Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security.

The post Frame Security Emerges From Stealth With $50M for Awareness and Training Platform appeared first on SecurityWeek.

The startup will invest in expanding its training categories, optimizing video generation, and growing its partnership ecosystem.

The post Herd Security Raises $3 Million for AI-Powered Training Platform appeared first on SecurityWeek.

The Defense Department would require that senior leaders have secure mobile phones, that personnel would get cybersecurity training that includes a focus on artificial intelligence and that cyber troops would have access to mental health services under a compromise annual defense policy bill released over the weekend.

The deal between House and Senate negotiators on the fiscal 2026 National Defense Authorization Act (NDAA) is a massive piece of legislation that runs the gamut of the Pentagon, including a record-breaking $901 billion topline figure. It also has a grab bag of cybersecurity policy provisions. The House could take it up as soon as this week.

The legislation states that the secretary of defense “shall ensure” that wireless mobile phones the department provides to its senior leaders and others working on sensitive national security missions meets a list of cybersecurity requirements, such as data encryption. A Pentagon watchdog last week published long-awaited examinations of the Signalgate incident that enveloped Defense Secretary Pete Hegseth. 

The bill directs the department to make sure that behavioral health specialists with proper security clearances are dispatched to United States Cyber Command and the Cyber Mission Force. It follows in the tradition of past provisions of defense policy bills to address the mental health needs of personnel there.

The department is told to revise mandatory training on cybersecurity for members of the Armed Forces and civilian employees “to include content related to the unique cybersecurity challenges posed by the use of artificial intelligence.”

There are plenty of other cybersecurity provisions contained in the bill.

It would set up barriers to splitting the leadership of Cyber Command and the National Security Agency by prohibiting any department funding from being used to “reduce or diminish the responsibilities, authorities or organizational oversight of the Commander of the United States Cyber Command.”

On behalf of defense contractors, the bill orders the department to “harmonize the cybersecurity requirements” across the department and reduce the number of cybersecurity requirements “that are unique to specific contracts.” That’s a focus of the forthcoming Trump administration cybersecurity strategy.

It also includes a statement of policy on the use of commercial spyware. It says that policy is to oppose the misuse of commercial spyware to include groups like journalists and human rights activists, to coordinate with allies to prevent the export of commercial spyware to those who are likely to misuse them and to “establish robust guardrails,” as well as work with the private sector counter abuse.

Such statements of policy don’t carry legal force but give a sense of lawmaker consensus and intentions.

The post Defense bill addresses secure phones, AI training, cyber troop mental health appeared first on CyberScoop.

A bipartisan group of senators are looking to tackle health care cybersecurity by reviving legislation that would update regulations and guidelines, authorize grants, offer training and clarify federal agency roles.

It’s a subset of cybersecurity where Congress hasn’t enacted any sweeping changes to date. The resurrected Health Care Cybersecurity and Resiliency Act from Health, Education Labor and Pension Committee Chairman Bill Cassidy, R-La., and his colleagues on both sides of the aisle emerges from a 2023 bipartisan health care cybersecurity working group.

Cassidy and his cosponsors — Mark Warner, D-Va., Maggie Hassan, D-N.H., and John Cornyn, R-Tex. — first introduced the bill in late November last year, with little time left in the session to take action on it before Congress adjourned at the beginning of 2025.

“Cyberattacks in the health care sector can have a wide range of devastating consequences, from exposing private medical information to disrupting care in ERs — and it can be particularly difficult for medical providers in rural communities with fewer resources to prevent and respond to these attacks,” Hassan said in a news release Thursday.

The legislation aspires to improve coordination between the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, with steps like directing HHS to work with CISA state coordinators to provide training to health care owners and operators.

It would clarify HHS’s responsibilities and give it additional responsibilities, such as directing it to develop a cybersecurity incident response plan. It also requires HHS to update Health Insurance Portability and Accountability Act (HIPAA) regulations for health care identities to use modern cybersecurity practices, issue guidance for rural health clinics on breach prevention.

And it authorizes a five-year grant program at HHS for select health care entities, like academic health and cancer centers, although it doesn’t specify a dollar amount.

Some of those goals are similar to provisions from other health care cybersecurity bills that haven’t become law, some of which emerged after the Change Healthcare ransomware attack that led to the biggest breach of health care data ever reported to federal regulators.

“Patients deserve absolute confidence that their sensitive medical data stored online is protected and shielded from cybersecurity breaches or ransomware attacks,” Cornyn said.

The post Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues appeared first on CyberScoop.

This blog post is aimed at the intermediate level learner in the fields of data science and artificial intelligence. If you would like to read up on some fundamentals, here […]

The post AI Large Language Models and Supervised Fine Tuning appeared first on Black Hills Information Security, Inc..

| Carrie Roberts // Guest Author Carrie Roberts is an Antisyphon instructor and experienced cyber security professional who has mentored many on their journey into cyber. My name is Carrie […]

The post From High School to Cyber Ninja—For Free (Almost)! appeared first on Black Hills Information Security, Inc..

In this BHIS podcast, originally recorded as a live webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens.  We cover how to […]

The post BHIS PODCAST: Tracking attackers. Why attribution matters and how to do it. appeared first on Black Hills Information Security, Inc..

💾

Chevy Swanson // I got my start in InfoSec through a few competitions during my time in high school. My team and I were fortunate to have a supportive school and […]

The post Creating the Next Generation of Interns appeared first on Black Hills Information Security, Inc..