IBM said it will triple entry-level hiring in the US in 2026, even as AI appears to be weighing on broader demand for early-career workers. From a report: While the company declined to disclose specific hiring figures, it said the expansion will be "across the board," affecting a wide range of departments. "And yes, it's for all these jobs that we're being told AI can do," said Nickle LaMoreaux, IBM's chief human resources officer, speaking at a conference this week in New York. LaMoreaux said she overhauled entry-level job descriptions for software developers and other roles to make the case internally for the recruitment push. "The entry-level jobs that you had two to three years ago, AI can do most of them," she said at Charter's Leading With AI Summit. "So, if you're going to convince your business leaders that you need to make this investment, then you need to be able to show the real value these individuals can bring now. And that has to be through totally different jobs."

Read more of this story at Slashdot.

Keyfactor has partnered with IBM Consulting to enable organizations to accelerate adoption of post-quantum cryptography (PQC) before existing legacy encryption schemes might be cracked later this decade. Under the terms of the non-exclusive alliance, the cryptographic discovery, public key infrastructure (PKI), digital signage and certificate lifecycle automation tools and platforms provided by Keyfactor will be..

The post Keyfactor Allies with IBM Consulting to Spur PQC Adoption appeared first on Security Boulevard.

Virtualisation is a lot older than you might think, with (one of?) the first implementation(s) being IBM’s VM/CMS, the line of operating systems that would grow to include things like System/370, System/390, all the way up until IBM/Z, which is still being developed and sold today; only recently IBM released the IBM z17 and z/OS 3.2, after all.

The VM series of operating systems is designed exclusively for mainframes, and works by giving every user their own dedicated virtual machine running on top of the Control Program, the hypervisor. Inside this virtual machine the user can run a wide variety of operating systems, from the simple, single-user classics like IBM’s Conversational Monitor System, to more complex systems like Linux or AIX.

Early versions of VM were released as open source and are now in the public domain, and enthusiasts have continued to build upon it and expand it, with the latest incarnations being the VM/370 Community Edition releases. They contain the Control Program and Conversational Monitor System, augmented by various fixes, improvements, and other additions. You can run VM in an emulator like Hercules, and continue on from there – but what, exactly, can you do with it?

That’s where Fun things to do with your VM/370 machine comes in. This article will give you an introduction to the system, and a number of first and later steps you can take while exploring this probably alien environment. If you’ve always dreamt of using an early IBM mainframe, this is probably the easiest way to do so, because buying one is a really, really bad idea.

IBM has released security updates to address a critical IBM API Connect vulnerability that could allow remote attackers to bypass authentication controls and gain unauthorized access to affected applications. The flaw, tracked as CVE-2025-13915, carries a CVSS 3.1 score of 9.8, placing it among the most severe vulnerabilities disclosed in recent months. According to IBM, the IBM API Connect vulnerability impacts multiple versions of the platform and stems from an authentication bypass weakness that could be exploited remotely without any user interaction or prior privileges. Organizations running affected versions are being urged to apply fixes immediately to reduce exposure.

CVE-2025-13915: IBM API Connect Authentication Bypass Explained

The vulnerability has been classified under CWE-305: Authentication Bypass by Primary Weakness, indicating a failure in enforcing authentication checks under certain conditions. IBM said internal testing revealed that the flaw could allow an attacker to circumvent authentication mechanisms entirely. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) highlights the seriousness of the issue. The attack can be carried out over the network, requires low attack complexity, and does not depend on user interaction. If exploited, it could result in a complete compromise of confidentiality, integrity, and availability within the affected IBM API Connect environment. IBM warned that a successful attack could grant unauthorized access to API Connect applications, potentially exposing sensitive data and backend services managed through the platform.

Affected IBM API Connect Versions

The IBM API Connect vulnerability affects specific versions within the 10.x release series. IBM confirmed that the following product versions are impacted:

• IBM API Connect V10.0.8.0 through V10.0.8.5
• IBM API Connect V10.0.11.0

API Connect is widely deployed in enterprise environments to manage APIs, control developer access, and secure integrations between internal and external services. As a result, vulnerabilities in the platform can have cascading effects across connected systems.

IBM Releases Fixes for IBM API Connect Vulnerability

To remediate CVE-2025-13915, IBM has issued interim fixes (iFixes) for all affected versions and strongly recommends that customers upgrade without delay. For the 10.0.8.x branch, fixes have been released for each affected sub-version, including 10.0.8.1, 10.0.8.2 (iFix1 and iFix2), 10.0.8.3, 10.0.8.4, and 10.0.8.5. IBM has also provided an interim fix for IBM API Connect V10.0.11.0. IBM emphasized that upgrading to the remediated versions is the most effective way to eliminate the authentication bypass risk associated with this vulnerability.

Workarounds and Mitigations for Unpatched Systems

For organizations unable to apply the fixes immediately, IBM has outlined a temporary mitigation to reduce risk. Administrators are advised to disable self-service sign-up on the Developer Portal, if that feature is enabled. While this measure does not fully address the IBM API Connect authentication bypass vulnerability, IBM said it can help minimize exposure until patching is completed. The company cautioned that workarounds should only be used as a short-term solution.

Why the IBM API Connect Vulnerability Matters

Authentication bypass vulnerabilities are particularly dangerous because they undermine one of the most fundamental security controls in enterprise applications. In API-driven environments, such flaws can provide attackers with a direct path to sensitive services, data stores, and internal systems. The vulnerability was published in the National Vulnerability Database (NVD) on December 26, 2025, and last updated on December 31, 2025, with IBM listed as the CNA and source. Given the critical severity rating, security teams are expected to prioritize remediation and review API access logs for any signs of unauthorized activity. Organizations running affected versions of IBM API Connect are urged to assess their deployments immediately and apply the recommended fixes to prevent potential exploitation.

Some people not only have a very particular set of skills, but also a very particular set of interests that happen to align with those skills perfectly. When several unidentified and mysterious IBM PC ROM chips from the 1980s were discovered on eBay, two particular chips’ dumped contents posed particularly troublesome to identify.

In 1985, the FCh model byte could only mean the 5170 (PC/AT), and the even/odd byte interleaving does point at a 16-bit bus. But there are three known versions of the PC/AT BIOS released during the 5170 family’s lifetime, corresponding to the three AT motherboard types. This one here is clearly not one of them: its date stamps and part numbers don’t match, and the actual contents are substantially different besides.

My first thought was that this may have come from one of those more shadowy members of the 5170 family: perhaps the AT/370, the 3270 AT/G(X), or the rack-mounted 7532 Industrial AT. But known examples of those carry the same firmware sets as the plain old 5170, so their BIOS extensions (if any) came in the shape of extra adapter ROMs. Whatever this thing was – some other 5170-type machine, a prototype, or even just a custom patch – it seemed I’d have to inquire within for any further clues.

↫ VileR at the int10h.org blog

I’ll be honest and state that most of the in-depth analysis of the code dumped from the ROM chips is far too complex for me to follow, but that doesn’t make the story it tells any less interesting. There’s no definitive, 100% conclusive answer at the end, but the available evidence collected by VileR does make a very strong case for a very specific, mysterious variant of the IBM PC being the likely source of the ROMs.

If you’re interested in some very deep IBM lore, here’s your serving.