X-Industry

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code.  That reality is on full display this month, with some of the more widely used software makers, including Apple, Google, Microsoft, Mozilla, and Oracle, fixing near-record volumes of security bugs and/or quickening the tempo of their patch releases.[1]

As it does on the second Tuesday of every mon

The US federal government is rethinking how to support its globally adopted vulnerability tracking ecosystem after years of backlogs, funding scares, and growing doubts about whether the existing model can scale as vulnerability disclosures continue to accelerate.  At the center of that ecosystem, there are two distinct but interdependent components.  The Common Vulnerabilities and Exposures program, operated by Mitre, assigns standardized identifiers to software flaws.  The National Vulnerabili

2025 marked yet another busy year in security, between big attacks, government shakeups, and dangerous flaws that echo of the past.  The moments that defined this year were impactful but felt evenly spread across the year.  Early in 2025, we observed the China-nexus advanced persistent threat (APT) Salt Typhoon continuing its assault against telecom companies as part of its espionage operations.  In the summer and into the fall, we saw the Cybersecurity and Infrastructure Security Agency (CISA)