BrianFagioli writes: Google has quietly retired the ZetaSQL name and rebranded its open source SQL analysis and parsing project as GoogleSQL. This is not a technical change but a naming cleanup meant to align the open source code with the SQL dialect already used across Google products like BigQuery and Spanner. Internally, Google has long called the dialect GoogleSQL, even while the open source project lived under a different name. By unifying everything under GoogleSQL, Google says it wants to reduce confusion and make it clearer that the same SQL foundation is shared across its cloud services and open source tooling. The code, features, and team remain unchanged. Only the name is different. GoogleSQL is now the single label Google wants developers to recognize and use going forward.

Read more of this story at Slashdot.

Nearly half of the databases that public health officials at the Centers for Disease Control and Prevention were updating on a monthly basis have been frozen without notice or explanation, according to a study published in the Annals of Internal Medicine.

The study—led by Janet Freilich, a law expert at Boston University, and Jeremy Jacobs, a medical professor at Vanderbilt University—examined the status of all CDC databases, finding a total of 82 that had, as of early 2025, been receiving updates at least monthly. But, of those 82, only 44 were still being regularly updated as of October 2025, with 38 (46 percent) having their updates paused without public notice or explanation.

Examining the databases' content, it appeared that vaccination data was most affected by the stealth data freezes. Of the 38 outdated databases, 33 (87 percent) included data related to vaccination. In contrast, none of the 44 still-updated databases relate to vaccination. Other frozen databases included data on infectious disease burden, such as data on hospitalizations from respiratory syncytial virus (RSV).

Read full article

Comments

© Getty | Jim Watson

Europe’s long-running conversation about digital autonomy quietly crossed a milestone with the launch of a new public vulnerability platform. The EU Vulnerability Database, created under the GCVE initiative, is now live. This signals a deliberate shift in how software weaknesses are identified, cataloged, and shared across Europe.   The GCVE project, short for Global Cybersecurity Vulnerability Enumeration, has delivered a free, publicly accessible platform at db.gcve.eu. The primary objective of the platform is to reduce reliance on U.S.-centric vulnerability infrastructure and enhance Europe’s digital sovereignty.  

Why GCVE Emerged When It Did 

The immediate catalyst was a brief but impactful scare surrounding the possible discontinuation of the Common Vulnerabilities and Exposures (CVE) program in 2025. Even though the CVE system has long been treated as a foundational layer of global cybersecurity, the mere risk of interruption exposed how fragile that assumption really was.   Across Europe, the incident prompted vendors, researchers, and policymakers to ask an uncomfortable question: what happens if the numbering system everyone depends on suddenly becomes unavailable or constrained?  GCVE formed in response, not as a rejection of CVE, but as a hedge against single-point dependency. The EU vulnerability database is the practical outcome of that realization, offering an alternative that is structurally decentralized rather than centrally approved. 

A Decentralized Model by Design 

Unlike traditional models, where vulnerability identifiers are assigned through a central authority, GCVE operates using a Global Numbering Authority (GNA) framework. This allows participating organizations to assign and publish vulnerability identifiers autonomously. There is no waiting period for central approval and no bottleneck that can stall disclosure during critical response windows.  The platform aggregates data from more than 25 distinct sources, including public vulnerability directories and GNA contributors. All incoming data is normalized, structured, and indexed, so it can be searched consistently across ecosystems. In practical terms, this means a vulnerability disclosed through GitHub Security Advisories, a national CERT, or another recognized directory can coexist in a single EU vulnerability database without losing context or traceability. 

What the Database Actually Shows 

The Cyber Express team analyzed the platform and found that the GCVE dashboard reveals how broad that aggregation already is. Recent activity lists vulnerabilities from multiple origins, including GitHub advisories such as GHSA-QHWV-3XRQ-PJMJ, GHSA-M2W5-7XHV-W6FH, GHSA-X439-WRMP-CJ57, and dozens more. Alongside them appear traditional identifiers like CVE-2025-14559, CVE-2026-1035, and CVE-2026-24026 through CVE-2026-24020, pulled from cvelistv5 sources.  [caption id="attachment_108825" align="alignnone" width="742"] EU vulnerability database dashboard (Source: GCVE)[/caption] The dashboard tracks more than identifiers. Weekly observations, comments, bundles, known exploited vulnerabilities (KEV), sightings, and even “ghost CVEs” are surfaced to show how issues evolve after disclosure. A rolling, month-long evolution view highlights how frequently vulnerabilities are seen, confirmed, exploited, or accompanied by proof-of-concept code.  Concrete examples illustrate the breadth of historical and current coverage. Widely known issues like CVE-2021-44228 (Log4Shell), CVE-2019-19781, CVE-2018-13379, and CVE-2017-17215 appear alongside recent entries such as CVE-2025-14847, CVE-2025-55182, CVE-2025-68613, and CVE-2025-59374. Older vulnerabilities, CVE-2015-2051 or CVE-2017-18368, sit next to newly published 2026 identifiers, reinforcing that the EU vulnerability database is designed for continuity, not just novelty. 

Integration Over Isolation 

GCVE’s architects appear keenly aware that a database alone does not change behavior. To that end, the platform exposes an open API intended for direct integration into compliance tooling, risk management platforms, and security operations workflows. This matters for Europe’s computer security incident response teams, software vendors, researchers, and open-source maintainers, who often juggle multiple data feeds just to maintain situational awareness.  By consolidating vulnerability intelligence without enforcing a single authority, GCVE positions itself as connective tissue rather than a replacement organ. The model assumes coexistence with existing systems while ensuring Europe retains the ability to operate independently if needed.