection.
(Wired)
New picks for US Cyber Command coming soon
Multiple military, civilian, and congressional sources told The Record that the Trump administration will name a candidate for the vacant role of National Security Agency deputy director before Memorial Day. US Cyber Command and NSA head General Timothy Haugh and deputy NSA chief Wendy Noble were dismissed last month. This comes as the administration investigates whether to end the so-called “dual-hat” leadership of the NSA and US Cyber Command. Restructuring the leadership requires sign-off from both the Secretary of Defense and the Joint Chiefs chairman that the move won’t hinder Cyber Command.
Exposing North Korean IT workers at scale
Wired shared a report from DTEX Systems that includes a list of over 1,000 email addresses identified as linked to North Korean IT worker activity. Their report profiles two members of a group of North Korean developers now based out of Russia, using the personas “Naoki Murano” and “Jenson Collins.” This group of developers generally worked for cryptocurrency companies, including Coinbase, creating fake job applications and searching for accomplices. These fake IT workers are generally required to hit specific income quotas, with evidence of military personnel directly monitoring communications so they don’t become defectors.
(Wired)
Ivanti patches actively exploited EPMM zero-days
The company issued patches for vulnerabilities allowing authentication bypasses and remote code execution, impacting two open-source libraries it uses in its Endpoint Manager Mobile (or EPMM) solution. In its patch disclosure, the company saw “a very limited number of customers” impacted by these vulnerabilities. Filtering access to the API using ACL can help significantly reduce the risk of compromise until a patch can be deployed. Ivanti will also work with the maintainers of the impacted libraries to see if any additional CVEs should be assigned.
Microsoft extends Office security support
Earlier this year, Microsoft announced it would stop supporting Office apps on Windows 10 when that OS reaches end of support on October 14, 2025. Now, Microsoft says it will extend support for Office security updates for an additional three years “[t]o help maintain security while you transition to Windows 11.” Microsoft still recommends businesses update to Windows 11 well before that deadline “to avoid performance and reliability issues over time.”