Executive Summary On December 22, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) published the initial draft of interagency report IR 8597 “Protecting Tokens and Assertions from Forgery, Theft, and Misuse”. This document is subject to public consultation until January 30, 2026, with comments submitted to…
Executive Summary The 2025 CWE Top 25 by MITRE highlights the most prevalent and dangerous software weaknesses, derived from an analysis of 39,080 CVE records published between mid-2024 and mid-2025. These weaknesses – often easy to find and exploit – account for a large share of critical vulnerabilities that enable adversaries to fully compromise systems,…
CISA, FBI, NSA and 23 international partner organizations published on December 9, 2025 a joint advisory detailing the activities of pro-Russia hacktivist groups targeting industrial control systems and critical infrastructure in the United States and globally. This publication follows Operation Eastwood conducted by the European Cybercrime Centre and the joint fact sheet of May 6,…
Total vulnerabilities fixed: Microsoft’s December 2025 Patch Tuesday addresses 57 security flaws. Among these, 3 vulnerabilities are rated Critical (all remote code execution issues), with the remainder classified as Important (none are labeled as Moderate or Low this month). Note that Microsoft Edge updates (15 vulnerabilities) are not included here, as Edge was updated earlier…
