AUTO-UPDATED
Cybersecurity

Week in review: NIST updates DNS security guidance, compromised LiteLLM PyPI packages

By Source Help Net Security Published

NIST has released updated DNS security guidance for the first time in over a decade, addressing critical infrastructure protection alongside a surge in supply chain and AI-related vulnerabilities.

Key points

  • NIST published SP 800-81r3, the Secure Domain Name System Deployment Guide, replacing the 2013 version.
  • TeamPCP compromised LiteLLM packages on PyPI, while CISA warned of active exploitation in Langflow and Aqua Security’s Trivy.
  • The FCC banned the import and sale of new foreign-made routers due to national security concerns.
  • NVIDIA donated its Dynamic Resource Allocation (DRA) Driver for GPUs to the Cloud Native Computing Foundation.
  • Mandiant’s M-Trends 2026 report found that attackers now hand off access in as little as 22 seconds.
Why it matters: These developments highlight a critical shift in the threat landscape where legacy infrastructure, such as DNS, is being modernized alongside the rapid, often insecure, integration of AI agents. Organizations must balance the adoption of new automation tools with the reality that attackers are weaponizing vulnerabilities faster than ever, necessitating more rigorous supply chain and identity management.

Help Net Security Published by Help Net Security
Read original

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

Cybersecurity Prismreports.org

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Cybersecurity Internet

Lose your laptop, not your data: 7 Windows settings to enable now

Cybersecurity PCWorld

Here are the most costly travel scams to watch out for this summer

Cybersecurity The Points Guy