InfoSecBulletin Cybersecurity for mankind
NIST has released its Cybersecurity Framework 2.0 after several years of consideration. The new framework expands its recommendations to cover the concerns of organizations beyond critical infrastructure.
NIST issued the first CSF in 2014, in response to a presidential executive order, to assist organizations, particularly critical infrastructure, in managing cybersecurity risk. CSF 2.0 expands on the original five functions (Identify, Protect, Detect, Respond, and Recover) and adds a new one, Govern. The updated CSF also covers supply chain risks.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
“Developed by working closely with stakeholders and reflecting the most recent cybersecurity challenges and management practices, this update aims to make the framework even more relevant to a wider swath of users in the United States and abroad,” according to a statement from Kevin Stine, chief of NIST’s Applied Cybersecurity Division.
NIST included a reference tool in CSF 2.0 to help cybersecurity teams find guidance data. It also has a searchable catalog and many references to help organizations of all sizes implement the new framework.
