Explore

Rapid Read Rapid Read
NIST Updates NVD Operations to Prioritize Critical CVEs

NIST Updates NVD Operations to Prioritize Critical CVEs

The National Institute of Standards and Technology (NIST) has announced changes to its National Vulnerability Database (NVD) operations to better manage the influx of new Common Vulnerabilities and Exposures (CVEs). The update involves adopting a risk-based model for enriching CVE entries, focusing on those in the CISA Known Exploited Vulnerabilities (KEV) catalog and critical software used by federal agencies. This shift is driven by a significant increase in CVE submissions, which rose by 263% from 2020 to 2025. NIST aims to prioritize critical CVEs to manage the growing backlog and improve the efficiency of its operations.
Rapid Read Rapid Read
NIST Adjusts CVE Analysis Focus Amid Rising Vulnerability Submissions

NIST Adjusts CVE Analysis Focus Amid Rising Vulnerability Submissions

The National Institute of Standards and Technology (NIST) has announced a strategic shift in its approach to analyzing security vulnerabilities due to an overwhelming increase in submissions. The agency will now prioritize Common Vulnerabilities and Exposures (CVEs) that are listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerabilities catalog, as well as software used in federal government operations and critical software defined under Executive Order 14028. This decision comes as NIST aims to achieve long-term sustainability for its National Vulnerability Database (NVD), which has faced challenges such as a funding lapse in early 2024. The backlog of unenriched CVEs has continued to grow, with submissions increasing by 263% from 2020 to 2025. In the first quarter of 2026 alone, submissions were nearly one-third higher than the same period in the previous year.
Rapid Read Rapid Read
NIST Adjusts CVE Analysis Priorities Amid Rising Vulnerability Submissions

NIST Adjusts CVE Analysis Priorities Amid Rising Vulnerability Submissions

The National Institute of Standards and Technology (NIST) has announced a strategic shift in its approach to analyzing security vulnerabilities due to an overwhelming increase in submissions. The agency will now prioritize vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency's catalog, those used in federal government software, and critical software as defined by Executive Order 14028. This decision comes after a significant backlog of vulnerabilities accumulated following a funding lapse in 2024. NIST aims to focus on vulnerabilities with the greatest potential for widespread impact, while others will still be listed but not automatically enriched with additional details.
Rapid Read Rapid Read
CISA Warns of Exploited Windows Task Host Vulnerability Threatening U.S. Systems

CISA Warns of Exploited Windows Task Host Vulnerability Threatening U.S. Systems

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to U.S. government agencies regarding a vulnerability in the Windows Task Host that could allow attackers to gain SYSTEM privileges. This vulnerability, identified as CVE-2025-60710, affects Windows 11 and Windows Server 2025 devices and was patched by Microsoft in November 2025. The flaw allows local attackers with basic user permissions to escalate their privileges through low-complexity attacks. CISA has added this vulnerability to its catalog of actively exploited vulnerabilities and has mandated that Federal Civilian Executive Branch agencies secure their systems within two weeks. Although the directive primarily applies to federal agencies, CISA has urged all organizations, including those in the private sector, to apply the necessary patches to protect their networks.
Rapid Read Rapid Read
ENISA Seeks Top-Tier Status in CVE Program to Enhance Cybersecurity Role

ENISA Seeks Top-Tier Status in CVE Program to Enhance Cybersecurity Role

The European Union's Cybersecurity Agency, ENISA, is working to strengthen its involvement with the US-funded Common Vulnerabilities and Exposures (CVE) program. Nuno Rodrigues Carvalho, head of sector for Incidents and Vulnerability Services at ENISA, announced at VulnCon26 in Scottsdale, Arizona, that the agency is being onboarded by the US Cybersecurity and Infrastructure Security Agency (CISA) to become a top-level root CVE Numbering Authority (TL-Root CNA). This status would allow ENISA to manage the CVE Program alongside CISA and MITRE, setting global policies and ensuring consistency across all Root CNAs and CNAs. ENISA aims to achieve this status by 2026 or early 2027, expanding its operational leverage and influence in policy and administrative decision-making within the program.
Rapid Read Rapid Read
CISA Advocates for Greater AI Company Involvement in CVE Program Amid Rising Vulnerability Reports

CISA Advocates for Greater AI Company Involvement in CVE Program Amid Rising Vulnerability Reports

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is advocating for increased involvement of artificial intelligence (AI) companies in the Common Vulnerabilities and Exposures (CVE) program. Lindsey Cerkovnik, chief of the Vulnerability Response & Coordination Branch at CISA, emphasized the need for AI companies like OpenAI and Anthropic to play a larger role in software vulnerability disclosures. This call comes as the CVE program, managed by MITRE and sponsored by CISA, experiences a rapid increase in reported vulnerabilities. The introduction of new AI tools is expected to further accelerate this growth. Recently, Anthropic launched the Claude Mythos Preview, a large language model designed to autonomously identify and fix cybersecurity vulnerabilities. Similarly, OpenAI released GPT-5.4-Cyber, a version of its AI model fine-tuned for cybersecurity applications. These developments highlight the potential for AI to significantly impact the identification and management of software vulnerab...
Trendline Trendline
CISA Advocates for Greater AI Involvement in Vulnerability Disclosure Program

CISA Advocates for Greater AI Involvement in Vulnerability Disclosure Program

CISA Advocates for Greater AI Involvement in Vulnerability Disclosure Program
Rapid Read Rapid Read
ENISA Seeks Top-Level Role in U.S.-Funded CVE Program to Enhance Cybersecurity Coordination

ENISA Seeks Top-Level Role in U.S.-Funded CVE Program to Enhance Cybersecurity Coordination

The European Union's Cybersecurity Agency, ENISA, is working to strengthen its involvement in the U.S.-funded Common Vulnerabilities and Exposures (CVE) program. Nuno Rodrigues Carvalho, head of sector for Incidents and Vulnerability Services at ENISA, announced at VulnCon26 in Scottsdale, Arizona, that the agency is being onboarded by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to become a top-level root CVE Numbering Authority (TL-Root CNA). This status would allow ENISA to manage the CVE Program alongside CISA and MITRE, setting global policies and ensuring consistency across all Root CNAs and CNAs. ENISA aims to achieve this status by 2026 or early 2027. The agency has been a CVE Numbering Authority since 2024 and a root CNA since 2025, overseeing and coordinating multiple CNAs within Europe.
Rapid Read Rapid Read
17-Year-Old Excel Vulnerability Exploited by Cyber Threat Actors

17-Year-Old Excel Vulnerability Exploited by Cyber Threat Actors

A 17-year-old vulnerability in Microsoft Excel is being actively exploited by cyber threat actors, according to a report by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The exploit, which allows remote code execution via a crafted Excel document, was initially discovered in 2009 and has a severity score of 8.8. Despite being patched by Microsoft, the vulnerability has resurfaced, prompting CISA to demand a new patch within two weeks. Additionally, a new exploit involving Microsoft Office SharePoint has been identified, with a severity score of 6.5, highlighting ongoing cybersecurity challenges.
Rapid Read Rapid Read
Congress Faces Cybersecurity Challenges Amid AI Model Developments

Congress Faces Cybersecurity Challenges Amid AI Model Developments

Congress is grappling with the need to enhance the nation's cybersecurity infrastructure in response to new sophisticated AI models like Anthropic's Mythos. The model has been identified as a 'supply chain risk,' preventing its use at the Pentagon, following a decision by the D.C. Circuit Court of Appeals. Rep. Vince Fong (R-California), a member of the House Homeland Security Committee, highlights the increasing cyberattacks on California's shipping ports and the anticipated challenges during the upcoming Olympics. The Cybersecurity and Infrastructure Security Agency (CISA) has faced budget cuts, impacting its ability to address these threats effectively. The situation underscores the urgency for Congress to allocate resources to institutions like the Center for AI Standards and Innovation, which evaluates AI systems for potential risks.
Trendline Trendline
Industrial Giants Release New Security Advisories on ICS Patch Tuesday

Industrial Giants Release New Security Advisories on ICS Patch Tuesday

Industrial Giants Release New Security Advisories on ICS Patch Tuesday
Trendline Trendline
Adobe Addresses Critical Vulnerabilities Across Multiple Products to Enhance Security

Adobe Addresses Critical Vulnerabilities Across Multiple Products to Enhance Security

Adobe Addresses Critical Vulnerabilities Across Multiple Products to Enhance Security