#vulnerabilities

Seven new GNAs have been registered on GCVE.EU !

We're glad to see the community grow and are open to new GNA applications

JSON https://gcve.eu/dist/gcve.json
Why and How to become a GNA https://gcve.eu/about/#eligibility-and-process-to-obtain-a-gna-id

#cve #gcve #vulnerabilities #cybersecurity

Latest issue of my curated #cybersecurity and #infosec list of resources for week #17/2025 is out!

It includes the following and much more:

Two top officials from #CISA resigned;

U.S. Defense Secretary Pete Hegseth caught in another information leak;

Yearly Threat Intelligence Reports Released;

U.S. lost record $16.6 billion to #cybercrime in 2024;

5.5 Million Patients Affected by #DataBreach at Yale New Haven Health;

VulnCheck spotted 159 actively exploited #vulnerabilities in first few months of 2025;

FBI is seeking public help to identify Chinese hackers known as #SaltTyphoon and offers $10 million reward;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-17-2025

A Python client for the Global CVE Allocation System has been released.

by @cedric

#cve #gcve #vulnerabilities #vulnerability

https://github.com/gcve-eu/gcve

Threat Actors Don’t Care About Your Compliance Score
https://youtu.be/mYsSUR6z6BA . #cybersecurity #GRC #audits #documentation #threatactors #vulnerabilities #threathunting #riskmanagent #compliance #NIST #CMMC

The first publication of the GCVE-BCP-01 - Signature Verification of the Directory File

More information about BCP https://gcve.eu/bcp/
GCVE-BCP-01 https://gcve.eu/bcp/gcve-bcp-01/

#cve #vulnerabilities #cybersecurity #vulnerability #gcve

This story about Blue Shield CA reminds me of this report that @mttaggart shared.

Misconfigured junk is WAAAY more of a problem than zero days and the “new hotness” #vulnerabilities.

#vulnerabilitymanagement #zeroday
#infosec
#privacy

https://techcrunch.com/2025/04/23/blue-shield-of-california-shared-the-private-health-data-of-millions-with-google-for-years/

https://infosec.exchange/@mttaggart/114025208861027400

While digging into some #Fortinet vulnerabilities, I discovered a set of CVEs that were rejected for being unused.

I'm wondering how this is actually helping vulnerability management. Does this mean those will be never used? or something else?

#vulnerability #cve #vulnerabilities

https://vulnerability.circl.lu/vuln/cve-2025-46221

Fresh Windows NTLM Vulnerability Exploited in Attacks – Source: www.securityweek.com https://ciso2ciso.com/fresh-windows-ntlm-vulnerability-exploited-in-attacks-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #vulnerabilities #securityweekcom #securityweek #Exploited #FEATURED #Windows #NTLM

'Stupid and Dangerous': #CISA Funding Chaos Threatens Essential #Cybersecurity Program

The #CVE Program is the primary way software #vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.

https://www.wired.com/story/cve-program-cisa-funding-chaos/

Yay! Had a blast at #NodeCongress talking about threat models, #vulnerabilities, and #Nodejs weirdness

Full talk here
https://gitnation.com/contents/what-is-a-vulnerability-and-whats-not-making-sense-of-nodejs-and-express-threat-models

@owasp calls for a new #federated system for tracking and reporting on #vulnerabilities.

https://owasp.org/blog/2025/04/17/owasp-global-vulnerability-intelligence.html

#vulnerability #cybersecurity #security #infosec

Please make sure to update your devices!

Update Now: iOS 18.4.1 and macOS Sequoia 15.4.1 Address Actively Exploited Vulnerabilities

https://www.macrumors.com/2025/04/16/ios-18-4-1-security-fixes/

#Apple #iOS #macOS #Sequoia #Exploits #Vulnerabilities #Security #InfoSec #Tech

MITRE’s CVE program faced abrupt shutdown after DHS contract expired, but CISA stepped in with an 11-month extension to maintain continuity in vulnerability tracking.

https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html

#infosec #cybersecurity #vulnerabilities #CVE

Nach dem drohenden Aus der #CVE-Liste startet die EU mit der eigenen Schwachstellendatenbank #EUVD.

Die Plattform der der EU-#Cybersicherheitsbehörde #ENISA soll laut NIS2-Richtlinie für mehr IT-Sicherheit in Europa sorgen.

Parallel arbeiten Initiativen an dezentralen und unabhängigen Lösungen. Eine mögliche Vertragsverlängerung durch die US-Behörde #CISA könnte den Dienst vorerst sichern.

https://www.heise.de/news/Nach-drohendem-CVE-Aus-Schwachstellendatenbank-der-EU-geht-an-den-Start-10354324.html

#Cybersecurity #Sicherheitslücken #ITSecurity #Vulnerabilities #CVEFoundation

CVE Program Almost Unfunded

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to <a href="https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-... https://www.schneier.com/blog/archives/2025/04/cve-program-almost-unfunded.html

#nationalsecuritypolicy #vulnerabilities #Uncategorized #cybersecurity #DHS

MITRE CVE Contract Extended Just Before Expiration https://thecyberexpress.com/mitre-cve-contract-extended-before-expiration/ #TheCyberExpressNews #TheCyberExpress #Vulnerabilities #FirewallDaily #cybersecurity #CyberNews #MITRE #CISA #CVE #NVD

https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-funding
#cybersecurity #vulnerabilities #CVE #CWE #MITRE #government #defunding

The backbone of vulnerability tracking may be about to snap.

MITRE’s federal contract for managing the CVE program expires April 16 — with no confirmed renewal.

Without it, we risk:
A breakdown in standardized vulnerability tracking
Global coordination gaps
Increased exposure to unpatched threats

Cybersecurity doesn’t work without CVE. Leadership must step up before this vital resource goes dark.

#CyberSecurity #CVE #RiskManagement #Vulnerabilities #Leadership
https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-funding

I posted the above because I find it insane that many major companies are requesting their employees to use such dangerous products as Microsoft offerings, especially 365 and even more so with Copilot.
Outside of jobs but for some productions and personal projects I only past used AmigaOS, IRIX, SunOS, Oracle Solaris, various versions of macOS (Classic & Darwin), and a few Linux distributions such as Red Hat with KDE or GNOME. Microsoft has always been a no-go for me, and this company does everything to remain away from me forever.

#Copilot #microsoft #vulnerabilities #privacy #GDPR #CrapOS #OperatingSystems #OS #software #Clouds

PHP Core Security Audit Results

For the 4 notable CVEs, one is not published.

CVE-2024-8928: Memory-related vulnerability in PHP’s filter handling, leading to segmentation faults.

#php #vulnerability #vulnerabilities

https://vulnerability.circl.lu/bundle/9bbd91e2-309f-4b35-9b31-fc613b3101d9