Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.

vulnerability management

Linux
Linux developers weigh emergency “killswitch” for vulnerable kernel functions

Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable …

Firefox
Claude Mythos finds 271 Firefox flaws, Mozilla believes it shifts security toward defenders

The Mozilla Foundation tested Claude Mythos, an Anthropic AI model that has stirred debate in the cybersecurity community. Before granting access to Mythos, Mozilla scanned …

NIST NVD
NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward

NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most …

Art Manion
Fixing vulnerability data quality requires fixing the architecture first

In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The …

Alec Summers
The case for fixing CWE weakness patterns instead of patching one bug at a time

In this Help Net Security interview, Alec Summers, MITRE CVE/CWE Project Lead, discusses how CWE is moving from a background reference into active use in vulnerability …

open source
Open-source security debt grows across commercial software

Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk …

Claude Code Security
Claude Code scans, verifies, and patches code vulnerabilities

Anthropic brings Claude Code Security to Claude Code on the web through a limited research preview. Claude Code Security (Source: Anthropic) Claude Code Security analyzes code …

GitHub
In GitHub’s advisory pipeline, some advisories move faster than others

GitHub Security Advisories are used to distribute vulnerability information in open-source projects and security tools. A new study finds that only a portion of those …

CISA
Don’t panic over CISA’s KEV list, use it smarter

In this Help Net Security video, Tod Beardsley, VP of Security Research at runZero, explains what CISA’s Known Exploited Vulnerabilities (KEV) Catalog is and how security …

Java
Java security work is becoming a daily operational burden

Security teams in large enterprises already spend significant time tracking vulnerabilities across software supply chains, third-party libraries, and internal codebases. Java …

idea
The hidden cost of putting off security decisions

In this Help Net Security video, Hanah Darley, Chief AI Officer, Geordie AI, talks about how putting off security risk decisions creates long-term costs that often stay …

vmware
CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools