As Vulncon was coming to a close, I sat down with Chris Gibson, the CEO of FIRST, to talk about the state of vulnerability research, Anthropic's and OpenAI's new "cyber" models and the relief of seeing ENISA & CISA team up in the CVE program.
www.infosecurity-magazine.com/interviews/f...
INTERVIEW - Walt Powell, Lead Field CISO at CDW, explains what one skill modern CISOs should prioritize: mastering risk quantification to secure the board buy-in and and budget needs.
www.infosecurity-magazine.com/interviews/c...
Faced with an explosion of vulnerability reporting, NIST's NVD is taking a new risk-based approach to enriching CVEs.
This implies bold moves, including the NVD dropping enrichment for all vulnerabilities reported before March 1, 2026.
www.infosecurity-magazine.com/news/nvd-enr...
NEW - ENISA is strengthening its ties with US-funded @cveprogram.bsky.social.
The European agency is being onboarded by CISA to become a Top-Level Root CVE Numbering Authority (TL-Root CNA).
www.infosecurity-magazine.com/news/enisa-e...
NEW - AI companies like OpenAI and Anthropic should play a bigger role in software vulnerability disclosures and the CVE program in the future, according to CISA. @firstdotorg.bsky.social #VulnCon26
www.infosecurity-magazine.com/news/ai-comp...
Alors que l'appli Telegram est bloquée à 95% en Russie, d’après l'@ooni.org, et dans plusieurs villes irakiennes, @proton.me a noté une explosion d’inscriptions à ses services VPN de 1 200% dans le pays du Moyen-Orient, un record.
coupecircuit.substack.com/p/telegram-n...
Three high-profile journalists in Egypt and Lebanon have been targeted by a spear-phishing campaign likely tied to Bitter, a South Asian cyber espionage group also known as T-APT-17 and APT-C-08.
www.infosecurity-magazine.com/news/middle-...
NEW - A large-scale network of internet routers compromised by Russian hacking group APT28 to harvest credentials from victims of intelligence value has been taken down in the US. @thejusticedept.govmirrors.com @threatintel.microsoft.com
www.infosecurity-magazine.com/news/us-thwa...
NEW - Russian hacking group APT28 has been exploiting vulnerable internet routers to redirect traffic through attacker-controlled servers and steal credentials from targeted organizations, @ncsc.gov.uk has warned.
www.infosecurity-magazine.com/news/russia-...
Deux médias pro-Kremlin rapportent que le gouvernement russe s'apprête à durcir les exigences d’exploitation pour les fournisseurs d’accès à internet afin d’éliminer - ou de mieux contrôler - les petits opérateurs locaux.
www.coupecircuit.org/courts-circu...
‘Vibe coding’ is accelerating dev speeds, but it’s also opening new security backdoors 🚀💻
I spoke with experts from @aikidosecurity.bsky.social, Neural Trust and more for Infosecurity Magazine to break down how CISOs can secure AI-assisted engineering.
www.infosecurity-magazine.com/news-feature...
L'année 2025 a encore explosé les compteurs de coupures internet, avec 313 incidents de la sorte dans 52 pays, indique le nouveau rapport d'@accessnow.org et la coalition #KeepItOn.
Ils dépassent tristement les précédents records de 2024 (304) de 2023 (289).
www.coupecircuit.org/2025-nouvell...
🚨 A critical vulnerability in Citrix's NetScaler Application Delivery Controller (ADC) and NetScaler Gateway is being exploited in the wild, security researchers from watchTowr and Defused have confirmed.
www.infosecurity-magazine.com
VulnWatch Friday: CVE-2026-32628 🔓
Aviral Srivastava has discovered a high-severity vulnerability in Mintplex Labs' AnythingLLM, an application that turns pieces of content into context that any LLM can use as references during chatting.
🔧 Fix: github.com/Mintplex-Lab...
The UK government has sanctioned Chinese-based company Xinbi, described as one of the largest illicit online cryptocurrency marketplaces as well a associated entities and individuals accused of links with scam compounds in Southeast Asia.
www.infosecurity-magazine.com/news/uk-sanc...
This article by @masnick.com is on target.
As another pre-www tech person, AI coding is inspiring me to make all kinds of things.
www.techdirt.com/2026/03/25/a...
𝐍𝐄𝐖 - Vibe coding tools are flooding software with new vulnerabilities, @georgiatechai.bsky.social researchers have warned.
I spoke to Hanqing Zhao, founder of the Vibe Security Radar, about the future of AI coding tool-induced vulnerabilities.
www.infosecurity-magazine.com/news/ai-gene...
𝐍𝐄𝐖 - OpenAI has launched a new Safety Bug Bounty program to encourage disclosures of issues in its products that pose “meaningful abuse and safety risks, even if they don’t meet the criteria for a security vulnerability.” @bugcrowd.com
www.infosecurity-magazine.com/news/openai-...
The US Federal Communications Commission bans foreign-made internet routers over national security concerns.
The ban means that all such routers made in foreign countries, not just a few select Chinese vendors, are now placed on the FCC’s covered list.
www.infosecurity-magazine.com/news/us-fcc-...
At @rsaconference.bsky.social, the head of the @ncsc.gov.uk urged the cybersecurity industry to develop vibe coding safeguards.
www.infosecurity-magazine.com/news/rsac-uk...
🔎 GitHub advisory: github.com/openclaw/ope...
🐞 VulnCheck advisory: www.vulncheck.com/advisories/o...
💾 View JSON: cveawg.mitre.org/api/cve/CVE-...
VulnWatch Monday: CVE-2026-22172 🔓
🦞 Yekai Chen (aka LUOYEcode) has detected a critical vulnerability affecting @openclaw-x.bsky.social versions prior to 2026.3.12.
🔧 Fix in OpenClaw 2026.3.12.
𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐙𝐞𝐫𝐨-𝐂𝐥𝐢𝐜𝐤 𝐅𝐥𝐚𝐰 𝐢𝐧 𝐧𝟖𝐧 𝐀𝐥𝐥𝐨𝐰𝐬 𝐅𝐮𝐥𝐥 𝐒𝐞𝐫𝐯𝐞𝐫 𝐂𝐨𝐦𝐩𝐫𝐨𝐦𝐢𝐬𝐞
Researchers at Pillar Security have found two new critical vulnerabilities in self-hosted and cloud n8n deployments, including CVE-2026-27493 ⤵️
www.infosecurity-magazine.com/news/critica...
𝐖𝐡𝐚𝐭 𝐂𝐈𝐒𝐎𝐬 𝐒𝐡𝐨𝐮𝐥𝐝 𝐊𝐧𝐨𝐰 (𝐀𝐧𝐝 𝐃𝐨) 𝐀𝐛𝐨𝐮𝐭 𝐎𝐩𝐞𝐧𝐂𝐥𝐚𝐰
OpenClaw has exploded onto the scene and govts are already slamming on the brakes. I spoke to experts to explore what CISOs should do to contain its vulnerabilities.
www.infosecurity-magazine.com/news-feature...
Listen to the podcast on:
🟢 Spotify: open.spotify.com/episode/1ZtD...
🍎 Apple Podcast: podcasts.apple.com/gb/podcast/e...
🟠 SoundCloud: soundcloud.com/user-4601624...
📻 Any other platform: feeds.soundcloud.com/users/soundc...
𝐄𝐱𝐜𝐥𝐮𝐬𝐢𝐯𝐞 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐰𝐢𝐭𝐡 𝐎𝐩𝐞𝐧𝐂𝐥𝐚𝐰'𝐬 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐝𝐯𝐢𝐬𝐨𝐫
@openclaw-x.bsky.social'sweak spots have not gone unnoticed and Jamiseon O'Reilly was among the first to call them out. Now, he’s been appointed its security representative.
🎧 www.infosecurity-magazine.com/podcasts/exc...
In a soon-to-be released interview, Jamieson O'Reilly, OpenClaw’s security advisor, warned that we need to develop more ways to “scan AI tools” for detecting “human-language malware.”
With the Promptfoo acquisition, OpenAI now wants to do just that.
www.infosecurity-magazine.com/news/openai-...
VulnWatch Monday: CVE-2026-27944 🔓
A critical vulnerability in Nginx UI allows unauthenticated attackers to download and decrypt full system backups. It affects all versions before 2.3.2.
VulnWatch Monday: CVE-2025-71210 🔓
Trend Micro has issued patches addressing several vulnerabilities in Apex One, with severity levels ranging from high to critical.
Some of the issues impact the management console and could potentially allow RCE.
success.trendmicro.com/en-US/soluti...
