NIST Updates DNS Security Guidance After Compromised Python Packages on PyPI

Post Views: 6

NIST Updates DNS Security Guidance

The National Institute of Standards and Technology (NIST) has published an updated guide for securing the Domain Name System (DNS), a crucial component of internet infrastructure. The new guidelines, known as SP 800-81r3, address the need for improved DNS security configurations, which have remained largely unchanged since 2013.

Main Areas Covered:

Using DNS as an Active Security Control
Securing the DNS Protocol
Protecting DNS Servers and Infrastructure

Critical RCE Vulnerability in BIG-IP APM Systems

F5’s BIG-IP Access Policy Manager (APM) solution has been found to have a critical unauthenticated remote code execution (RCE) vulnerability (CVE-2025-53521). The vulnerability allows attackers to execute arbitrary code on affected systems, potentially leading to data breaches or other malicious activities.

US Cybersecurity and Infrastructure Security Agency (CISA) Warning:

The US CISA has warned that the vulnerability is actively being exploited, and organizations are advised to take immediate action to mitigate the risk.

TeamPCP Strikes Again

TeamPCP, a cybercrime group, has struck again, compromising a PyPI package, Telnyx, which delivered malware to unsuspecting users. The compromise highlights the ongoing threat posed by supply chain attacks, which can be particularly challenging to detect and respond to.

CISA Sounds Alarm on Langflow RCE and Trivy Supply Chain Compromise

The US CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a code injection vulnerability in Langflow, and CVE-2026-33634, an embedded malicious code vulnerability in Aqua Security’s Trivy security scanner.

Top Product Launches at RSAC 2026

RSAC 2026 showcased a wave of innovative technologies, including AI-powered defense, breakthroughs in identity protection, and advancements in cybersecurity frameworks. The event highlighted the ongoing evolution of the cybersecurity landscape and the need for organizations to adapt and stay ahead of emerging threats.

Resources

ISC2 has announced a series of resources to help organizations prepare for and respond to emerging threats. The resources include:

A comprehensive guide to DNS security
A toolkit for identifying and mitigating RCE vulnerabilities
A series of webinars and workshops on cybersecurity best practices

Cybersecurity Jobs Available Right Now

We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.