Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOW
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. * Mozilla Firefox is a web browser used to access the Internet. * Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. * Mozilla Thunderbird is an email …
Continue reading Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOWTue, 21 Apr 2026 19:13:16 +0000
NIST Releases Draft SP 800-133 Revision 3 for Comment
Recommendation for Cryptographic Key Generation | NIST Releases Draft SP 800-133 Revision 3 for Comment The initial public draft (ipd) of NIST Special Publication (SP) 800-133r3 (Revision 3), Recommendation for Cryptographic Key Generation, is available for public comment. This document describes the generation of keys to be managed and used by approved cryptographic algorithms. Proposed …
Continue reading NIST Releases Draft SP 800-133 Revision 3 for CommentTue, 21 Apr 2026 17:43:52 +0000
Registration Open | Security Copilot Skilling Series
Security Copilot Skilling Series | Getting started with Security Copilot Thursday April 23, 2026 | 8:00AM (PST, Redmond Time) Description: New to Security Copilot? This session walks through what you actually need to get started, including E5 inclusion requirements and a practical overview of the core experiences and agents you will use on day one. …
Continue reading Registration Open | Security Copilot Skilling SeriesTue, 21 Apr 2026 17:42:59 +0000
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updated Foundational Activities for IoT Product Manufacturers
NIST has updated its guidelines for manufacturers developing IoT products to better incorporate cybersecurity activities into the development process. Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing …
Continue reading Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updated Foundational Activities for IoT Product ManufacturersTue, 21 Apr 2026 17:41:32 +0000
NIST Live Document on Secure Software Development Practices
The NIST National Cybersecurity Center of Excellence (NCCoE) is seeking your feedback on a newly released live document that demonstrates how organizations can implement the security practices and tasks recommended in the NIST Secure Software Development Framework (SSDF) using modern DevSecOps pipelines and commercially available technology. The live document is open for public comment through …
Continue reading NIST Live Document on Secure Software Development PracticesTue, 21 Apr 2026 17:40:43 +0000
Supply Chain Compromise Impacts Axios Node Package Manager
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments. On March 31, two npm packages for versions axios[@]1.14.1 and axios[@]0.30.4 …
Continue reading Supply Chain Compromise Impacts Axios Node Package ManagerTue, 21 Apr 2026 17:39:44 +0000
NIST NCCoE Cyber AI Profile Virtual Working Sessions
As a follow-up to our January workshop and in-depth comments from the community, the NIST NCCoE is planning a series of virtual working sessions as targeted discussions to further refine the NIST Cybersecurity Framework (CSF) Cyber Artificial Intelligence (AI) Profile (“Cyber AI Profile”). We encourage you to register for each of the session topics you’re …
Continue reading NIST NCCoE Cyber AI Profile Virtual Working SessionsTue, 21 Apr 2026 17:38:44 +0000
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOW
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create …
Continue reading Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOWFri, 10 Apr 2026 21:06:25 +0000
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), Department of Energy (DOE), and United States Cyber Command – Cyber National Mission Force (CNMF), hereafter referred to as the authoring agencies, have released a Joint Cybersecurity Advisory urgently warning US organizations of ongoing cyber …
Continue reading Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical InfrastructureFri, 10 Apr 2026 21:04:52 +0000
Keeping Children Safe Online
Early exposure to technology isn’t just possible; it’s inevitable. The inclusion of technology in classrooms and social pressures from peers create a boiling pot of potential, both good and bad. Conversations about internet safety should happen early and often, and both children and parents should maintain an open dialogue to promote safe internet use. Different …
Continue reading Keeping Children Safe OnlineThu, 26 Feb 2026 18:23:16 +0000