What happens when China cuts off the rare earths that power electric vehicles, missiles, and our defense industry? In this episode of Rethinking Trade, Lori Wallach sits down with Rush Doshi —…

The 19th spoke with two detransitioners who feel harmed and used by the Trump administration, which has positioned itself as a protector of those who detransition.

In November 2025, Microsoft released its monthly security updates, known as Patch Tuesday, addressing a total of 63 vulnerabilities. Among these, a zero-day vulnerability in the Windows kernel stands out due to its active exploitation in the wild. Zero-day vulnerabilities are particularly dangerous as they are unknown to the vendor until they are discovered, often after they have been exploited by attackers. The Windows kernel is a critical component of the operating system, and vulnerabilities in this area can lead to severe consequences, including privilege escalation, arbitrary code execution, and complete system compromise. The presence of an actively exploited zero-day vulnerability underscores the urgency for organizations to apply these patches promptly. Delaying the application of these updates can leave systems exposed to targeted attacks, which can result in data breaches, system compromises, and other security incidents. The fact that this vulnerability is already being exploited indicates that attackers are aware of it and are actively using it to compromise systems. From a cybersecurity perspective, this highlights the importance of robust patch management processes. Organizations must prioritize the timely application of security updates to mitigate the risk of exploitation. Additionally, this incident serves as a reminder of the ongoing cat-and-mouse game between cybersecurity professionals and attackers. As defenders patch vulnerabilities, attackers seek out new ones, making continuous vigilance and proactive security measures essential. The impact of this Patch Tuesday update on the cybersecurity landscape is significant. It underscores the need for organizations to stay current with their security updates and to have processes in place to quickly respond to new vulnerabilities. For cybersecurity professionals, this means staying informed about the latest threats and ensuring that their organizations are protected against known vulnerabilities. In conclusion, the November 2025 Patch Tuesday update from Microsoft is a critical reminder of the importance of timely patch management. The inclusion of an actively exploited zero-day vulnerability in the Windows kernel highlights the ongoing threat posed by such vulnerabilities and the need for organizations to remain vigilant and proactive in their cybersecurity efforts.

The November Patch Tuesday from Microsoft has landed, bringing with it a mixed bag of security fixes. While the total number of vulnerabilities addressed – 66 – is lower than in recent months, one critical zero-day exploit already in the wild demands immediate attention from IT departments worldwide. This month’s update highlights the constant cat-and-mouse […]

Semgrep has introduced a private beta feature utilizing AI to detect business logic vulnerabilities effectively. This innovation aims to enhance application security and address critical coding issues.

Replies by 🎓Glen P. Peters, 🎓John Quiggin, 🎓Brett Christophers, 🎓Hakan Yilmazkuday, 🎓Jonathan T. Overpeck +36 more scholars

The Amazon threat intelligence team has identified an advanced threat actor exploiting previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix systems. The ca...

Broadcom announced patches for six vulnerabilities affecting VMware Aria Operations, NSX, vCenter, and VMware Tools products.

Origin