A heady mixture of converging trends is likely to cause the volume of disclosed common vulnerabilities and exposures (CVEs) to hit at least 45,000 and possibly even as high as 50,000 during 2025, setting a new world record.This is according to the Forum of Incident Response and Security Teams (First), a security non-profit organisation based in North Carolina in the US, which said this figure was about 11% higher than in 2024, and almost six times higher in 2023. It said this underscores the growing complexity of the security landscape, and means organisations must start to think more about their risk prioritisation and mitigation strategies.The number of reported vulnerabilities isnt just growing, its accelerating, saidEireann Leverett, First liaison and lead member of its Vulnerability Forecasting Team. Security teams can no longer afford to be reactive; they must anticipate and prioritise threats before they escalate.Firsts analysts attributed this surge to a number of factors shifting technological mores, disclosure policy changes and worldwide geopolitical chaos among them.A combination of new players in the CVE ecosystem, evolving disclosure practices, new disclosure legislation in Europe, and a rapidly expanding attack surface is fuelling this surge, said Leverett.Most importantly, on the tech side, the rapid adoption of open source software (OSS) and the use of artificial intelligence (AI) tools to aid in vulnerability discovery was surfacing more flaws, and making it easier to spot them.Added to this, new contributors to the CVE ecosystem, such as Linux and Patchstack, are also having an effect on discovery volumes, and updates to how vulnerabilities are assigned and reported coupled with some funding challenges are altering disclosure patterns.Read more about vulnerability and patch managementTimely patch management should be crucial in any organisation, but too often it goes by the wayside. Automating the process may offer a path forward for hard-pressed cyber defenders.These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right product for your needs.Some risks, like security vulnerabilities and system downtime, are obvious, others not so much. Good patch management also requires weighing the possible risks of patching.And a growing amount of state-sponsored cyber activity by government-run actors often but not necessarily always Chinese, Iranian or Russian ones is leading to more weaknesses being uncovered and exploited.In terms of the types of CVEs being seen, First noted that memory safety vulnerability volumes are currently declining, while conversely, cross-site scripting (XSS) vulnerabilities seem to be on the up.Looking ahead, Leverett said he anticipated further growth in 2026, with an estimated minimum volume of just under 51,300 CVEs expected to surface.He said this emphasised the long-term challenges around vulnerability management best practice, and advised defenders to try to think about such things more strategically, rather than merely reacting to disclosures.What this means in practice is that security pros should prioritise vulnerabilities that pose the greatest risk of exploitation using threat intel and predictive insights rather than trying to patch everything everywhere all at once. At the same time, teams and resources can and should be scaled appropriately to optimise roll-out, and attack surface management. Planning here is key, said Leverett, and leaders should try to find ways of predicting patch effort in advance, including needed downtime.It may also be a good idea to prepare for changing disclosure trends, trying to anticipate surges in reports this can be easily done around Microsofts Patch Tuesday, although it may prove more challenging in general and allocating resources based on this.It is far more important, said Leverett, to understand how a sequence of vulnerabilities might hit the organisation and impact the security teams work, rather than constantly being on the lookout for the next black swan vulnerability, like Citrix Bleed or Log4Shell.Understanding the numbers is one thing, acting on them is what truly matters, he said. Organisations that use this data to guide their security planning can reduce exposure, mitigate risk and stay ahead of attackers.

The MSI Claw 8 AI+ improves on its predecessor with surprisingly good battery life and a refreshing design.

This might be the Pixel Watch 3's most important update yet -- and it brings something even the Apple Watch can't do.

A Map for Career ChangegettyYou know a career change is coming. But youre stuck.You know what you dont wantmaybe your job feels stale, your industry no longer excites you, or you crave more autonomy and impact.But what comes next? Thats the part that feels unclear.Wouldnt it be easier if someone could just show you the way forward?The truth is, career reinvention doesnt work that way. But there is a way forwardone that doesnt involve forcing yourself into yet another job search that leads nowhere. Instead of looking for a job, start looking for possibilities.The Diamond Framework: A Map for Career ChangeTo do that, you need to shift your thinking from job search to a discovery journey. Career transitionsespecially in mid-life or beyondarent about finding the next box to fit into. Theyre about allowing space for something new to take shape.Think of your path as a diamond shape: first, you explore widely, then you narrow your focus as patterns emerge and opportunities align with your skills and passions. Unlike a straight career trajectory, the diamond path expands before it converges, reflecting the natural rhythm of exploration and clarity.Phase 1: Opening Up Without Limiting YourselfThis first stage is about widening your view and exploring beyond familiar roles and industries. This is where the magic of exploration happens. Its not about rushing into job applications or searching for a titleits about discovery.Four mindset shifts are needed here for you to really lean into possibilities:Dont limit yourself to a narrow profession or job title. Instead, let the opportunities surface around your strengths and aspirations. Instead of thinking, Im a marketing manager looking for another marketing role, ask, What skills do I love using? What problems am I excited to solve?Don't limit yourself to specific roles, industries, or formats. Instead, meet people across various fields, explore companies that pique your interest, even if you cant see how you would fit there. At this phase you dont need a reason to learn more, you just need your internal permission to explore. The goal isnt to find a role that fits your pastits to explore whats next.Dont let but shut down opportunities. When you find yourself thinking, I could explore consulting, but Ive never done that before, stop. The word but shuts down possibilities. When it comes up, challenge yourself to move beyond the boundaries of what you think is possible. Instead of dismissing ideas with, But Ive never done that before, embrace the mindset of I could explore consultingand what would that look like? This shift opens doors to opportunities you might never have imagined. Each encounter is a potential stepping stone, regardless of whether it fits a preconceived notion.Dont rule out different work formats. Your career can evolve beyond traditional employment. Say yes to unexpected opportunitiesconsulting, freelancing, or project-based work that could reveal new interests or strengths. Many career pivots begin with exploratory consulting or side projects that naturally evolve into full-time opportunities.Remember, this phase is about redefining your value on your own terms. What strengths and experiences do you want to carry forward? What are you ready to leave behind? Only by understanding your unique value can you move forward with intention, rather than falling back into familiar patterns that no longer serve you.The goal is to widen your view into new possibilities, areas that need your skills and match your passions but that are not within the narrow definition of how you call yourself professionally. Thats why this phase of the journey isnt about immediate clarity but a broadening of horizons.Phase 2: Recognizing Natural ConvergenceThis exploration feels scattered at first, but over time, patterns emerge.Certain industries, roles, or opportunities will feel more aligned with your strengths and interests. Youll notice that some conversations energize you. Specific challenges will keep capturing your attention. Perhaps your leadership, strategy, or creativity skills unexpectedly resonate in a new contextmaybe a startup, a nonprofit, or a portfolio career that blends multiple roles.This is the narrowing phase of the diamond. The seemingly scattered explorations start to converge into a clearer direction. The opportunities that align with your strengths and aspirations will naturally rise to the surfacewithout forcing a decision.Clarity isnt something you chaseit emerges when the time is right. Youll know when the fog lifts and the right path becomes clear.Your Career Pivot Starts HereCareer transitionsespecially in mid-life or laterare not about rushing to find the next job title. Theyre about redefining yourself first, expanding your possibilities, and allowing convergence to happen naturally. By shifting your focus from job searching to discovery, you give yourself permission to explore without limits, uncover unexpected opportunities, and recognize the right path when it emerges. Instead of chasing clarity, you create the conditions for clarity to find you. And when it does, you wont have to force the next stepit will feel like the one you were meant to take.

If you start small and keep building, youll find that AI isnt just another toolits a game-changer for your business.

What just happened? The United States' relationship with the UK could come under further strain following news that US officials are investigating whether its ally broke a data treaty by demanding that Apple build a backdoor into iCloud. Last week, Apple removed its Advanced Data Protection feature for UK users. The extra layer of security encrypted synced iCloud content such as photos, notes, reminders, bookmarks, and iCloud backups so that only users could access it on trusted devices. Even Apple cannot decrypt customer accounts to access their data.The move came after Apple spent months denying the UK government's requests for the company to create a backdoor allowing agencies to snoop on users' encrypted data. The UK Home Office issued the technical capability notice under the Investigatory Powers Act of 2016, commonly referred to as the "Snoopers' Charter."Rather than complying, which would have had global implications regarding its security standards, Apple simply removed the Advanced Data Protection option for new UK users existing ADP users will have to disable the feature manually during a grace period.Now, Reuters reports that in a letter to two US lawmakers, Tulsi Gabbard, the US director of national intelligence, said the US is examining whether the UK government had violated the Cloud Act. // Related StoriesThe Act states that the UK may not issue demands for data of US citizens, nationals, or lawful permanent residents, nor may it demand data from persons located inside the United States.In the letter, addressed to Oregon Democrat Ron Wyden, and Arizona Republican Rep. Andy Biggs, Gabbard wrote, "My lawyers are working to provide a legal opinion on the implications of the reported U.K. demands against Apple on the bilateral Cloud Act agreement."Apple has long fought against demands from law enforcement and governments if it feels that they threaten the security of Apple products.In 2023, Apple threatened to withdraw FaceTime and iMessage from the UK in response to a proposed change that would require it and other messaging services to clear new security features, including iOS updates, with the UK government before they are rolled out.The most famous instance came in 2016, when a judge ordered Apple to help the FBI access the locked iPhone that was owned by Syed Rizwan Farook, one of the San Bernardino shooters. Tim Cook refused, stating that building a version of iOS that bypasses several important security features to access the handset would undeniably create a backdoor."If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone's device to capture their data," Cook wrote at the time. "The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge."Masthead: Daniel Romero

What just happened? Handheld gaming PCs might be incredibly popular right now, but that doesn't mean they'll all be successful. The clamshell-style Ayaneo Flip, for example, has been killed off, despite some backers of the crowdfunding campaign already having received their units. Those still waiting for one now have just 30 days to file for a refund. The Ayaneo Flip's crowdfunding campaign launched in January last year. Liliputing writes that the first units started shipping to backers a few months later, but more than a year after the campaign began, some backers still haven't received their handhelds and never will.Ayaneo has announced that after careful consideration and evaluation of its product roadmap and strategic priorities, there are currently no immediate plans to proceed with production of the Ayaneo Flip. The company said the move was necessary to ensure it focuses on delivering exceptional experiences through its existing and upcoming product lines.Those backers still waiting for one of the handhelds now have two options. They can either request a full repayment of the money they handed over, or they can switch their order to any equivalent Ayaneo product currently available, with price differences "settled accordingly."The announcement specifies that backers have 30 days (until Friday, March 28, 2025) to contact the customer service team to confirm their chosen option.The Ayaneo Flip was marketed as the first-ever dual-screen Windows handheld, with a 3.5-inch, 960 x 640 secondary touchscreen between the controllers for viewing system stats and more. // Related StoriesThe Flip features an AMD Ryzen 7 8840U or 7840U processor along with a seven-inch 1080p 120Hz IPS screen. RAM ranged from 16GB to 64GB, while storage went from 512GB to 2TB. There's also an M.2 2230 slot for a user-upgradeable PCIe 4.0 NVMe SSD.Another model featured a small RGB backlit keyboard in place of the smaller screen.The news is a reminder of the inherent risks that come when backing any project, even one from a company as well-established as Ayaneo.Reports this week indicate that approximately six million handheld gaming PCs have been sold since the Steam Deck's launch in 2022, with Valve's handheld accounting for over 3.7 million of those units.

Bringing the party from Down Under, Australian audio company BlueAnt today has unveiled the X5i party speaker, a new portable that delivers 120 watts of sound, built-in light show, and even includes two wireless microphones for karaoke. Priced at $270 and boasting up to 30 hours of battery life, the Aussies are betting that the combination of sound, lighting, and karaoke functionality will make the X5i a hit.Built for those looking for volume in a compact size (weighing under 10 pounds), the X5is dual 2.3-inch tweeters and single 6.5-inch mid/bass driver, combine with BlueAnts psycho-acoustic bass tech, that BlueAnt says ensures a powerful and immersive sound experience. And if you want to dial up the low-end, a dedicated bass boost button offers an extra punch.BlueAntThe X5i isnt BlueAnts first foray into the party speaker market, though. It joins the lineup as a smaller sibling to the more powerful, 160-watt BlueAnt X6, which goes for $479 in Australia (U.S. $303). While the more premium X6 aims for bigger power, the X5i looks to capture a wider audience with its more accessible price and shoulder-able form factor (if the marketing images are to be believed).Recommended VideosThe X5i isnt just about raw power, though, its got a light show, too. Just like many party speakers on the market form competitors such as JBL and Soundcore, the X5i features seven vibrant lighting modes that sync to your music from the LEDs that are wrapped around the speakers frame. Whether you want a subtle glow or a full-on strobe show, the X5is lighting effects will turn any room into, well, a disco.BlueAntSpeaking of the competition, this is where BlueAnt might have a leg up on some of them theyve decided to throw in two wireless microphones. Karaoke fiends will for sure like not having to fork over extra cash to singalong to their favorite Sabrina Carpenter tunes. They charge directly from the speaker, so no scrambling for batteries when your rendition of Espresso demands an encore, and they boast 50 hours of playtime. BlueAnt says that their range will reach around corners, great for wandering around and working the crowd.Please enable Javascript to view this contentDespite its power, the BlueAnt X5i is designed for portability. Its built-in phone and tablet holder puts DJ controls in convenient reach, while the IP54 splashproof rating means you dont have to worry about a little rain or spilled drinks. Plus, with a built-in power bank, you can keep your devices charged while streaming tunes from your favorite music services.BlueAntFor its small package and accessible price point, the X5i is impressively connection-adept. Bluetooth 5.4, USB, and an AUX input are there for no matter how you like to play your music. You can even pair two X5i units together for stereo sound or even more, if you have deeper pockets, to broaden the volume in, say, a bigger party room.The BlueAnt X5i party speaker is available now on Amazon for $270.Editors RecommendationsBlueAnts new headphones pump your workouts with extra bass

Oura has made significant changes to the algorithm controlling the Oura Rings Readiness Score, to help provide a more accurate and useful number to women tracking their menstrual cycles. The update joins an announcement the company will be working with Scripps Research Digital Trials Center on a study into advancing our understanding of physiological changes during pregnancy.The algorithm change will see the Readiness Score which is collated using sleep, body temperature, heart rate, and heart rate variability (HRV) and other sensor data adapt according to your cycle, and give a more accurate score that makes it easier to understand your daily condition. Oura says 65% of wearers may see an impact on their scores, due to the key data points used to create the Readiness Score naturally changing during the luteal phase of their cycle. However, it adds that the Readiness Score will only be lower on around three percent of tracked days.Recommended VideosThe menstrual cycle has a profound impact on woment health and overall well-being, which is why were dedicated to ensuring our app features accurately reflect the latest scientific understanding of the physiological changes women experience. By grounding our product in rigorous research, were empowering women to confidently navigate their unique cycles with the most accurate and personalized information possible, said Holly Shelton, Ouras chief product officer.Please enable Javascript to view this contentThe new study is also part of this commitment. It will collect data from 10,000 women who have worn the Oura Ring while pregnant, and will investigate how changes to physiology can affect pregnancy and pregnancy-related complications. The study hopes to boost knowledge around conditions like preterm labor, the risk of miscarriage, and postpartum depression. You can apply to join the study through the Oura app.The Oura Ring 4 is the current Oura Ring model, and is available starting at $399. However, we also still recommend the third generation Oura Ring if you can find one, as it still represents great value for money.Editors Recommendations

Google Tweak Creates Crisis for Product-Review SitesNew rules for recommendation sites such as Forbes Vetted and CNN Underscored threaten their business models, hurt freelancersGoogle says its policy on product-review sites aims to give users higher-quality search results. Photo: Bloomberg NEWSGoogle changed its rules around how product-review sites appear in its search engine. In the process, it devastated a once-lucrative corner of the news media world.Sites including CNN Underscored and Forbes Vetted offer tips on everything from mattresses and knife sets to savings accounts, making money when users click on links and buy products.Copyright 2025 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8VideosWhat's NewsTop stories chosen by WSJ editorsMost Popular NewsRecommended for YouTop StoriesMost PopularRecommended for YouMost Popular NewsMost PopularOPINIONRecommended VideosAdvertisement