Category: Full Text Articles – Audio Posts

For the second time, TIME is awarding the World’s Top EdTech Companies 2025, in partnership with Statista, a leading international provider of market and consumer data and rankings. The result of this quantitative study: 350 companies dedicated to the development and provision of educational technologies, encompassing both products and services. Here’s how the winners were selected.

Methodology

The research project “World’s Top EdTech Companies 2025” is a comprehensive analysis conducted to identify the top performing EdTech companies in the United States. First, companies had to primarily focus on developing and providing educational technologies, products, or services. The 350 companies with the highest score were awarded as “World’s Top EdTech Companies 2025.”

[time-brightcove not-tgx=”true”]

The ranking is built on two pillars: financial strength and industry impact. Statista gathered and scrutinized data from over 7,000 companies through desk research, online application forms, and collaborations with other data and market intelligence companies. A company received scores in each of these dimensions, which were then combined into an overall score.

For the first dimension, financial strength, Statista analyzed revenue, employee, and funding data, obtained from publicly available sources like annual reports, company websites, through media monitoring, and via databases. Additionally, company disclosures submitted via an online application form, which was freely accessible via the TIME website, were considered.

For the evaluation of the industry impact, Statista cooperated with HolonIQ and LexisNexis® Intellectual Property Solutions to assess companies in different impact dimensions, encompassing factors such as:

• quality and impact of their product/service portfolio
• quantity and value of a company’s IP (intellectual property) portfolio

In addition, Statista researched various metrics around web traffic, to assess the relevance of the products and services to the respective target groups.

The evaluation process involved assessing all relevant companies within the global EdTech sector that exhibited above-average performance on financial metrics in their geographical region. Subsequently, the selection was narrowed down to include only those companies that not only excelled financially but also demonstrated significant industry impact within their specific categories. This selection process allowed us to establish our final ranking of the World’s Top EdTech Companies 2025. Once the data was collected and evaluated, it was consolidated and weighted within a scoring model. The final score was calculated as follows: 70% x financial strength score + 30% x impact score. The companies with the highest score were awarded as “World’s Top EdTech Companies 2025” by TIME and Statista.

Alongside the list of 350 top EdTech companies, Statista and TIME are also publishing a “Rising Stars Ranking” highlighting the companies with the highest revenue growth rates over the past three years out of those who submitted company data via the online application process.

Applied criteria:

• company age 10 years and younger
• minimum revenue of 1 million U.S. dollars in 2022
• revenue growth rate of more than 20% over the last three years

Disclaimer
The selection of the companies and the definition of the evaluation criteria were based on independent journalistic criteria of TIME and Statista. The evaluation was carried out by the statistics and market research company Statista. TIME and Statista make no claim to the completeness of the companies examined.

The ranking only includes companies that qualify according to the criteria described in this document. A position in the ranking is a positive recognition based on research of publicly available data sources at the time and information received via an application process and through collaboration partners.

In addition, events after March 14, 2025, were not considered in the analysis. As such, the results of this list should not be used as the sole source of information for future deliberations. The information provided through this ranking should rather be considered in conjunction with other available information about a company.

The quality of companies that are not included in the ranking is not disputed.

Secretary of State Marco Rubio’s April 22 announcement of his department’s ambitious reorganization aims to dissolve the U.S. Agency for International Development (USAID) by Sept. 30 and integrate its core functions into a newly configured foreign assistance architecture within the State Department. It’s an inflection point of what can be seen as a third phase of the administration’s foreign affairs restructuring, following the Jan. 20 Executive Order that “paused” all foreign assistance for review and the subsequent dismantlement of USAID. But let’s not mistake this for a fresh start. This reorganization follows three months of erratic dismemberment of key U.S. foreign policy tools by the Trump administration, chaos that has already hollowed out critical national security capacities and made America less safe — and all without either a compelling public justification or strategic clarity.

Still, in the rubble lies a critical opportunity: to repurpose, rebuild, and refocus U.S. foreign assistance as an instrument not just of valuable goodwill, but of 21st-century national security. The United States cannot afford to squander it.

To be clear, there’s nothing inherently wrong with reassessing U.S. foreign assistance institutions. Every administration since the end of the Cold War has tried to improve the alignment of the “three Ds” — diplomacy, development, and defense. And as strategic competition with the People’s Republic of China sharpens, better integrating these instruments of power is not optional. It’s imperative.

But the Trump administration has thus far approached the task more like a demolition crew than a design firm. Just weeks ago, a leaked memo from the White House’s Office of Management and Budget (OMB) suggested cutting the State Department budget in half and gutting USAID to fewer than 300 staff, with only trade, commerce, energy, and humanitarian assistance surviving the purge. And the Department of State is already acting on decisions made without real analysis. Yet, as messy and backwards as this process has been, there’s still time to ask the right questions –and maybe even get some of the right answers.

First, what’s the theory of the case? USAID is gone. The Millennium Challenge Corporation (MCC), established in 2004 by President George W. Bush, is on the chopping block. Now, Rubio has proposed a State Department reorganization plan that includes a 15 percent cut in domestic staff,  reduces the number of bureaus and offices from 734 to 602 (including scaling back or eliminating a slate of human-rights focused offices, with the latest plan looking to have the Bureau of Democracy, Human Rights, and Labor radically downsized, with what’s left of it integrated with regional bureaus), and transfers 137 offices to other locations within the department.

Yet, other than the simple repetition that the intent is to assure the State Department is aligned with the president’s foreign policy priorities, the administration has yet to explain what national interests or values are being served by this reorganization and budget proposal. Is it a budget exercise, a power grab, or a strategic pivot?

If the goal is an “America First” realignment, where’s the evidence that dismantling development capabilities – the type of foreign aid hardest hit, even more than humanitarian aid and security assistance — enhances American leadership or counters China’s growing influence? The proposed reorganization also needs to come to terms with the reality that, at the end of the day, it has always been the case that the United States provides foreign assistance in service of its interests and values and to meet national security goals. That is the “why.” Development assistance, humanitarian assistance, global health and so forth are the “how.” If the rationale for “why” is still there, an approach that eviscerates the “how” runs the risk of disaster. Foreign assistance comprises less than 1 percent of the federal budget. Any savings must be weighed against the strategic return on investments in fragile States, global health, and climate resilience. The United States still needs a clear articulation of the Trump vision for foreign affairs and foreign assistance operations — or lack thereof — if it is to build anything fit for purpose.

Second, what capabilities should be preserved? Some of the proposed consolidation in Rubio’s State reorganization plan may make sense — no one who has worked at or with State will question the need to address bureau overlaps, eliminate redundancies and turf wars between offices, and streamline the policy approval process. But any merger must protect technical depth and the capacity needed to further U.S. foreign policy goals around the world. That’s a key lesson from the U.K.’s merger of its USAID counterpart, the Department for International Development (DFID), with its Foreign Office to create the Foreign, Commonwealth and Development Office (FCDO), which left that government struggling to maintain development expertise and country credibility, at strategic cost. Canada and Australia also faced similar learning curves. Their experiences teach that diplomacy and development are distinct skill sets — and that integration without intent can erode both. USAID’s humanitarian and health bureaus, for example, cannot simply be grafted onto another structure. The expertise and capability is not plug-and-play.

One important element of Rubio’s State reorganization proposal that merits additional scrutiny as the department moves to implementation is that it makes the regional bureaus the nexus of foreign assistance programming, supported with some functional capabilities. This appears to be similar to a model pursued by Australia’s Department of Foreign Affairs and Trade (DFAT) in its 2013 integration with Australia’s AusAID. While not without its challenges and bumps, the Australian experience provides guarded reason for optimism that it is an approach that can be successful in closely aligning interagency development tools — if, as DFAT learned, State is mindful of the need to preserve and enhance organizational capacities, both for personnel and for funding and programs. Australia’s experience also suggests that maintaining development capabilities is important to ensure that a new approach centered on regional bureaus includes the development professionals and the tools needed for success. Examples of critical development capabilities include but are not limited to the Transaction Advisory Fund (TAF), which provides financing for projects in strategic sectors, and other programs funded via the bilateral Economic Support Fund,  which can cover everything from protecting human rights to anticorruption efforts to strengthening civil society to addressing human trafficking.

More critically, gutting USAID’s development arms while preserving only humanitarian functions risks ignoring the root causes of instability — weak governance, climate shocks, and unresolved conflict. Such neglect ensures that tomorrow’s crises are worse than today’s, and that an America less prepared to face them will be less safe. Without clarity on what capabilities are essential to furthering U.S. foreign policy, development, and national security interests, it is challenging to work through the final phase of the reorganization to ensure that those capabilities survive intact.

Third, let’s stop pretending this is a game of musical chairs. Human capital matters. You can’t flip a switch to reboot a development program after thousands of layoffs. The entire ecosystem — implementers, experts, and partners — is reeling. Institutional memory is bleeding out. Merging foreign assistance under the State Department without preserving development as a distinct discipline isn’t reform — it’s a retreat. As with the question of capability, a strategic and considered approach to human capital, rather than seemingly random axing on the basis of facetious internet memes criticizing USAID (which I won’t detail here), is essential to ensure that the State Department reorganization and absorption of USAID is effective. This applies at senior levels as well, where it is essential that development and humanitarian assistance programs are in a unit where the leader is sufficiently empowered to represent their interests and perspectives within the department and across the government. It’s far from clear if an unconfirmed office head, even as powerful an office as the Office of Foreign Assistance, can serve in that role when the music stops.

Fourth, culture clashes aren’t bugs — they’re features to manage. USAID’s culture of operational flexibility and field innovation is not an accident; it reflects its mandate and mission. While the State Department’s culture is centered on formal diplomacy, representing U.S. interests, and managing State-to-State relationships, USAID was driven by a practical, mission-focused approach to global development. It emphasized technological expertise, innovation, and partnerships, and focusing on sustainable, measurable results central to sustainable development. Diplomacy demands discretion and central control; development often thrives on public engagement and local empowerment. If the United States doesn’t design for these differences, it will repeat the mistakes of the late 1990s merger of the U.S. Information Agency into the State Department, which has left America less able to contest information warfare or deal with the public diplomacy challenges of the twenty-first century.

Fifth, process matters. Rushing this reorganization to meet an arbitrary deadline of the end of the fiscal year while continuing to bypass congressional consultation and public debate undermines the very principles the United States claims to value. A deliberative, bipartisan approach grounded in real budget planning, statutory structures, and engagement with Congress won’t just yield better policy. It will last longer. A fully considered process in partnership with Congress — one that provides the necessary statutory framework for the new organizational structure — is essential for long-term success.

Rubio now has a chance to steady the wheel. A reorganization done right — rooted in strategy, not spite — can still align U.S. foreign assistance with national security, development effectiveness, and public trust. Done wrong, it will cost the United States influence, waste resources, and deepen the very crises the administration claims it wants to prevent.

There is no way to undo the damage already done to American interests and values by the administration’s process so far, but it’s not irreversible. With clarity of purpose and humility in process, the administration can still build something worthy of America’s values — and its interests.

IMAGE: U.S. Secretary of State Marco Rubio (C) shakes hands with Democratic Republic of the Congo Foreign Minister Thérèse Kayikwamba Wagner (L) as Rwandan Foreign Minister Olivier Nduhungirehe watches during a Declaration of Principles signing ceremony at the State Department on April 25, 2025 in Washington, DC. The U.S.-facilitated agreement promotes ending fighting in the region while bringing economic development between the two nations. (Photo by Kevin Dietsch/Getty Images)

The post Secretary of State Rubio’s Reorganization Plan Could Offer a Chance to Rescue U.S. Foreign Assistance — If He’s Smart About It appeared first on Just Security.

On April 11, President Donald Trump announced his intention to turn a strip of federal land along the U.S. southern border into a massive “National Defense Area,” effectively creating a new 170-square-mile U.S. military installation. The plan was described in a National Security Presidential Memorandum (NSPM-4), titled “Military Mission for Sealing the Southern Border of the United States and Repelling Invasions.” The document sets in motion the creation of a military area that is twice the size of Washington, D.C. It also expands the U.S. military’s role in stopping migrants crossing the border.

Typically, the establishment of a new military area of this size would require congressional approval. Congress has historically played a critical role in federal land management through its constitutional powers derived from both the Property Clause and the Enclave Clause. But Trump was able to circumvent Congress this time by declaring a national emergency at the southern border, thereby eliminating the statutory requirement for congressional approval. Further, environmental laws have traditionally played an important role in pumping the brakes on federal actions that impact the human environment and endangered species alike (there are 23 federally endangered species at the border). But the Environmental Protection Agency and the Fish and Wildlife Service are actively dismantling regulatory protections found in both the National Environmental Policy Act and the Endangered Species Act. Absent immediate pushback from Congress or a federal court enjoining the transfer of land to the Department of Defense, the creation of this military area appears to be a fait accompli. The result is a significant increase in the military’s mission at the southern border and further obfuscation of the military’s role in domestic law enforcement functions.

NSPM-4 is best read alongside two executive actions issued in January, declaring a national emergency at the southern border and Executive Order 14167, “Clarifying the Military’s Role in Protecting the Territorial Integrity of the United States.” Taken together, these directives seek to accomplish four major objectives, all of which significantly expand the military’s role in border enforcement.

A Transfer of Federal Lands to the Department of Defense

First, Trump is directing the transfer of a 60-foot strip of federal land lying parallel to the U.S.-Mexico border from control of three federal agencies (Interior, Agriculture, and Homeland Security) to the Department of Defense. This land, known as the Roosevelt Reservation, is a noncontiguous strip of federal land that snakes along the southern border from New Mexico to California. President Theodore Roosevelt established the reservation in 1907 to prevent smuggling between the United States and Mexico. In initiating this massive land transfer, Trump highlighted the need for DOD jurisdiction over these lands so that the military could conduct activities such as border-barrier construction and the placement of detection and monitoring equipment.

NSPM-4 calls for a “phased implementation” of this transfer. Initially, only a section of the Roosevelt Reservation in New Mexico, east of Fort Huachuca, will be placed under the DOD’s jurisdiction. But this transfer is only the beginning. NSPM-4 grants what amounts to plenary authority to the secretary of defense to “extend activities under this memorandum to additional Federal lands along the southern border.”

Bypassing Posse Comitatus Act Restrictions

Second, the establishment of a National Defense Area increases the military’s role at the southern border, effectively bypassing longstanding legal restrictions put in place by the Posse Comitatus Act. The Posse Comitatus Act prohibits federal military forces from being used in a law enforcement capacity, such as searching, seizing, detaining, and arresting people entering the country. The Posse Comitatus Act does not apply to National Guard members under state control. Today, there are approximately 10,000 active-duty soldiers operating at the border alongside members of the National Guard. By statute, Congress has granted the military broad authority to protect federal property. Now, federal military forces at the southern border will be empowered to arrest, detain, search, and seize anyone—migrant or otherwise—that attempts to cross into the new National Defense Area.

What’s more, NSPM-4 references myriad statutory authorities—such as the Engle Act (43 U.S.C.-§§ 155-158), Internal Security Act (50 U.S.C. § 797), and 10 U.S.C. § 2672—that reinforce military commanders’ authority to exclude persons from military installations. Indeed, the secretary of defense has the authority under existing law to protect all buildings, grounds, and property under his jurisdiction. In protecting federal property, 10 U.S.C. § 2672 authorizes military officers or agents to enforce federal laws and regulations for the protection of property, and make arrests. And NSPM-4 also highlights a criminal statute, 18 U.S.C. § 1382, that makes it illegal to enter into a “military, naval, or Coast Guard property.”

The authority to prohibit persons from military installations is reinforced in Pentagon regulations that permit direct law enforcement assistance for “actions related to a commander’s inherent authority to maintain law and order on a DOD installation or facility.” An April 16 Pentagon news release reinforced the military’s growing mission in defending the border:

Service members stationed at the border and operating on that land will have greater authority to execute their mission. They will be governed by the same rules as when they are defending any other military installation, such as apprehending trespassers and passing them to appropriate civilian or federal law enforcement officials.

In sum, by transferring federal public lands to the military, Trump is sharply increasing the authority of the military to arrest, detain, search, and seize anyone entering the new property under military authority. The creation of a National Defense Area, in turn, marks an extraordinary shift in the military’s role from indirectly supporting law enforcement to actively serving in a law enforcement capacity. For migrants, the National Defense Area also creates a new offense under the federal criminal code: 18 U.S.C. § 1382 prohibits unlawful entry into any military installation, with a penalty of up to six months in prison.

Muddying the Waters of the Military Purpose Doctrine

Third, NSPM-4 continues the trend of using language that ties immigration flows at the border with broader national security authorities and core military missions. For example, NSPM-4 exclaims that the southern border is “under attack from a variety of threats.” Trump is therefore assigning the military the “mission of repelling the invasion and sealing the United States southern border.” Trump has invoked similar language in invoking the Alien Enemies Act, declaring that the United States is being invaded by a predatory incursion of a transnational gang.

By using such forceful, martial language, Trump is further muddying the already murky waters of the military purpose doctrine, which allows an exception to the Posse Comitatus Act. The military purpose doctrine authorizes “actions taken for the primary purpose of furthering a DOD or foreign affairs function of the United States.” Normal Posse Comitatus Act restrictions do not apply to military activities that further a “military purpose.” Yet deciphering what actions fall within the military purpose doctrine is difficult in ordinary circumstances. Indeed, the Office of Legal Counsel wrote that differentiating between authorized military activities and unauthorized law enforcement functions is “no easy task.” I would characterize NSPM-4 as a continuation of a trend that engages in purposeful ambiguity by employing martial language—“repelling invasions” and “under attack”—that expands the scope of the military purpose doctrine beyond recognition.

A Shortcut to Border Wall Construction Funding

Fourth, the NSPM-4 reference to border-barrier construction is particularly noteworthy. The newly formed National Defense Area bolsters the president’s authority to use military construction money to build the border wall. This military construction authority at 10 U.S.C. § 2808 authorizes military construction projects during time of national emergency “that are necessary to support [] use of the armed forces.”

When Trump sought to employ the same authorities in 2019, he faced legal setbacks when the Ninth Circuit held that the border wall construction was not necessary to “support the use of the armed forces . . . nor were they military construction projects.” By effectively creating a new military installation out of whole cloth, Trump lawyers will argue that, unlike before, the border wall is being constructed on a military facility and amounts to a bona fide military construction project. And “military installation” is broadly defined to encompass established bases as well as “other activity under the jurisdiction of the Secretary of a military department.” To be sure, Congress recently placed a cap on emergency military construction authority—$100 million for construction projects within the United States—but NSPM-4 appears to bolster Trump’s ability to tap into funds set aside for military construction projects.

What are the Possible Checks on this Authority?

Congressional Constitutional Authority. NSPM-4 begins by pointing to Article II commander-in-chief powers that empower the executive branch to protect the homeland and ensure the territorial integrity and sovereignty of the United States. National security powers are famously shared between the executive branch and Congress. Congress, after all, controls the purse strings and has the authority to “raise and support” the Army. Unlike shared national security powers, constitutional authorities over federal property are the exclusive domain of Congress. The Constitution’s Property Clause could not be clearer: Congress has the “Power to dispose of and make all needful Rules and Regulations respecting the Territory or other Property belonging to the United States.” And under the Enclave Clause, Congress has authority to “exercise exclusive Legislation . . . for the Erection of Forts, Magazines, Arsenals, dock-Yards, and other needful Buildings.”

The Constitution envisions a congressional role in governing all federal property. This clearly encompasses the unilateral transformation of civilian-controlled lands to military-controlled areas. Yet, Congress has been missing in action as of late and appears reluctant to flex its constitutional muscles. Ideally, Congress will reassert its role in federal land management through the National Defense Authorization process. The House and Senate Armed Services Committees will be holding hearings and legislation markup sessions soon on this year’s bill.

Congressional Statutory Authority. Congress has not approved this massive land transfer. Under the Engle Act, approval by Congress is required for withdrawal, reservation, or restriction of over 5,000 acres for any Department of Defense project or facility. But this limitation does not apply today due to Trump’s declaration of a national emergency at the southern border. This is yet another example that showcases the need for reform of the National Emergencies Act, which grants extraordinary power to the president.

Environmental Law Protections. Finally, during the first Trump administration, environmental groups enjoyed considerable success in establishing Article III standing and using both the National Environmental Protection Act and the Endangered Species Act to halt border wall construction and military activities at the border. But the creation of the new National Defense Area—coupled with the concurrent evisceration of environmental regulations—make future environmental challenges far less likely to succeed.

Environmental laws would normally apply to both the land transfer and the border wall construction. After all, the creation of a massive National Defense Area surely constitutes a “major federal action,” that requires an environmental impact statement prepared under the auspices of National Environmental Protection Act. But in a remarkable step that stunned environmentalists, Trump began rescinding all Council on Environmental Quality regulations issued under the law.

Relatedly, the southern border is home to 23 federally endangered species and their critical habitats that normally enjoy robust protections under the Endangered Species Act. The law prohibits the “take” of any endangered species, defined as actions that “harass, harm, pursue, hunt, shoot, wound, kill, trap, capture, or collect.” For decades, harm has been interpreted broadly to prohibit both harm to an endangered species as well as its critical habitat.

Six days after NSPM-4 was issued, the U.S. Fish and Wildlife Service proposed a new rule rescinding the Endangered Species Act’s definition of “harm.” It proposed a definition that only includes an “affirmative act directed immediately against a particular animal,” rather than an act that could indirectly harm an endangered species’ population. Although this new definition is not yet finalized, changing the longstanding definition of harm clears a possible path for border wall construction and military activities that would otherwise be illegal under the Endangered Species Act.

***

With just two weeks since NSPM-4 was issued, it is too early to tell if this massive new tract of military land will trigger a congressional response or judicial intervention. Nevertheless, Trump’s efforts to militarize the southern border are on track to be far more successful than they were during his first administration.

Editor’s note: This piece is part of the Collection: Just Security’s Coverage of the Trump Administration’s Executive Actions

IMAGE: A Stryker platoon is stationed near the fence at the southern US border with Mexico, in Douglas, Arizona, on April 3, 2025. (Photo by DAVID SWANSON/AFP via Getty Images)

The post The New “National Defense Area” at the Southern Border: What You Need to Know appeared first on Just Security.

For millions of people across Spain and Portugal, power was lost in an instant yesterday. Communications came to a halt, water was not running in places, metro systems ground to a standstill, and travellers were strained in airport departure lounges.

[time-brightcove not-tgx=”true”]

This morning, Spain’s electricity grid is almost entirely restored and all homes in Portugal now have power restored, some 18 hours later. The Madrid Metro has been busy as usual this morning, and residents in the Spanish capital cheered this morning as lights came back on.

It is one of the most significant power outages in European history, and the largest since a blackout hit Italy in 2003 that lasted three hours and affected 57 million people.

Read More: What to Know About the Power Outage that Hit Spain, Portugal, and France

What is believed to have caused the outage?

During Monday’s abrupt outage, it was reported that a possible cause could have been an astrological phenomenon, according to Portugal’s grid operator. 

However, Spain’s meteorological agency has since reported no such phenomena occurring across the country, nor any sudden fluctuations in temperature.

President of the European Council António Costa said on Monday afternoon that there were “no indications of any cyber attack.”

That conclusion has been supported by the operator of Spain’s national grid, Red Eléctrica, which has located where outages began on Monday. Two separate incidents of power outages led to instability in the grid leading to a “breakdown in interconnections with France,” leaving the Iberian grid isolated.

On Tuesday, Red Eléctrica ruled out a cyber-attack as the cause.

Investigations from both Portuguese and Spanish grid operators and cybersecurity teams are ongoing, but there is no clear answer as to what caused the outages yet.

A technical analysis to fully understand the outage could take weeks or even months, Kristian Ruby, secretary general of Eurelectic, a trade body, told the New York Times.

What was affected?

Everything from sport to transport was hit by Monday’s outage, with tens of millions affected. Tennis star Coco Gauff’s post-match interview was cut short as systems went down at the Madrid Open.

Metro services and trains across both countries were also halted, as well as traffic systems, causing havoc in multiple cities. Members of the public in Madrid were seen trying to get rides home from others as transport came to a halt. 

Spanish Prime Minister Pedro Sánchez has said that his government will “demand responsibility from private operators,” in response to the outage while urging caution over misinformation about causes at this stage.

Sánchez said that determining the cause was essential so that a similar event “never takes place again.”

Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis.

In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. The researchers from Google Threat Intelligence Group (GTIG) observed that most targeted are end-user platforms, though attacks on enterprise tech are rising. The report published by GTIG highlights evolving attacker tactics, better vendor defenses, and growing challenges in detecting commercial surveillance activity.

“GTIG continued to observe an increase in adversary exploitation of enterprise-specific technologies throughout 2024. In 2023, 37% of zero-day vulnerabilities targeted enterprise products.” reads the report published GTIG. “This jumped to 44% in 2024, primarily fueled by the increased exploitation of security and networking software and appliances.”

In 2024, over 60% of zero-day exploits targeting enterprise tech hit security and networking tools, offering attackers efficient access to systems and networks.

GTIG experts reported that in 2024, zero-day attacks targeting enterprise tech grew, while browser and mobile exploits dropped. End-user platforms saw 56% of zero-day activity. Chrome remained the most targeted web browser, while mobile attacks often used exploit chains. Desktop OS zero-days rose to 22, with Microsoft Windows continuing to be a major target due to its widespread use.

“Microsoft Windows exploitation continued to increase, climbing from 13 zero-days in 2022, to 16 in 2023, to 22 in 2024.” continues the report. “As long as Windows remains a popular choice both in homes and professional settings, we expect that it will remain a popular target for both zero-day and n-day (i.e. a vulnerability exploited after its patch has been released) exploitation by threat actors.”

Enterprise products like Ivanti, Palo Alto, and Cisco are prime targets due to limited EDR monitoring and the ability of single flaws to enable full system compromise.

In 2024, over half of zero-days enabled remote code execution or privilege escalation. Use-after-free, command injection, and XSS were the top vulnerabilities. According to the report, most attacks targeted security and network software. Google attributed 34 cases, with 53% tied to cyber espionage groups, mainly nation-state or commercial surveillance vendors.

“While we still expect government-backed actors to continue their historic role as major players in zeroday exploitation, CSVs now contribute a significant volume of zero-day exploitation. Although the total count and proportion of zero-days attributed to CSVs declined from 2023 to 2024, likely in part due to their increased emphasis on operational security practices, the 2024 count is still substantially higher than the count from 2022 and years prior.” concludes the report. “Their role further demonstrates the expansion of the landscape and the increased access to zero-day exploitation that these vendors now provide other actors.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, zero-days)

Signup to receive the Early Edition in your inbox here.

A curated weekday guide to major news and developments over the past 24 hours. Here’s today’s news:

GLOBAL AFFAIRS

Mark Carney’s Liberal Party has won the Canadian election, defeating his Conservative rival Pierre Poilievre, who until recently was expected to become the next Prime Minister. Despite securing enough seats to form a government, it remains a close call at the time of writing whether Carney will secure a majority in parliament — if not, he will have to rely on other parties to govern. In his victory speech, Carney said, “President Trump is trying to break us so that America can own us – that will never ever happen.” BBC News reports. 

Spain and Portugal declared states of emergency yesterday after nationwide power outages and blackouts. Power was also lost in parts of France, causing widespread chaos on roads and in airports. Electricity supply is gradually returning to parts of Spain and Portugal, with the cause of the blackout still being investigated, Spain’s prime minister said. The president of the European Council said there were “no indications” of a cyberattack. CNN reports; Gabriela Pomeroy reports for BBC News.

Pakistan’s defense minister said yesterday that a military incursion by India was “imminent,” as tensions between the neighbouring countries continue to rise in the wake of last week’s deadly attack on tourists in Kashmir. Pakistan has said it is on high alert, adding it would only use its nuclear weapons “if there is a direct threat to our existence.” Asif Shahzad reports for Reuters. 

Iranian officials said there was a “failure to observe safety principles” at the port of Bandar Abbas, where an explosion on Saturday killed dozens, though further testing is needed to identify the exact cause of the blast. Leila Gharagozlou, Tim Lister, Eve Brennan, Max Saltman, and Frankie Vetch report for CNN.

Sudan’s Rapid Support Forces (RSF) killed at least 30 people in an attack on Omdurman on Sunday, authorities and an activist group said yesterday. Separately, a U.N. panel overseeing sanctions in Sudan is investigating how mortar rounds originally exported from Bulgaria to the United Arab Emirates ended up in a supply convoy for the RSF, according to a letter obtained by Reuters. Samy Magdy reports for the Associated Press; Reade Levinson and David Lewis report. 

Iran has proposed holding a meeting with the European signatories of the 2015 nuclear deal — potentially in Rome this Friday — if negotiations with the United States resume, diplomats said yesterday, adding that the Europeans have not yet responded to the proposal. John Irish and Parisa Hafezi report for Reuters.

Four former Hong Kong lawmakers were released from prison today after serving over four years for convictions under a Beijing-imposed national security law that effectively dismantled the city’s pro-democracy movement. Kanis Leung reports for the Associated Press.

The twin islands of Trinidad and Tobago held snap elections yesterday after its new prime minister dissolved parliament last month. The Associated Press reports. 

RUSSIA-UKRAINE WAR 

Russian President Vladimir Putin yesterday announced a three-day unilateral ceasefire in the war in Ukraine, beginning on May 8 and ending on May 10, to coincide with the 80th anniversary of the Soviet Union’s victory over Nazi Germany. “Russia believes that the Ukrainian side should follow this example,” Putin said in a statement on the Kremlin website, adding, “In the event of violations of the truce by the Ukrainian side, the Armed Forces of the Russian Federation will give an adequate and effective response.” Mary Ilyushima reports for the Washington Post; Thomas Mackintosh and Vitaliy Shevchenko report for BBC News.

ISRAEL-HAMAS WAR 

Israel yesterday boycotted the opening day of hearings at the International Court of Justice (ICJ) on its decision to ban the United Nations Relief and Works Agency for Palestine Refugees (UNRWA). Israel’s foreign minister said Israel had submitted its written position but would not participate in “this circus,” accusing UNRWA of being “infested with Hamas terrorists.” The hearings at The Hague, which are expected to last all week, follow a request by the U.N. General Assembly, with 40 countries, including the United States, set to speak as part of proceedings. Eugenia Yosef and Oren Libermann report for CNN; Shira Rubin and Clare Parker report for the Washington Post. 

The head of Israel’s Shin Bet, Ronen Bar, announced his resignation yesterday, saying he would step down on June 15 “after 35 years in service.” Prime Minister Benjamin Netanyahu announced Bar had been sacked in March, with Bar claiming he was dismissed because he refused to fulfil Netanyahu’s request to disrupt his corruption trial and spy on Israeli protestors. Reuters reports. 

U.S. FOREIGN AFFAIRS  

Mexico and the United States announced yesterday that they had reached an agreement under which Mexico will immediately release more water from the shared Rio Grande basin to Texas farmers, following earlier tariff and sanction threats by Trump. The Associated Press reports. 

Amid the U.S. bombing campaign in Yemen targeting the Houthis, a jet fighter yesterday fell off the aircraft carrier USS Harry S. Truman and sank when the ship made a sharp turn, defense officials said. It marks the strike group’s third mishap during its Middle East deployment, although officials say it is unclear whether the intensified pace of operations was a factor in the lost aircraft. Nancy A. Youssef reports for the Wall Street Journal. 

U.S. DOMESTIC DEVELOPMENTS 

House Republicans have unveiled a bill that proposes a $150 billion increase in Pentagon spending, bringing the total defense budget for FY-25 to over $1 trillion, if approved. The legislation, developed by the House and Senate Armed Services committees, allocates nearly $25 billion for Trump’s long-proposed Golden Dome missile defense project, a system designed to shield the entire continental United States from advanced missile threats. Ellen Mitchell reports for The Hill. 

Tennessee State prosecutors began their own trial yesterday against three former Memphis Police Department officers involved in the fatal beating of Tyre Nichols, seeking a murder conviction after a separate federal jury returned a mixed verdict last fall. Emily Cochrane and Ben Stanley report for the New York Times. 

Elon Musk and his companies could be exposed to at least $2.37 billion in potential legal and regulatory liabilities stemming from federal investigations, lawsuits, and oversight, according to a new report released yesterday by Senate Democrats. The report outlines various conflicts of interest related to Musk’s involvement with DOGE and raises concerns about the possibility of him leveraging his position to influence legal outcomes. Nick Robins-Early reports for The Guardian.

An Atlanta woman whose home was mistakenly raided by the FBI will appear before the Supreme Court today in a pivotal case determining when individuals can sue to hold federal law enforcement accountable. Lindsay Whitehurst reports for the Associated Press. 

TRUMP ADMINISTRATION ACTIONS 

Trump signed three executive orders yesterday. One order directs the Attorney General and the Secretary of Homeland Security to release a list of state and local jurisdictions that the Trump administration views as “sanctuary cities” — areas that restrict cooperation with federal officials’ efforts to arrest undocumented immigrants, and to pursue enforcement efforts. A second order directs the Trump administration to support police officers facing misconduct allegations by providing legal assistance; to review and potentially revise existing limitations on law enforcement, including federal consent decrees; to supply local law enforcement with military-grade equipment; and to take action against local officials who “unlawfully” prevent officers from performing their duties. A third executive order aims to enforce current regulations mandating that professional truck drivers demonstrate English proficiency. It instructs the Transportation Department to remove from service any driver who cannot read or speak English. Luke Broadwater and Zolan Kanno-Youngs report for the New York Times; Michelle Hackman and Tarini Parti report for the Wall Street Journal.  

The new head of the Justice Department’s civil rights division has been redirecting staff to focus on combating antisemitism, anti-Christian bias, and what she terms “woke ideology,” prompting the departure of about half of the division’s lawyers in recent weeks, sources say. The division also revised the mission statements to shift focus away from addressing racial discrimination and toward opposing diversity initiatives. Hundreds of lawyers and other staff members are leaving the division en masse, with section chiefs — who had been responsible for cases involving police brutality, disability rights, and voting rights — being reassigned to roles outside their areas of legal expertise. Perry Stein and Jeremy Roebuck report for the Washington Post. 

A team of DOGE personnel yesterday went to the U.S. International Development Finance Corporation (DFC) headquarters to evaluate the agency’s performance and alignment with Trump’s agenda, sources say. As one of the last remaining foreign aid agencies that has not yet been drastically impacted by the Trump administration, the DFC was established during the first Trump administration with bipartisan backing from Congress to support development projects in low- and middle-income countries through private sector investment. Robbie Gramer and Sophie Cai report for POLITICO. 

National security agencies within the Trump administration are intensifying investigations into suspected leaks to the media, with some using polygraph tests, which current and former officials say are fostering a climate of fear and harming national security. Under the direction of FBI Director Kash Patel, the bureau has recently started administering polygraph tests to track down the sources of leaks, according to an FBI spokesperson. Ellen Nakashima and Hannah Natanson report for the Washington Post. 

The Trump administration has dismissed hundreds of scientists and experts who had been working on publishing a flagship report on how climate change is affecting the country. The future of the report, which is required by Congress and known as the National Climate Assessment, is now at risk, experts say. Brad Plumer and Rebecca Dzombak report for the New York Times. 

House Republicans have proposed a $1,000 fee for migrants seeking asylum, part of a broader set of new or increased charges on immigrants pursuing legal entry into the United States. The proposal is among several measures outlined in legislation unveiled yesterday by the House Judiciary Committee, intended for inclusion in a sweeping domestic policy bill advancing Trump’s agenda. Michael Gold reports for the New York Times.

The Trump administration yesterday launched two investigations into Harvard University and the Harvard Law Review over allegations that race was considered in the journal’s editorial decisions. The civil rights offices of the Departments of Education and Health and Human Services stated the inquiries were “based on reports of race-based discrimination permeating the operations of the journal.” Other issues including financial ties, oversight procedures, and selection policies are also being probed. Bianca Quilantan reports for POLITICO.

The head of a Peace Corps alumni group said yesterday he had been informed the agency, under review by DOGE, is looking to reduce the number of full-time staff who assist volunteers overseas. In a statement, the Peace Corps confirmed that DOGE was evaluating its operations and “working to identify additional efficiency in our staffing structure.” David A. Farenthold reports for the New York Times.

The Trump administration will move to lessen the impact of his automotive tariffs today by easing certain duties on foreign parts used in U.S.-built cars and preventing multiple tariffs from accumulating on imported vehicles, officials say. Reuters reports. 

TRUMP ADMINISTRATION LITIGATION

A coalition of labor unions, local governments, and nonprofits filed a lawsuit against the Trump administration in federal court yesterday, aiming to block the DOGE Service’s federal workforce reductions in part on the basis that they lack congressional approval. The lawsuit, submitted to the U.S. District Court for the Northern District of California, claims that the administration’s “reduction in force” plans and government reorganization violate the Constitution’s separation of powers. Lauren Kaori Gurley reports for the Washington Post. 

A lawsuit challenging the Trump administration’s policy of permitting immigration enforcement agents to operate in places like schools and houses of worship was filed in Oregon yesterday, aiming to address the legal question of whether certain civic spaces should be off-limits. Zach Montague reports for the New York Times.

A U.S. appeals court yesterday reinstated a temporary block on mass layoffs at the Consumer Financial Protection Bureau, allowing employees to retain their jobs for the time being. The divided ruling by a three-judge panel on Washington’s federal appeals court dealt a setback to Trump’s push to significantly restructure the CFPB, potentially shrinking the workforce by 90%. Reuters reports. 

 

Did you miss this? Stay up-to-date with our Litigation Tracker: Legal Challenges to Trump Administration Actions

The post Early Edition: April 29, 2025 appeared first on Just Security.

Reviewing Harvard Law Review: On Friday, we blew the lid off pervasive racial discrimination at the Harvard Law Review. On Monday, the Trump administration launched an investigation.

The Department of Education and the Department of Health and Human Services “will conduct separate investigations” to determine “whether Harvard violated Title VI of the Civil Rights Act, which bans race discrimination by the recipients of federal funds. They will also examine the university’s relationship with the law review, including ‘financial ties’ and ‘oversight procedures,'” the Free Beacon‘s Aaron Sibarium reports. The journal claims to be separate from Harvard Law School, though its tax forms “state that it is ‘functionally integrated’ with the university.” 

“The probes—to be conducted by each agency’s office for civil rights—come days after former Texas solicitor general Jonathan Mitchell vowed to sue Harvard over the journal’s policies, which include evaluating articles on both the race of the author and the racial diversity of its citations,” writes Sibarium. “The probes could result in further cuts if HHS decides that there is no meaningful difference between Harvard Law School and the Harvard Law Review—long considered the top law journal in the country—and could make private litigants’ lives easier by surfacing additional evidence of discrimination.”

READ MORE: Trump Administration Launches Probes of Harvard Law Review’s Racial Preferences

Out of order: The two Harvard University students who faced criminal charges for assaulting an Israeli classmate during an October 2023 “die-in” protest, Elom Tettey-Tamaklo and Ibrahim Bharmal, have finally learned their fate: 80 hours of community service and an anger management class.

Those are the terms of a pretrial diversion program a Suffolk County judge ordered during a hearing on Monday, our Collin Anderson reports. The conclusion is a mixed bag for the prosecution, which won out when it comes to the community service time (the students’ attorneys wanted only 40 hours) but did not secure a statement from Tettey-Tamaklo and Bharmal admitting fault. The pair will return to court in late July for a “Pretrial diversion completion” hearing, court filings show.

It’s unclear what Harvard will do—if anything—in response to the case’s conclusion. Both Tettey-Tamaklo and Bharmal were expected to graduate this year, the former from the divinity school and the latter from the law school. As their case progressed, Harvard did not say whether it would award them degrees if the proceedings remained open or if they were convicted. Both students remained in good standing with the school in the wake of the “die-in.”

READ MORE: Harvard Students Ordered To Enter Pretrial Diversion Program Over Assault of Israeli Classmate

Pants on fire: Eugene Daniels, the MSNBC host, embattled WHCA president, and self-described “walking Beyoncé encyclopedia,” kicked off his speech at Saturday’s nerd prom White House Correspondents’ Association annual gala by saying journalists are “pushy” and “sometimes think we know everything” but are also “human,” “care deeply about accuracy,” and are “not the opposition.” Our Andrew Stiles checks his facts.

 Analysis: “It goes without saying that journalists are often ‘pushy’ and think they ‘know everything.’ But are they also human, as Daniels so boldly claimed? Technically, yes, as far as we can tell. But certainly not in the broader sense. By most scientific standards, the average journalist is both morally and temperamentally aberrant compared to the average member of the human species. We couldn’t find any evidence to support Daniels’s claim that journalists ‘care deeply about accuracy and take seriously the heavy responsibility of being stewards of the public’s trust.’

“Meanwhile, Daniels’s insistence that journalists are not ‘the opposition’ is difficult to assess without further context. The statement is true if referring to the time period between January 20, 2021, and January 19, 2024, or any time a Democrat is president. If Daniels meant to imply that journalists are currently not behaving like an opposition party under President Trump, then of course that is false.”Verdict: “We rate this claim 4 Flaming Clintons.”

READ MORE: FACT CHECK: Eugene Daniels Says Journalists ‘Care Deeply About Accuracy’ and ‘Are Not the Opposition’

 Away from the Beacon:

• Last week, the American Association of Colleges and Universities published a public statement, signed by 514 administrators, criticizing the Trump administration’s higher education reforms. Absent from the list of signatories are administrators from Vanderbilt, the first school to discipline students over anti-Israel protests, and Dartmouth, the only Ivy League school not under federal investigation. Faculty members at Dartmouth seem to think that’s a bad thing.
• Harvard is changing the name of its DEI office to “Community and Campus Life,” a move that will also see the school’s chief diversity and inclusion officer and accused plagiarist, Sherri Ann Charleston, operate under a different title: “Chief Community and Campus Life Officer.”
• In a “return to the national stage,” Kamala Harris will make “her most extensive public remarks since losing to Trump last fall” in a speech to… a progressive group that has long supported her political career, Politico reports. Tune in on Wednesday for this barnburner!

The post Trump Probes Harvard Law Review’s Racial Preferences. Plus, Harvard ‘Die-In’ Defendants Get Community Service. appeared first on .

VeriSource breach exposed data of 4M people in Feb 2024; stolen info includes personal details from an employee benefits services provider.

VeriSource is alerting 4 million people after a February 2024 breach that exposed personal information. The data was stolen on February 27, 2024, and the incident was discovered on February 28, 2024.

The company launched an investigation into the security breach.

“April 24, 2025 – Verisource Services, Inc. (“VSI”) experienced a data security incident that involved personal information belonging to employees and dependents of companies that use VSI’s services and has provided notice of this incident to impacted individuals. On February 28, 2024, VSI became aware of unusual activity on our network environment. Upon discovering this activity, VSI immediately took steps to secure our network and launched an investigation with the assistance of independent cybersecurity experts. The investigation subsequently revealed that certain personal information was acquired without authorization on or about February 27, 2024. VSI then commenced a comprehensive review of the affected data to determine whether any sensitive data was involved and whether personal information may have been affected.” reads the notice of data breach published by the company. “On August 12, 2024, that review concluded and we confirmed that certain personal information was involved. Based on that review, an initial set of notices were issued beginning on August 20, 2024.  VSI also notified its client companies and continued to work with them to collect the necessary information to notify additional individuals affected by this incident. That process was completed on April 17, 2025. We then took steps to notify impacted individuals of the incident as quickly as possible.”

The review ended on August 12, 2024, revealing personal data like names, addresses, dates of birth, gender, and/or Social Security numbers were compromised. Notifications began August 20, 2024, and were completed by April 17, 2025. Not all data types were impacted for every individual.

The employee benefit administrative services provider VeriSource Services (VSI) is notifying impacted employees and dependents.

VSI reported the breach to the FBI, HHS, and credit agencies, the company is not aware of any misuse of stolen data.

VeriSource offered free 12-month ID protection to the impacted individuals.

Impacted individuals are advised to closely monitor their debit and credit card statements for any unusual activity and promptly contact their card issuer if they notice anything suspicious.

​VeriSource Services, Inc., established in 1997 and headquartered in Houston, Texas, is a privately held company specializing in employee benefits administration and enrollment solutions for employer groups. The company offers a range of services, including COBRA administration, dependent verification, ACA reporting, eligibility monitoring, consolidated billing, and direct billing services. The company leverages proprietary, rules-based technology to deliver customized, cost-effective solutions tailored to each client’s needs.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

Northwestern University warned its Jewish Voice for Peace (JVP) chapter that its constitution, which bars Zionist Jews from joining, violates the school’s new anti-discrimination policy, the Washington Free Beacon has learned.

The constitution for the anti-Israel student group states that “members are expected to be anti-Zionist and identify with Judaism” and requires a faculty adviser to be a “Jewish anti-Zionist or support anti-Zionist philosophies.” According to its mission statement, JVP aims to build an “anti-Zionist Jewish community on campus.”

The group seems committed to that goal, playing a significant role in anti-Israel campus activity with an adviser, Sarah Schulman, who has repeatedly blamed the Jewish state for Hamas’s Oct. 7 attack. But JVP’s constitution doesn’t square with Northwestern’s updated non-discrimination policies, which incorporated the International Holocaust Remembrance Alliance’s (IHRA) definition of anti-Semitism. That definition states that “denying the Jewish people their right to self-determination, e.g., by claiming that the existence of a State of Israel is a racist endeavor,” is a form of anti-Semitism.

A Northwestern spokeswoman told the Free Beacon that the university is making Northwestern’s JVP branch, a recognized student group that formed after Hamas’s Oct. 7 attack on Israel, change its rules.

“As a registered student organization, Jewish Voice for Peace is required to comply with Northwestern’s anti-discrimination policies. The appropriate steps are in progress to revise the organization’s constitution and membership policies,” she said.

The move comes as Northwestern faces pressure to rein in campus anti-Semitism. Earlier this month, the Trump administration froze $790 million in federal funding to Northwestern amid a civil rights investigation into alleged anti-Semitism and racial discrimination on campus. The House Committee on Education and Workforce, meanwhile, is demanding a meeting on anti-Semitism with Northwestern’s president, the Free Beacon reported.

Like Harvard, which saw $2.2 billion frozen on April 14, Northwestern retained a high-profile, MAGA-linked lobbying firm to navigate the scrutiny.

Wendy Khabie, the mother of a Northwestern student and national co-chair of the Coalition Against Antisemitism at Northwestern (CAAN), told the Free Beacon that student organizations should be stripped of their rights if they don’t update their policies.

“We expect that any and every registered student group affiliated with the University would be held responsible for meeting all of the requirements established by the code of conduct and student handbook. That includes any updates or revisions recently made, with specific regard to the University’s adoption of IHRA,” Khabie said. “It would be concerning if the University afforded rights and privileges to groups that are not in full compliance with established guidelines.”

JVP, meanwhile, has been a major player in disruptive, anti-Israel protests, and Schulman, a tenured English professor, has proven that she fits the group’s faculty adviser requirements.

The day after Hamas’s assault, Schulman attended an anti-Israel protest in Times Square. There, she told the New York Times, “Decades of brutality towards Palestinians, in which people have been murdered, incarcerated and displaced unjustly have made conditions untenable, and I believe that they exploded.”

Roughly a week later, she penned a New York Magazine article arguing that Hamas’s attack was the result of Israel’s “consistent, unending brutality.”

“[F]or 75 years, Palestinians have been murdered, incarcerated, and displaced with escalating violence by Israeli soldiers, and more recently by settlers. On October 7, these unending, untenable conditions exploded when Hamas broke through Israel’s imposed barriers. They reentered the land they consider home,” Schulman wrote. “They attacked formerly Palestinian villages and cities, now under the control of Israel. After decades of being on the receiving end of highly organized violence, they switched roles and became the murderers and kidnappers of more than 1,300 Israeli children and adults.”

Schulman has a long history of anti-Israel activism, serving on the advisory board of JVP’s national arm since 2010. In 2016, while a professor at the College of Staten Island, Schulman was accused by the Zionist Organization of America of “echo[ing] the lies of talking points of Hamas” by claiming that Israelis are indiscriminately killing Palestinians. At the time, she also served as a faculty adviser for the school’s Students for Justice in Palestine (SJP) chapter.

Northwestern’s JVP chapter appears to follow in Schulman’s footsteps. On the one-year anniversary of Hamas’s attack, the group joined a walkout in solidarity with Northwestern SJP “to commemorate a year of the ongoing genocide in Palestine.”

“There are no universities left in Gaza, and today we are leaving classes at our university to stand in solidarity against occupation and apartheid,” the group wrote on Instagram. Earlier this month, SJP held an anarchist training session for its Northwestern members at which it cited propaganda from the Popular Front for the Liberation of Palestine terror group urging students to “build an Intifada” and “destroy amerika.”

In April 2024, JVP helped organize a five-day encampment and successfully negotiated with the university to allow the anti-Israel activists to keep up one tent through June 1, 2024.

Most recently, on Feb. 27, JVP and SJP boycotted Northwestern’s new mandatory anti-discrimination training. The two groups described parts of the “fascist” training as “zionist propaganda” that “incite[s] violence” against Muslim, Arabs, and Palestinians on campus.

In reality, the training relies on unverified data from the Council on American-Islamic Relations that inflate Islamophobic attacks, giving the false impression that those attacks vastly outpace anti-Semitic hate crimes, the Free Beacon reported.

Northwestern touted that training as part of a March 31 progress report detailing steps it has taken to combat anti-Semitism. It also noted that “there has been a significant decrease in reports of discrimination or harassment based on antisemitism or shared Jewish ancestry at Northwestern compared with the same period last academic year.”

Yet on April 14, during Passover, anti-Semitic vandals at Northwestern used red paint to write “Death to Israel” and draw Hamas triangles on Kresge Centennial Hall, a campus building that houses the school’s Holocaust center, the Free Beacon reported.

The post Northwestern Tells JVP: Change Your Constitution or Risk Discipline Under New Anti-Discrimination Policy appeared first on .

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the descriptions for these flaws:

• CVE-2025-1976 Broadcom Brocade Fabric OS Code Injection Vulnerability – In Brocade Fabric OS versions 9.1.0 to 9.1.1d6, although direct root access was officially removed, a local user with administrative privileges can still exploit a vulnerability to execute arbitrary code with full root privileges. This flaw effectively bypasses the intended security restrictions, allowing complete control over the system.
• CVE-2025-42599 is a Stack-Based Buffer Overflow Vulnerability in Qualitia Active! Mail. The flaw impacts Active! mail 6 BuildInfo: 6.60.05008561 and earlier. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
• CVE-2025-3928 Commvault Web Server Unspecified Vulnerability. Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

that Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities CVE-2025-1976 and CVE-2025-42599 by May 19, 2025. CISA orders federal agencies to fix the vulnerability CVE-2025-3928 by May 17, 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)