Realize the value of AI with Microsoft 365
AI moves quickly, and IT leaders are looking for ways to keep pace. As you go from experimentation to adoption, expand your AI capabilities while prioritizing security and governance. In the e-book, Powering Frontier Transformation with Intelligence and Trust, you’ll explore how to bring AI, agents, and enterprise-grade security into everyday work. Get the e-book …
Continue reading Realize the value of AI with Microsoft 365Wed, 13 May 2026 14:54:47 +0000
Interesting Read: Copy Fail: 732 Bytes to Root on Every Major Linux Distribution
Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE. Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel’s authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page …
Continue reading Interesting Read: Copy Fail: 732 Bytes to Root on Every Major Linux DistributionFri, 01 May 2026 15:21:13 +0000
Careful Adoption of Agentic Artificial Intelligence Services
The Cybersecurity and Infrastructure Security Agency (CISA) along with Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), National Security Agency (NSA), Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre (NCSC-NZ), and United Kingdom National Cyber Security Centre (NCSC-UK) released this Joint Guidance which discusses key cybersecurity challenges and risks associated with the …
Continue reading Careful Adoption of Agentic Artificial Intelligence ServicesFri, 01 May 2026 15:13:42 +0000
These As-A-Service Models Are Getting Out of Hand
Image Source: Checkpoint There has been a massive increase in the availability, variety, and adoption of Cybercrime-as-a-Service (CaaS) tools. These services offer potential bad actors a low-cost, low-barrier entry into cybercrime by providing rentable, user-friendly tools and infrastructure for launching cyberattacks. Customer support is often included, allowing affiliates (cybercriminals) who rent these services to reach …
Continue reading These As-A-Service Models Are Getting Out of HandThu, 30 Apr 2026 18:01:12 +0000
Join NIST to Develop the Data Governance and Management Profile!
NIST is pleased to host a virtual Working Session 2 on Thursday, May 14, 2026, at 1:00 PM Eastern / 10:00 AM Pacific to shape the NIST Data Governance and Management (DGM) Profile. NIST invites the public to a collaborative engagement to further shape the development of the Profile, a tool under development to support …
Continue reading Join NIST to Develop the Data Governance and Management Profile!Thu, 30 Apr 2026 17:58:30 +0000
Good News – Starting in mid-April 2026, customers running Windows Server 2022 and Windows Server 2019 will have the ability to opt-in to the Windows Server 2025 feature update from the Settings Dialog.
This capability allows customers who want to in-place upgrade their servers to Windows Server 2025 to upgrade using the Windows Update service, and without the need for Windows Server 2025 physical media. On the Windows Server team, we aim for 100% application compatibility, and we are confident that most applications and services will continue to …
Continue reading Good News – Starting in mid-April 2026, customers running Windows Server 2022 and Windows Server 2019 will have the ability to opt-in to the Windows Server 2025 feature update from the Settings Dialog.Wed, 29 Apr 2026 21:17:14 +0000
NICE Releases NICE Framework Components v2.2.0
NICE is pleased to announce the release of NICE Framework Components v2.2.0. The NICE Workforce Framework for Cybersecurity (NICE Framework) establishes a standard approach and common language for describing cybersecurity work and individual capabilities. NICE Framework Components include Work Role Categories, Work Roles, Competency Areas, and Task, Knowledge, and Skill (TKS) statements as well as …
Continue reading NICE Releases NICE Framework Components v2.2.0Tue, 28 Apr 2026 19:02:16 +0000
NIST Understanding Verifiable Digital Credential Issuance
In our last post in this series, we compared two credential formats that shape the digital identity ecosystem: ISO/IEC 18013-5 and -7 mobile documents (mdocs) and W3C Verifiable Credentials (VCs). Both formats define how a credential is structured and shared, but neither can function without an issuance process. This blog post explores what it takes to …
Continue reading NIST Understanding Verifiable Digital Credential IssuanceTue, 28 Apr 2026 19:00:25 +0000
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOW
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create …
Continue reading Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOWTue, 28 Apr 2026 18:59:19 +0000
A Vulnerability in OpenSSH Could Allow for Authentication Bypass – PATCH NOW
A vulnerability has been discovered in OpenSSH which could allow for authentication bypass. OpenSSH (Open Secdure Shell) is an open-source suite of secure networking utilities based on the SSH protocol. It provides encrypted communication sessions over unsecured networks in a client-server architecture, primarily used for remote login and secure file transfers. Successful exploitation of the vulnerability could …
Continue reading A Vulnerability in OpenSSH Could Allow for Authentication Bypass – PATCH NOWTue, 28 Apr 2026 18:58:18 +0000