The exponential growth of sophisticated cyber threats in Internet of Things (IoT) environments has exposed fundamental weaknesses in existing Cyber Threat Intelligence (CTI) platforms, including centralized architectures, trust deficits, privacy vulnerabilities, and single points of failure. To overcome these limitations, this paper proposes BlockIntelChain, a blockchain-based framework for secure, scalable, and collaborative CTI sharing across distributed IoT networks. The system integrates a hybrid consensus mechanism that combines Proof-of-Stake with reputation-based validator selection, supported by a multi-layered privacy framework employing Differential Privacy (DP), Zero-Knowledge Proofs (ZKP), Homomorphic Encryption, and Secure Multi-Party Computation. BlockIntelChain further embeds Federated Learning (FL) to enable distributed model training directly on IoT edge nodes without exposing raw threat telemetry. Comprehensive evaluations on real-world Malware Information Sharing Platform (MISP) datasets show that BlockIntelChain achieves 923 Transactions per Second at 500 nodes with 99.6% consensus success, while maintaining resilience against 51% and Byzantine attacks tolerating up to 33% malicious validators. Privacy analysis confirms an optimized utility-privacy trade-off, with DP (ε = 0.1) preserving 92% data utility and ZKP achieving 94% verification accuracy. The FL-based models outperform centralized baselines, reaching 96.4% accuracy for IoT malware classification, 94.7% for phishing detection, and 95.2% for network anomaly identification. Economic modeling validates sustainability through contributor growth (156 → 1,245 in 12months) and improved contribution quality (0.73 → 0.92). The proposed framework directly benefits Security Operation Centers and edge-deployed IoT systems by enabling real-time threat intelligence exchange with strong security, privacy, and efficiency. Comparative benchmarking demonstrates BlockIntelChain's superiority over MISP, ThreatConnect, and IBM X-Force in decentralization, privacy, and cost efficiency, positioning it as a transformative solution for next-generation privacy-aware CTI ecosystems.

Supply Chain Management in the logistics sector involves coordinating processes, resources, and information to ensure the smooth flow of goods and services from suppliers to end customers. However, smart logistics networks are increasingly exposed to cyber threats such as data breaches, ransomware, and unauthorized access to IoT devices, which can disrupt operations and compromise sensitive data. In this study, the BoT-IoT dataset from the Kaggle platform is used. Data preprocessing is performed using Z-score normalization to standardize the data. Principal Component Analysis (PCA) is applied to reduce dimensionality, while Recursive Feature Elimination (RFE) is used to select the most relevant features. For classification, a novel Optimized Grey Recurrence Neuro Net Classifier is developed, which combines the global search capability of the Grey Wolf Optimizer (GWO) with Recurrent Neural Networks (RNNs) to improve detection performance. The model is implemented using Python tools and libraries. Experimental results show that the proposed method outperforms existing approaches, achieving 99.99% accuracy, 99.99% precision, 100% recall, and a 99.99% F1 score, demonstrating its high effectiveness and efficiency.

As artificial intelligence (AI) becomes increasingly embedded in cybersecurity operations, the need for structured, compliant, and scalable integration frameworks is more urgent than ever. This paper explores how AI can be operationalized within cyber threat intelligence (CTI) systems, through a qualitative case study in the energy sector, using the DYNAMO framework as a case study. Originally developed to enhance resilience in critical infrastructure sectors, DYNAMO combines business continuity management (BCM) and CTI to support situational awareness and proactive risk mitigation. Although the framework has been applied in the energy sector in this study, its principles apply to other domains that face complex cyber threats. The study investigates how AI—particularly machine learning—can improve CTI sharing by enabling real-time threat detection, pattern recognition, and adaptive response. Drawing on recent academic and industry literature, we analyze the benefits and limitations of AI-enhanced CTI, including improved detection accuracy and faster response times. However, challenges such as adversarial attacks, model poisoning, and the need for high-quality training data are also addressed. We further examine the governance implications of integrating AI into CTI platforms, especially in light of the EU Cyber Resilience Act (CRA). The paper highlights the importance of aligning AI deployment with regulatory requirements, such as 24-hour incident reporting, post-market monitoring, and data sovereignty. The ECHO Early Warning System (E-EWS), a collaborative platform developed under the EU Horizon 2020 program, is presented as a practical example of cross-sectoral CTI sharing that incorporates AI capabilities. Our findings suggest that AI can significantly enhance cyber resilience when embedded within a governance-aware framework like DYNAMO. We recommend a phased implementation strategy that includes stakeholder training, regulatory alignment, and continuous monitoring. The paper concludes by emphasizing the need for interdisciplinary collaboration between AI developers, cybersecurity professionals, and policymakers to ensure responsible and effective AI integration in CTI systems.

As artificial intelligence reshapes the cybersecurity landscape, the demand for a trustworthy, real-time intelligence platform to track security incidents has become mission-critical. This paper proposes AGS-INTEL, an AI-driven platform designed to revolutionize data breach intelligence by providing a credible, real-time repository that consolidates, verifies, and contextualizes global security incidents. Unlike traditional databases, AGS-INTEL employs a validated scoring algorithm and enriched metadata to capture breach dimensions (legal, technical, sectoral, geopolitical), drawing from GDPR/HIPAA disclosures, threat intelligence, dark web forums, and academic reports, among other sources. Utilizing NLP and agentic AI, it extracts structured metadata from unstructured narratives while integrating ethical data scraping, regulatory compliance, and cross-jurisdictional filtering to ensure high fidelity. A visual analytics dashboard empowers stakeholders, including regulators, policymakers, cybersecurity professionals, and journalists, to analyze breach trends by industry, geography, and threat modality, enhancing transparency and risk governance. By delivering authenticated, actionable data, AGS-INTEL addresses critical gaps in existing tools, setting a new standard for ethical AI in breach intelligence and strengthening societal resilience against escalating cyber threats.

Enhanced SqueezeNet model for detecting IoT-Bot attacks: A comprehensive approach.

Can LLM-generated misinformation be detected: A study on Cyber Threat Intelligence

Federated deep learning for secure and energy-efficient cyber threat mitigation in smart grid automation

This paper examines whether specific leadership competencies are relevant in a cyber crisis and what it takes to manage one effectively. Our increasing dependence on technology exposes us to risks and makes us more vulnerable to digital crises. Cyberattacks are more common and can affect even well-prepared companies. Leadership during a crisis can influence an organisation’s success or failure, no matter how primed and savvy its people are. The author compares crisis management to crisis leadership and emphasises the shift in crisis management responsibility from an operational response to prevention and the ability to steer through uncertainty. This change requires crisis-specific leadership skills and a broader recognition of organisational risk. The author highlights research by Wooten and James,1 which notes leadership competencies applicable to different phases of a crisis. Not all leaders can demonstrate all these attributes in every crisis and are often ill prepared when a crisis hits; however, leaders can learn, develop and practise the competencies needed to survive and triumph over a crisis. Tools that can help develop these skills include stakeholder mapping and a protocol that evaluates and trains leaders in hard (knowledge-based) and soft (behaviour-based) skills. The author refers to the Salviotti et al.2 (2023) study, which analysed the Norsk Hydro ransomware case, noting that leadership competencies identified in traditional crisis management also apply in a cyber crisis. Given the certainty of a cyber threat, the author recommends a stronger emphasis on developing crisis leadership competencies. Training should complement other activities and programmes to prepare employees to handle crises adeptly.

The article examines the security of microservice architectures in the context of common vulnerabilities that arise in distributed systems. The authors analyze the essence of the microservice approach, which, despite its advantages in scalability and flexibility, introduces new challenges in the field of cybersecurity. The main focus is on issues of access management, network configuration, and data protection during transmission between services, which can create additional attack vectors. Empirical studies in recent years indicate that about one-fifth of Kubernetes manifests contain at least one critical configuration error, while over 90% of container images have known vulnerabilities, significantly expanding the attack surface. The article provides a systematic review of scientific research, detailing the advantages and disadvantages of microservice systems, and identifies key recommendations for ensuring security. Special attention is given to modern vulnerability detection technologies, including static and dynamic analysis methods, as well as approaches to monitoring containerized environments. The authors also examine threat analysis methodologies, including traditional approaches and modern models for simulating potential attacks, which help identify system weaknesses and assess risks. The results of the study highlight the need for a comprehensive security approach that integrates effective authentication mechanisms, careful network configuration review, and continuous monitoring using advanced threat analysis technologies. Thus, the article outlines the current state of security issues in microservice architectures, summarizes the obtained findings, and formulates recommendations for further research and the enhancement of protection measures in the face of growing cyber threats. Keywords: Microservice architecture, cybersecurity, vulnerabilities, threat analysis, monitoring, containerization, authentication/authorization.

This study aims to analyse risk management in hospital medical records information systems using the ISO 31000:2018 framework. Electronic medical records play a critical role in storing and managing sensitive patient data, requiring a structured risk management approach to identify, evaluate, and control potential threats. The research method used was a descriptive qualitative approach, using observation and interviews with information technology staff and medical records managers. The results revealed 11 key risks, divided into three categories: high, medium, and low. High risks were primarily related to the lack of system protection against cyber threats. This study concluded that implementing ISO 31000:2018 can help hospitals develop more effective risk mitigation strategies, thereby supporting the security, integrity, and availability of patient data.

Sharing of Cyber Threat Intelligence (CTI) has turned out to be an indispensable pillar of the modern cybersecurity landscape, it is enabling organizations to defend against the evolving threats. In this white paper, we will discuss the strategies to optimize the sharing of threat intelligence across multiple security platforms in the enterprise and community context. We will observe the current standards and practices, like Structured Threat Information eXpression (STIX) and trusted Automated Exchange of Indicator Information (TAXII) protocols, and also examine the role of these standards in integrating the Threat Intelligence Platforms (TIPs) with Security Information and Event Management (SIEM) systems. We will observe the impact of threat intelligence exchange through real-world case studies and how the cybersecurity attacks are mitigated, along with the challenges that are encountered (e.g., technical integration gaps, data overload, trust and privacy issues). We will also discuss the limitations in the current approaches, which include the inconsistent adoption of the standards, there is a prevalence of indicators with low context, and siloed systems that impede the information flow. The landscape of the emerging solutions, the future directions will be explored, machine learning prioritized to reduce the false positives, a decentralized sharing architecture by leveraging blockchain and federated learning for privacy, and also trust frameworks to incentivize collaboration. Through addressing the present challenges and leveraging the advanced technologies, organizations will be able to create a unified and effective threat intelligence sharing ecosystem that will strengthen the collective cyber defense.

The rapid digitalization of commerce in Indonesia has positioned Tokopedia as a central marketplace that facilitates large-scale transactions while managing vast amounts of sensitive user data. This reliance on digital infrastructures, however, exposes the platform to escalating cyber threats that jeopardize both operational continuity and consumer trust. This study evaluates Tokopedia’s cybersecurity strategies by applying the Risk Assessment Framework derived from ISO 27001 and ISO 31000. Using a qualitative descriptive design, the research draws exclusively on secondary sources such as peer-reviewed journals, industry reports, and case studies published between 2015 and 2025. The analysis identifies five dominant risks: large-scale data breaches, phishing and identity theft, ransomware attacks, insider threats, and system misconfigurations. Risk assessment results indicate that data breaches pose the most critical threat, with phishing and ransomware classified as medium but persistent risks. Tokopedia has implemented several protective measures, including encryption, multi-factor authentication, e-KYC verification, and privacy policies. Nevertheless, gaps remain in governance, routine audits, and employee awareness, leaving the platform vulnerable to recurring incidents. A comparative analysis with global platforms highlights the importance of proactive governance, systematic risk documentation, and continuous training, areas where Tokopedia is still underdeveloped. The findings underscore that cybersecurity should be recognized not merely as a technical safeguard or financial burden but as a strategic investment essential for resilience, consumer confidence, and sustainable growth in Indonesia’s competitive digital economy.

The dark web is a hidden part of the internet that allows users to communicate securely and anonymously, often using applications such as Tor. This paper specifically addresses the use of Elliptic Curve Cryptography (ECC) for enhanced security within a dark web context, where, although traditional cryptographic algorithms, such as RSA, possess unassailable cryptographic value, they are often computationally inefficient for non-standard computing environments, and do not scale well. We compare ECC and RSA performance in terms of key generation time, encryption/decryption time, and memory usage, and find that ECC outperforms RSA across all metrics in challenging, limitedresource networks. In our testing, we simulate the real-world operational environment of anonymizing networks by using test messages and message flow logs that are anonymized. We demonstrate the relative improvements in computational time and memory usage of ECC over RSA while maintaining equivalent cryptographic strength. Using these results, we create an integrated multi-layered security construct, which uses ECC, evaluates and classifies threat information using machine learning methods to detect anomalies in near real-time, and constructs a blockchain model to allow decentralized audit trail tracking, resulting in a substantially enhanced security and privacy solution to address the unique requirements of anonymous communication in a dark web environment. This study helps to address the lack of empirical evaluations of ECC in dark web contexts, presenting a practical roadmap for implementing innovative cryptographic and analysis protocols for digital anonymity. Various outcomes support the efficacy of pairing lightweight encryption with intelligent behavioural analytics to counter evolving cyber threats. The framework provides a scalable, flexible, and consistently relevant option for countering a rapidly changing threat while enabling future work on post-quantum cryptography.

The rapid digital transformation of global taxation systems has significantly enhanced administrative efficiency, taxpayer convenience, and real-time revenue monitoring. However, this increasing reliance on digital platforms has concurrently exposed taxpayer information to heightened cybersecurity risks. Tax authorities worldwide now confront sophisticated cyber threats such as phishing, ransomware, identity theft, and large-scale data breaches that exploit vulnerabilities in e-filing systems, digital communication channels, and third-party tax service providers. Such incidents not only compromise the confidentiality and integrity of sensitive taxpayer data but also undermine public trust, national financial security, and compliance levels, particularly in highly digitized economies. This study examines the critical importance of cybersecurity within taxpayer data protection frameworks, focusing on key dimensions including risk assessment, technological safeguards, regulatory compliance frameworks, and incident response capabilities. It also explores emerging innovations—such as Zero-Trust architectures, AI-driven threat detection, blockchain-based audit trails, and advanced encryption standards—that are reshaping the security posture of tax administrations. Moreover, the research highlights the role of stakeholder collaboration and taxpayer awareness in mitigating human-centric vulnerabilities, often regarded as the weakest link in cybersecurity ecosystems.

The key infrastructure systems found throughout the U.S.—energy, transportation, healthcare, and water systems—are becoming ever more dependent on connected virtual online networks, thus increasing their vulnerability to both more ubiquitous and sophisticated cyber threats. Traditional security measures are unable to adapt to the volume, velocity, and variety of data generated by today’s cyber-attacks. This paper offers a Big Data-Driven Cyber Threat Intelligence Framework (BD-CTIF) that simultaneously takes advantage of real-time networking and IoT data-sharing, distributed analytics, and AI-based anomaly detection at the speed of business to provide proactive threat intelligence for U.S. critical infrastructures. Tests showed low latency, and high accuracy of detection demonstrating the framework's utility for protecting U.S. national critical infrastructure. The proposed BDA methods borrowed from artificial intelligence (AI), machine learning (ML), natural language processing (NLP), and then employ deep knowledge to cite massive data sets for anomalies and respond to potential threats with high accuracy. This paper reviews the interrelationship of machine learning, artificial intelligence, and biological warfare with fresh insights into how those converge in relationship to cyber security for critical infrastructures. A review of the advantages, challenges, and options for operational use are considered in the discussion. Ultimately, this work demonstrates unrealized potential for any of the areas of artificial intelligence (AI).

The article explores a hybrid framework for autonomous penetration testing that integrates Large Language Models (LLMs) with Markov decision processes (MDP/POMDP) and reinforcement learning (RL). Conventional penetration testing is increasingly insufficient for modern, complex cyber threats. LLMs are utilized for high-level strategic planning, generating potential attack paths, while MDP/POMDP models combined with RL execute low-level actions under uncertainty. A feedback loop allows outcomes to refine strategies in dynamic and partially observable environments. A conceptual hybrid architecture has been proposed, accompanied by a workflow diagram and an illustrative table showing potential decision outcomes. This paradigm enhances automation, adaptability, efficiency, and scalability, providing a pathway toward next-generation AI-driven cybersecurity assessment tools.

The article discusses modern information security technologies in distributed and asymmetric systems, as well as problems arising from their implementation in the context of growing cyber threats. An analysis of cryptographic methods, authentication systems, access control, and intrusion detection has been provided. Particular attention has been paid to the limitations of existing technologies and promising areas for their improvement, in particular the use of machine learning methods, block chain technologies, and the Zero Trust concept. The importance of adaptive cyber defense models for ensuring the resilience of distributed and cyber-physical systems has been emphasized. A software model of a steganography channel using the El Gamal asymmetric algorithm has been implemented

Abstract The world is witnessing a significant rise in cybersecurity incidents driven by increasingly sophisticated threats, rapid growth in digital connectivity, and persistent human vulnerabilities. Although advanced security technologies are being developed and many nations and international organizations continue to establish cybersecurity frameworks, a considerable gap remains between cybersecurity awareness and the actual secure behaviors practiced by users. This paper examines the state of cybersecurity awareness through three interconnected dimensions: human, technical, and policy. The study identifies key human factors - such as susceptibility to social engineering, poor cyber hygiene practices, limited security knowledge, and weak organizational security culture - as major contributors to cybersecurity risks. It further analyzes the technical aspects of cybersecurity, highlighting common attack vectors, shortcomings in digital infrastructure, and the growing need for resilient and adaptive security architectures capable of addressing evolving threat landscapes. At the policy level, the research evaluates national cybersecurity strategies, compliance frameworks, regulatory guidelines, and awareness initiatives that aim to strengthen digital resilience. Keywords: Cybersecurity Awareness, Human Factors, Cyber Hygiene, Social Engineering, Technical Vulnerabilities, Cyber Threats, Security Infrastructure, National Cybersecurity Strategies, Cyber Policies, Cyber Resilience, Data Breaches, Risk Management, Security Training, Cybersecurity Culture, Digital Safety.

Abstract – Smart home technology has grown quickly, and many households now rely on IoT devices such as smart speakers, security cameras, connected lights, and home appliances. While these devices make daily living simpler and more efficient, they also open new doors for cyberattacks. Even a small security weakness—like a weak password or outdated firmware—can allow someone to access personal information or control home devices without permission. Because of this, understanding how secure these devices truly are has become an important topic for both users and developers. This research focuses on examining the security level of popular IoT devices used in smart homes. It looks at common issues including unsecured communication, poor authentication methods, and lack of timely updates. The study also evaluates how easily these devices can be targeted and what types of threats they are most vulnerable to. To support the analysis, information is collected through hands-on testing, user surveys, and review of security guidelines. The findings show that although IoT devices offer great convenience, many of them still do not meet basic security standards, mainly due to user negligence and limited built-in protection. The study concludes that improving device security requires stronger default settings, regular updates, better encryption, and increased awareness among users. By combining secure design with responsible usage, smart homes can become safer and more reliable for everyday life. Keywords:Smart Home Security, IoT Devices, Cyber Threats, Privacy Risks, Device Vulnerabilities, Home Network Protection.

The Industrial Internet of Things has enhanced automation, real-time monitoring, and predictive decision-making in modern industries. The study explores the mixed research methods (qualitative and quantitative). However, the growing connectivity of industrial IoT systems has exposed them to severe cyber threats such as Ransomware, MitM, and DDoS attacks, which can disrupt critical operations and compromise safety. Conventional Intrusion Detection Systems (IDS) often face limitations in achieving high accuracy, rapid detection, and low latency while minimizing false alarms. This study proposes a CNN-Fuzzy Logic hybrid model for real-time intrusion detection and prevention in industrial IoT environments. Convolutional Neural Networks (CNN) are employed to extract deep hierarchical features from industrial IoT traffic, while fuzzy logic is integrated to enhance decision-making under uncertainty and reduce false positives. The model was trained and evaluated using Kaggle cybersecurity datasets containing ransomware, MitM, and DDoS attacks. Performance evaluation demonstrates that the CNN-Fuzzy IDS achieves an accuracy of 92.5%, a detection rate of approximately 93%, a false positive rate (FPR) of 2.51%, a reduced latency with an average of 7.14% total latency (which corresponds to 1.207 µsec average latency) is very acceptable for most industrial IoT applications. These results highlight the effectiveness of hybrid intelligent systems in enhancing the resilience and reliability of industrial IoT cybersecurity. The proposed model provides a promising pathway for deploying scalable, adaptive, and real-time IDS solutions in critical industrial infrastructures. On system computational overhead researchers should employ a minimum practical setup with modern multi-core CPU, 8–16 GB RAM, SSD, stable OS (Windows 10 only if hardware is modern) or run a lightweight Linux on edge plus offload heavy tasks elsewhere. Future research should also focus on optimizing hybrid ML architectures for low performance metrics for deployment of resource-constrained industrial IoT devices, integrating the approach for threat detection, and expanding evaluation to real-world industrial environments.