AI is revolutionizing cybersecurity, raising the stakes for CISOs who must balance innovation with risk management. As adversaries leverage AI to enhance attacks, effective cybersecurity requires visibility, adaptive strategies, and leadership alignment at the board level.

The post AI is Rewriting the Rules of Risk: Three Ways CISOs Can Lead the Next Chapter  appeared first on Security Boulevard.

The European Union Agency for Cybersecurity has released an updated international strategy to reinforce the EU’s cybersecurity ecosystem and strengthen cooperation beyond Europe’s borders. The revised ENISA International Strategy refreshes the agency’s approach to working with global partners while ensuring stronger alignment with the European Union’s international cybersecurity policies, core values, and long-term objectives.  Cybersecurity challenges today rarely stop at national or regional borders. Digital systems, critical infrastructure, and data flows are deeply intertwined across continents, making international cooperation a necessity rather than a choice. Against this backdrop, ENISA has clarified that it will continue to engage strategically with international partners outside the European Union, but only when such cooperation directly supports its mandate to improve cybersecurity within Europe.

ENISA International Strategy Aligns Global Cooperation With Europe’s Cybersecurity Priorities 

Under the updated ENISA International Strategy, the agency’s primary objective remains unchanged: raising cybersecurity levels across the EU. International cooperation is therefore pursued selectively and strategically, focusing on areas where collaboration can deliver tangible benefits to EU Member States and strengthen Europe’s overall cybersecurity resilience. ENISA Executive Director Juhan Lepassaar highlighted the importance of international engagement in achieving this goal. He stated: “International cooperation is essential in cybersecurity. It complements and strengthens the core tasks of ENISA to achieve a high common level of cybersecurity across the Union.   Together with our Management Board, ENISA determines how we engage at an international level to achieve our mission and mandate. ENISA stands fully prepared to cooperate on the global stage to support the EU Member States in doing so.”  The strategy is closely integrated with ENISA’s broader organizational direction, including its recently renewed stakeholders’ strategy. A central focus is cooperation with international partners that share the EU’s values and maintain strategic relationships with the Union.

Expanding Cybersecurity Partnerships Beyond Europe While Supporting EU Policy Objectives 

The revised ENISA International Strategy outlines several active areas of international cooperation. These include more tailored working arrangements with specific countries, notably Ukraine and the United States. These partnerships are designed to focus on capacity-building, best practice exchange, and structured information and knowledge sharing in the field of cybersecurity.  ENISA will also continue supporting the European Commission and the European External Action Service (EEAS) in EU cyber dialogues with partners such as Japan and the United Kingdom. Through this role, ENISA provides technical expertise to inform discussions and to help align international cooperation with Europe’s cybersecurity priorities.  Another key element of the strategy involves continued support for EU candidate countries in the Western Balkans region. From 2026 onward, this support is planned to expand through the extension of specific ENISA frameworks and tools. These may include the development of comparative cyber indexes, cybersecurity exercise methodologies, and the delivery of targeted training programs aimed at strengthening national capabilities. 

Strengthening Europe’s Cybersecurity Resilience Through Multilateral Frameworks 

The updated strategy also addresses the operationalization of the EU Cybersecurity Reserve, established under the 2025 EU Cyber Solidarity Act. ENISA plans to support making the reserve operational for third countries associated with the Digital Europe Programme, including Moldova, thereby extending coordinated cybersecurity response mechanisms while maintaining alignment with EU standards.  In addition, ENISA will continue contributing to the cybersecurity work of the G7 Cybersecurity Working Group. In this context, the agency provides EU-level cybersecurity expertise when required, supporting cooperation on shared cyber threats and resilience efforts. The strategy also leaves room for exploring further cooperation with other like-minded international partners where mutual interests align.  Finally, the ENISA International Strategy reaffirms the principles guiding ENISA’s international cooperation and clarifies working modalities with the European Commission, the EEAS, and EU Member States. These principles were first established following the adoption of ENISA’s initial international strategy in 2021 and have since been consolidated and refined based on practical experience and best practices. 

Cloud security titan Zscaler Inc. has acquired SquareX, a pioneer in browser-based threat protection, in an apparent move to step away from traditional, clunky security hardware and toward a seamless, browser-native defense. The acquisition, which did not include financial terms, integrates SquareX’s browser detection and response technology into Zscaler’s Zero Trust Exchange platform. Unlike traditional..

The post Zscaler Bolsters Zero-Trust Arsenal with Acquisition of Browser Security Firm SquareX appeared first on Security Boulevard.

Start PQC pilots now—not to prove readiness but to surface interoperability, vendor, inventory, and skills gaps so organizations can manage post-quantum migration risks.

The post Your PQC Pilot Might Fail, and That’s Okay  appeared first on Security Boulevard.

The growing cyber threat from End-of-Support edge devices is no longer a technical inconvenience, it is a national cybersecurity liability. With threat actors actively exploiting outdated infrastructure, federal agencies can no longer afford to treat unsupported edge technology as a future problem. The latest Binding Operational Directive (BOD 26-02) makes one thing clear- mitigating risk from End-of-Support edge devices is now mandatory, measurable, and time-bound. This directive, issued under the authority of the Department of Homeland Security (DHS) and enforced by the Cybersecurity and Infrastructure Security Agency (CISA), forces Federal Civilian Executive Branch (FCEB) agencies to confront a long-standing weakness at the network perimeter, devices that no longer receive vendor support but still sit exposed to the internet.

Why End-of-Support Edge Devices Are a High-Risk Blind Spot

End-of-Support (EOS) edge devices are particularly dangerous because of where they live. Firewalls, routers, VPN gateways, load balancers, and network security appliances operate at the boundary of federal networks. When these devices stop receiving patches, firmware updates, or CVE fixes, they become ideal entry points for attackers. CISA has already observed widespread exploitation campaigns targeting EOS edge devices. Advanced threat actors are using them not just for initial access, but as pivot points into identity systems and internal networks. In simple terms, one outdated edge device can undermine an entire Zero Trust strategy. The uncomfortable truth is this that agencies that delay replacing EOS edge devices are accepting disproportionate and avoidable risk.

Binding Operational Directive 26-02

BOD 26-02 is not guidance, it is enforcement. Federal agencies are legally required to comply, and the directive lays out a clear lifecycle-based approach to mitigating risk from End-of-Support edge devices. Within three months, agencies must inventory EOS devices using the CISA EOS Edge Device List. Within twelve months, they must decommission devices already past support deadlines. By eighteen months, all EOS edge devices must be removed from agency networks, replaced with vendor-supported alternatives. Most importantly, the directive doesn’t stop at cleanup. Within twenty-four months, agencies must establish continuous discovery processes to ensure no edge device reaches EOS while still operational. This is the shift federal cybersecurity has needed for years—from reactive patching to proactive lifecycle management.

Lifecycle Management is the Real Security Control

What BOD 26-02 exposes is not just a device problem, but a governance failure. Agencies that struggle with End-of-Support edge devices often lack mature asset management, refresh planning, and procurement alignment. OMB Circular A-130 already required unsupported systems to be phased out “as rapidly as possible.” This directive simply removes ambiguity and excuses. If an agency cannot track when its edge devices reach EOS, it cannot credibly claim to manage cyber risk. The directive also aligns closely with Zero Trust principles outlined in OMB Memorandum M-22-09, reinforcing MFA, asset visibility, workload isolation, and encryption. EOS devices undermine every one of these controls.

What it Means for Federal Cybersecurity

Some agencies will view this directive as operationally disruptive. That reaction misses the point. The real disruption comes from ransomware, espionage, and persistent network compromise—outcomes that EOS edge devices actively enable. BOD 26-02 signals a long-overdue cultural shift- unsupported technology is no longer tolerated at the federal network edge. Agencies that treat compliance as a checkbox will struggle. Those that use it to modernize lifecycle management will be far more resilient. In today’s threat environment, mitigating risk from End-of-Support edge devices is not about compliance, it’s about survival.

It has been difficult at times for new mainline releases in the Civilization series of games to win over new players right out of the gate. For Civilization VII—which launched just shy of one year ago—the struggles seemed to go deeper, with some players saying it didn't feel like a Civilization game.

Civ VII’s developer, Firaxis Games, announced today it is planning an update this spring called "Test of Time" that rethinks a few unpopular changes, in some cases replacing key mechanics from the original release.

I spoke with Ed Beach, the Civilization franchise's creative director, as well as Dennis Shirk, its executive producer, about what's changing, the team's interpretation of the player backlash to the choices in the initial release, and Firaxis and 2K's plans for the future of the Civilization model.

Read full article

Comments

© Samuel Axon

The Japanese government has formally adopted a new cybersecurity strategy that will guide national policy over the next five years. The decision was approved at a cabinet meeting on Tuesday and aims at strengthening Japanese cybersecurity coordination across civilian, law enforcement, and defense institutions.  Under the new cybersecurity strategy, Japan will establish a framework that enables closer cooperation between the police, the Defense Ministry, and the Self-Defense Forces when responding to serious cyber incidents. The goal is to ensure faster detection, analysis, and neutralization of attacks that could affect national security or critical infrastructure.  Officials described the move as a response to a severe threat environment, particularly from state-backed cyber actors. 

State-Sponsored Attacks and AI-Driven Risks 

The strategy explicitly identifies cyber operations linked to China, Russia, and North Korea as “serious threats” to Japan. Government officials noted that these attacks have grown in both scale and technical prowess, targeting public institutions, private companies, and essential services. The document also warned that cyberattacks leveraging artificial intelligence technologies are a new and dangerous risk.  This assessment builds on earlier concerns raised by Japan’s security agencies, which have observed a steady rise in ransomware attacks, financial fraud, and data breaches. In 2023 alone, online banking fraud in Japan resulted in losses exceeding 8.7 billion yen, underscoring the economic impact of cybercrime alongside its national security implications. 

Government-Centered Cybersecurity Strategy 

A central pillar of the new Japanese cybersecurity approach is the concept of “government-centered defense and deterrence.” This policy direction follows the enactment earlier this year of legislation introducing active cyber defense, which allows authorities to monitor communications in cyberspace during peacetime to prevent cyberattacks before they cause damage.  As part of this framework, all cybersecurity-related intelligence and incident data will be consolidated at the National Cybersecurity Office, which was established following the new law enactment. Centralizing information is intended to allow swift and accurate identification, analysis, and assessment of cyber incidents, reducing delays caused by fragmented reporting across agencies.  The government is also committed to strengthening human resources by developing specialized talent, improving technical systems, and conducting regular training and simulation exercises. Officials emphasized that technical capability and skilled personnel are critical components of any effective cybersecurity strategy. 

Public-Private and International Cooperation 

Recognizing that cyber threats do not respect national or sectoral boundaries, the strategy places strong emphasis on collaboration beyond government agencies. It includes plans to enhance cooperation between the public and private sectors, with operators of critical infrastructure invited to participate in a government-led council designed for two-way information sharing.  The strategy also stresses the importance of international cooperation. “No country could handle cyberattacks alone,” the document noted, calling for deeper engagement with allied and like-minded nations to share intelligence, coordinate responses, and build collective resilience.  At a news conference on Tuesday, Hisashi Matsumoto, Japan’s minister in charge of cybersecurity, said Prime Minister Sanae Takaichi had instructed him to prioritize public-private collaboration, strengthen international partnerships, and ensure unified action across government agencies. “We must work together with the private sector and cooperate with other countries to address cyber threats,” Matsumoto said. “This is the core of our new strategy.” 

Legislative Challenges and Ongoing Debate 

Despite the adoption of the strategy, Japan’s broader cybersecurity agenda has faced political and legal challenges. Plans to introduce a comprehensive cybersecurity bill centered on active cyber defense have been delayed following political upheaval, including a change in prime minister and the ruling coalition’s loss of its parliamentary majority in the October general election.  The proposed bill has generated debate over privacy and constitutional protections, particularly Japan’s strong safeguards for the secrecy of communications. Legal experts and some officials have raised concerns that active monitoring could conflict with these protections. As a result, momentum behind the legislation has slowed, with officials indicating that the earliest possible submission may be during the next regular Diet session.