The National Institute of Standards and Technology (NIST) has proposed ending some password requirements. The changes include barring periodic password changes, not requiring the use of specific characters, and stopping the use of security questions. All organisations interacting with the federal government are required to comply with the Digital Identity Guidelines. Critics have argued against password rules that do more harm than good for a while now. NIST is accepting inputs on the guidelines till 7 October.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is