Threatsday Bulletin: Cisco 0-days, AI Bug Bounties, Crypto Heists,...

Behind every click, there's a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us.

But security teams are fighting back. They're building faster defenses, better ways to spot attacks, and stronger systems to keep people safe. It's a constant race — every move by attackers sparks a new response from defenders.

In this week's ThreatsDay Bulletin, we look at the latest moves in that race — from new malware and data leaks to AI tools, government actions, and major security updates shaping the digital world right now.

The U.K. government has proposed a new Cyber Security and Resilience Bill that aims to strengthen national security and secure public services like healthcare, drinking water providers, transport, and energy from cybercriminals and state-backed actors. Under the proposal, medium and large companies providing services like IT management, IT help desk support, and cybersecurity to private and public sector organisations like the National Health Service (NHS) will be regulated. Organizations covered by the new law would have to report more harmful cyber incidents to both their regulator and the National Cyber Security Centre (NCSC) within 24 hours, followed by a full report sent within 72 hours. Penalties for serious violations under the new rules will reach daily fines equivalent to £100,000 ($131,000), or 10% of the organization's daily turnover – whichever is higher. "Because they hold trusted access across government, critical national infrastructure and business networks, they will need to meet clear security duties," the government said. "This includes reporting significant or potentially significant cyber incidents promptly to the government and their customers as well as having robust plans in place to deal with the consequences."

A former Intel employee has been accused of downloading thousands of documents shortly after the company fired him in July, many of them classified as "Top Secret." The Oregonian, which reported on the lawsuit, said Jinfeng Luo downloaded 18,000 files to a storage device. After failing to get in touch with Luo at his home in Seattle and at two other addresses associated with him, the chipmaker filed suit seeking at least $250,000 in damages.

The Open Web Application Security Project (OWASP) has released a revised version of its Top

Source: The Hacker News