VulnHub

Real-time Cybersecurity News

Treasury asks whether terrorism risk insurance program should bolster cyber coverage

CyberScoop
Critical

Overview

The U.S. Treasury Department is seeking public input on the potential expansion of cyber coverage within the Terrorism Risk Insurance Act (TRIA) established in 2002. This program currently provides financial assistance for insurance claims related to terrorist attacks, but the Treasury is considering whether it should also include cyber incidents. As cyber threats continue to increase and evolve, there is a growing concern about how these risks are insured. The public comment period allows stakeholders, including insurers, businesses, and cybersecurity experts, to voice their opinions on this critical issue. The outcome could significantly impact how cyber risks are managed and insured in the future, especially for organizations vulnerable to cyberattacks.

Key Takeaways

  • Timeline: Newly disclosed

Original Article Summary

A Federal Register notice seeks public comment on how cyber is covered within a 2002 law and program. The post Treasury asks whether terrorism risk insurance program should bolster cyber coverage appeared first on CyberScoop.

Impact

Not specified

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw

SecurityWeek

The article discusses the evolution of agentic AI systems, which are moving from merely suggesting actions to taking independent actions within systems. This shift raises significant governance and security concerns, particularly as these AI platforms gain more access to critical systems. The case of OpenClaw serves as a cautionary tale, illustrating the potential risks of inadequate oversight. As these technologies become more autonomous, it is crucial for organizations and regulators to establish better frameworks for managing them. Without proper governance, the implications for security and accountability could be severe, affecting various sectors that rely on AI.

Mar 24, 2026

Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack

CyberScoop

Attackers have hacked Trivy, an open-source security tool, and released malicious versions of the software. This incident raises concerns as Mandiant warns that it could affect up to 10,000 downstream users who rely on Trivy for security assessments. The presence of compromised versions may lead to a significant rise in extortion attempts against these users. The situation emphasizes the risks associated with using open-source tools, particularly when they become targets for malicious actors. Organizations that use Trivy need to be vigilant and assess their security protocols to mitigate potential fallout.

Mar 24, 2026

Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector

SecurityWeek

In December 2025, Poland experienced a significant cyberattack that targeted its energy system, leading to widespread disruptions. The attack is believed to have originated from Russia, raising concerns about geopolitical tensions and the security of critical infrastructure. This incident is part of a broader surge in cyberattacks affecting Poland, indicating a troubling trend in cybersecurity threats faced by the nation. As a result, the energy sector, crucial for both public services and economic stability, is now at heightened risk. The implications of these attacks extend beyond immediate operational disruptions, as they could impact national security and public confidence in essential services.

Mar 24, 2026

Novel Iran-linked hacking group takes aim at Middle Eastern energy firms

SCM feed for Latest

A new hacking group known as Nasir Security, believed to be linked to Iran, has launched cyberattacks against various energy sector organizations in the Middle East. These attacks come amid rising geopolitical tensions, raising concerns about the security of critical energy infrastructure in the region. The targeted firms have not been specifically identified in the report, but the implications are significant, as energy companies are vital to national economies and security. Experts warn that such operations could disrupt energy supplies and have broader economic impacts, emphasizing the need for enhanced cybersecurity measures within this sector. Companies in the energy sector should be vigilant and bolster their defenses against potential threats from this group.

Mar 24, 2026

Illicit VS Code projects tapped to deploy StoatWaffle malware

SCM feed for Latest

A North Korean cyber operation known as WaterPlum has been using malicious Visual Studio Code (VS Code) projects to spread a new strain of malware called StoatWaffle since December. This operation is part of a broader campaign referred to as Contagious Interview. Researchers from The Hacker News reported that these infected projects are designed to trick users into downloading the malware, potentially compromising their systems. This tactic highlights the growing trend of using legitimate software tools to deliver malicious payloads, which can lead to significant security risks for developers and organizations relying on popular coding platforms. Users of VS Code should be cautious and ensure they are downloading extensions and projects from reputable sources to avoid falling victim to such attacks.

Mar 24, 2026

Mazda confirms limited employee, business partner data breach

SCM feed for Latest

Mazda Motor Corporation has confirmed a data breach that involved the compromise of 692 records containing information about employees and business partners. This incident occurred in December and raises concerns about the security of sensitive data within the automotive industry. While Mazda has not disclosed specific details about how the breach happened, the exposure of such records can lead to identity theft or unauthorized access to company resources. Companies like Mazda must ensure they have strong security measures in place to protect personal information, as breaches can damage trust and reputation. Customers and partners may want to be vigilant about potential phishing attempts or other fraudulent activities that could arise from this incident.

Mar 24, 2026