A Veracode study of over 100 large language models (LLMs) across 80 coding tasks found only about 55% of AI‑generated code passed security scans — even though over 90% now compile without error. Java was especially problematic, with a vulnerability rate above 45%, while developers also encountered frequent issues like …
Continue Reading
Microsoft and CrowdStrike have launched a joint initiative to harmonize the naming of cyber threat groups, aiming to reduce confusion caused by differing labels across security vendors. By publishing a mapping of over 80 threat actor aliases, such as aligning Microsoft's "Canary Typhoon" with CrowdStrike's "Circuit Panda," they seek to …
Continue Reading
I wrote four articles this week. The Charming Kitten-related cyber-espionage group, linked to Iran's Mint Sandstorm APT, is reportedly posing as legitimate journalists and researchers to gather intelligence on the Israel-Hamas war, showcasing a sophisticated method of targeting educators and researchers. I also covered the rise in cyberattacks, which is …
Continue Reading
I just had a couple of article publish this week. The interest in passkeys seems high, so I explored what developers need to be doing to implement passkeys. In addition to that, I covered the likely impact of the settlement of Merck's cyber insurance providers with the pharmaceutical company.
I'm taking the week off, but a couple of my articles written last week ended up publishing during the break. The chasm between what businesses are willing to pay cybersecurity-skilled workers (and their expectations of what skills a worker has) continues to crash into what workers think they are worth …
Continue Reading