In an urgent call to action, international cyber agencies are rallying Internet Service Providers (ISPs) and network defenders to combat the proliferation of “bulletproof” hosting providers (BPHs). These entities, notorious for providing infrastructure that shields cybercriminals, have become increasingly intertwined with legitimate internet services. Meanwhile, the Cloud Security Alliance (CSA) has introduced a new risk assessment framework tailored for autonomous AI systems, while the Center for Internet Security (CIS) has launched fresh benchmarks and updates for various software products. Here are the key developments you need to know:
Combatting Bulletproof Hosting Providers
Cybersecurity agencies from Australia, Canada, the Netherlands, New Zealand, the U.K., and the U.S. have issued a joint advisory titled “Bulletproof Defense: Mitigating Risks From Bulletproof Hosting Providers.” This initiative aims to diminish the influence of BPHs that facilitate cyber operations targeting critical infrastructure and financial institutions.
These hosting providers often ignore legal processes and law enforcement requests, enabling the likes of ransomware attacks, data extortion, and malware distribution. They utilize techniques such as fast flux to obscure the identities of cybercriminals, complicating efforts to expose them.
Crucially, BPHs are not standalone entities; they increasingly lease infrastructure from legitimate ISPs and data centers, further complicating detection efforts. The advisory recommends several strategies for ISPs, including:
- Rigorous traffic analysis
- Automated reviews of malicious resources
- Robust standards for ISP accountability
- Proactive filtering tools
- Transparent communication regarding threats
Madhu Gottumukkala, Acting Director of CISA, emphasized that addressing BPHs is vital for safeguarding critical systems: “By shining a light on these illicit infrastructures, we are making it harder for criminals to hide.” In related actions, the U.S. Treasury recently sanctioned the Russia-based BPH company Media Land along with its network.
New Framework for Autonomous AI Risks
The CSA has unveiled a new risk assessment framework, the Capabilities-Based Risk Assessment (CBRA), designed specifically for assessing risks from autonomous AI systems. As conventional models may fall short, the CBRA evaluates AI systems across four dimensions:
- System criticality
- AI autonomy
- Access permissions
- Impact radius
This comprehensive approach allows organizations to quantify potential risks and align investment in governance accordingly. According to Pete Chronis, Co-Chair of the CSA AI Safety Initiative CISO Council, this framework helps enterprises manage their exposure to high-impact AI systems while promoting safe innovation.
Integrated with the CSA’s AI Controls Matrix (AICM), the CBRA enables organizations to apply security measures proportional to the identified risks, thus safeguarding vital AI infrastructures.
Updates from the Center for Internet Security
The CIS has released a new set of configuration benchmarks aimed at improving the security of various software products, including updates for Windows Server 2025 and multiple Linux distributions. New benchmarks cover:
- Red Hat Enterprise Linux 10
- Rocky Linux 10
- AlmaLinux OS 10
- IBM z/OS with RACF
- FortiGate 7.4.x
- Apple iOS/iPadOS 18 for Intune
In addition to the new benchmarks, CIS has introduced Build Kits that automate the configuration process for several platforms, enhancing security readiness across various operating systems and applications.
Cybersecurity Risks in Drone Detection Tools
As organizations invest in drone-detection systems to thwart malicious drone activities, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns about the cyber vulnerabilities associated with these detection tools. In a recent guide, CISA warns that flaws can compromise the integrity of detection data, potentially allowing adversaries to exploit these systems.
Common vulnerabilities identified include:
- Insecure data collection and transfer
- Malicious software within firmware updates
- Weaknesses in connected devices
CISA’s guide urges critical infrastructure organizations to rigorously evaluate vendors on the security of their systems to prevent potential exploitation.
Malware Infections Surge
In a troubling trend, malware reports have surged by 38% from Q2 to Q3 2025, according to the CIS Multi-State Information Sharing and Analysis Center (MS-ISAC). The most prevalent malware in this period remains SocGholish, notorious for tricking users into downloading harmful software through fake update prompts. Following closely are CoinMiner and Agent Tesla, both of which target user credentials and sensitive data.
The return of older malware variants like Gh0st and the emergence of new threats such as Jinupd, a point-of-sale infostealer, highlight the evolving landscape of cybersecurity threats. The report emphasizes that the primary infection vector for this quarter was categorized as “Multiple,” indicating a complex and multifaceted approach among cybercriminals.
For further details on these malware trends, the CIS blog “Top 10 Malware Q3 2025” provides an in-depth analysis of current threats and countermeasures.
These developments reflect a dynamic and evolving cybersecurity landscape, underscoring the urgent need for effective collaboration and innovative strategies in the fight against cybercrime and threats emanating from emerging technologies.
AI’s 2026 Landscape: Six Key Predictions on Cybersecurity and the Rise of Autonomous Agents
Palo Alto Networks Surges Despite Analysts’ Bearish Calls Amid AI-Driven Security Shift
Factory Disrupts State-Linked Cyberattack Using AI to Hijack Development Platform
CDW Empowers UNC Greensboro to Launch Immersive AI and VR Learning Programs
Chinese State Hackers Deploy AI in Unprecedented 30-Target Cyberattack, Warn Experts
