In 2025, an AI system identified four previously unknown security issues in OpenSSL, three of which were disclosed and fixed by the system. The findings highlight the potential of AI in proactively discovering vulnerabilities in critical infrastructure.

NIST has announced that all Common Vulnerabilities and Exposures (CVEs) published before January 1, 2018, will be classified as "deferred" in the National Vulnerability Database. This decision aims to prioritize the analysis of newer vulnerabilities while indicating that older ones still require attention from organizations for remediation.

The article discusses concerns regarding newly published CVEs related to dnsmasq, highlighting that the required exploit involves replacing the configuration file, which undermines the validity of the vulnerabilities. Moritz Mühlenhoff points out similar issues with CVEs reported for the Kamailio SIP server, emphasizing the questionable nature of these reports.