Cybersecurity Landscape

NIST’s post-quantum cryptography standards are finalized, and the migration timeline is no longer theoretical — it’s operational.

CISA’s Secure by Design initiative is moving from voluntary pledges to measurable industry impact, and software vendors are starting to feel the pressure.

The EU’s latest push to scan encrypted messages reignites the fundamental debate about whether governments can mandate backdoors without destroying security for everyone.

A chain of vulnerabilities in CUPS, the Linux printing system, enables remote code execution — and highlights how forgotten infrastructure becomes a security liability.

NIST has published its first three finalized post-quantum cryptography standards. Here’s what developers need to know and do.

A faulty CrowdStrike Falcon sensor update has caused one of the largest IT outages in history, bricking millions of Windows machines worldwide.

CVE-2024-6387 reveals a critical remote code execution flaw in OpenSSH, and it’s a regression from a fix made back in 2006.

Microsoft pulls Windows Recall from the upcoming Copilot+ PC launch after security researchers demonstrate alarming vulnerabilities in the feature’s data storage.

RSA Conference 2024 kicks off in San Francisco with AI dominating every conversation. But beneath the marketing buzz, there are real security challenges emerging that practitioners need to face.

Researchers disclose the Terrapin attack against SSH, demonstrating that even our most trusted protocols can harbor subtle cryptographic weaknesses.

Google enables passkey sign-in for all Google Accounts, marking the most significant push yet toward a passwordless future built on FIDO2 and WebAuthn.

The Biden administration’s new cybersecurity strategy shifts liability toward software vendors, and developers need to pay attention.