The Cybersecurity and Infrastructure Security Agency (CISA) invites feedback on its new guidance addressing “Product Security Bad Practices.” This guidance identifies security practices in product design and deployment that increase vulnerability to cyber threats. By highlighting and mitigating these bad practices, CISA aims to strengthen security standards across products and systems. Researchers, industry experts, and government stakeholders are encouraged to review the document and contribute comments to shape effective, secure product development practices.

The newly released 2025 RSA ID IQ Research Report provides in-depth insights into identity security trends, challenges, and innovations shaping the cybersecurity landscape. This comprehensive report explores how organizations can strengthen their identity and access management strategies to counter evolving threats. For researchers and cybersecurity professionals, the findings offer valuable data on the latest best practices, risk mitigation techniques, and technology advancements in identity security. Access the full report to stay informed on key developments impacting the field.

A recent incident involving pager system vulnerabilities highlights critical lessons for modern supply chain security. Hackers exploited an outdated pager network used by hospital staff, exposing sensitive information and underscoring the importance of updating legacy technology. This breach reveals potential risks when outdated systems are integrated into critical supply chains, emphasizing the need for continuous monitoring and timely modernization.

At the recent Singapore International Cyber Week, cybersecurity experts stressed the urgency of addressing the unique security challenges posed by the rapid adoption of artificial intelligence (AI). Discussions highlighted the potential risks of data poisoning, adversarial attacks, and model integrity issues, emphasizing the need for a multi-layered, cooperative approach to safeguard AI systems.

In a promising development for cybersecurity testing, a Central Michigan University undergraduate is pioneering the use of artificial intelligence to simplify testing processes for software vulnerabilities. This innovative approach focuses on applying machine learning to automate and expedite vulnerability testing, potentially enhancing efficiency in cybersecurity workflows. The project highlights how AI can be leveraged to tackle complex cybersecurity challenges and underscores the importance of fostering new talent in the field.

Vijay Varadharajan, Uday Tupakula, and Kallol Krishna Karmakar's recent publication, Techniques for Enhancing Security in Industrial Control Systems (ACM Trans. Cyber-Phys. Syst., 2024), explores the challenges and solutions for securing Industrial Control Systems (ICS), which are increasingly connected to the Internet for greater efficiency. The paper introduces a software-enabled security architecture that leverages Software Defined Networking (SDN) and Network Function Virtualisation (NFV) to enhance real-time situational awareness and dynamic decision-making.

Saloni Kwatra, a doctoral student at Umea University, has identified flaws in the technology known as "federated learning" or "collaborative learning" and developed new algorithms to bolster user security. When visiting a doctor, information such as medication prescriptions, X-rays, and genetic tests are recorded to help the physician. In these cases, federated learning reduces the risk of exposing sensitive data as the technology enables multiple devices to work together without sharing actual data with each other.