Fosstodon @fosstodon

271 posts202 participants7 posts today

**todb** @todb@infosec.exchange · 20m

#CVE Foundation just dropped a FAQ.

https://www.thecvefoundation.org/frequently-asked-questions

Also, just FYI, I’ve been helping with the Foundation setup and goals articulation and logistics for the last few weeks. I didn’t expect we’d pull the trigger on being public this week, precisely, but here we are!

I’m not employed there or anything (I work at @runZeroInc) but since I care about CVE, I want to do what I can to make sure it thrives and we don’t wind up back again with 15 competing standards for #vulnerability tracking if USG funding goes poof! one day (or other single-source-funding style disasters).

Anyway, back to my ill-timed family vacation. I’ll be more online next week. :)

www.thecvefoundation.orgCVE Foundation - Frequently Asked QuestionsWhat do you believe? We believe that CVEs are the cornerstone of cybersecurity defense. Without a common language to communicate about vulnerabilities, chaos follows. This is why the CVE Program was created 25 years ago and it is even more true today. We believe in a free, publicly available

**Arie van Deursen** @avandeursen@mastodon.acm.org · 1h *

1h *

Arie van Deursen @avandeursen@mastodon.acm.org

As part of the 2022 EU NIS2 directive, the EU agency for cybersecurity (ENISA) has been setting up the EU Vulnerability Database (EUVD) at https://euvd.enisa.europa.eu/ (now in beta).

Started as a collaboration with MITRE's authoritative CVE database, EUVD may now end up replacing it, as US funding for the CVE database has stopped.

euvd.enisa.europa.euVulnerability DatabaseWeb site created using create-react-app

#enisa #euvd #cve

**Björn Winkler** @coke4all@mastodon.social · 2h

Björn Winkler @coke4all@mastodon.social

in letzter Sekunde gerettet: US-Cybersicherheitsbehörde CISA hat den Betrieb der CVE-Datenbank (Liste aller gemeldeten IT-Sicherheitslücken) für die nächsten 11 Monate sichergestellt; Alternativen von EU und Luxemburg ...

#cve #itsecurity #dpsvd33uus25

https://www.heise.de/news/Nach-drohendem-CVE-Aus-Schwachstellendatenbank-der-EU-geht-an-den-Start-10354324.html#google_vignette

heise online · 1dCVE-Aus abgewendet, Schwachstellendatenbank der EU geht an den Start

More from

Dr. Christopher Kunz

**FrankieTNG** @Frankietng@norden.social · 4h *

4h *

FrankieTNG @Frankietng@norden.social

#Mitre #cybersecurity #Trump Das Ende für #CVE ...

Hier ist die Übersetzung des Schreibens ins Deutsche:

MITRE – LÖSUNGEN FÜR EINE SICHERERE WELT

April 2025

Sehr geehrtes CVE-Vorstandsmitglied,

wir möchten Sie auf ein potenziell wichtiges Problem im Zusammenhang mit MITREs fortlaufender Unterstützung für CVE aufmerksam machen.

Am Mittwoch, dem 16. April 2025, läuft der aktuelle Vertragspfad aus, über den MITRE CVE sowie mehrere andere verwandte Programme, wie CWE, entwickelt, betrieben und modernisiert. Die Regierung bemüht sich weiterhin intensiv darum, MITREs Rolle zur Unterstützung des Programms fortzuführen.

Sollte es zu einer Unterbrechung des Dienstes kommen, erwarten wir mehrere Auswirkungen auf CVE, darunter eine Verschlechterung nationaler Schwachstellendatenbanken und -hinweise, Beeinträchtigungen für Tool-Anbieter, Maßnahmen zur Reaktion auf Vorfälle sowie alle Arten kritischer Infrastrukturen.

MITRE bleibt der Rolle von CVE als globale Ressource verpflichtet. Wir danken Ihnen als Mitglied des CVE-Vorstands für Ihre fortgesetzte Zusammenarbeit.

Mit freundlichen Grüßen

(Unterschrift)

Yosry Barsoum
Vizepräsident und Direktor
Center for Securing the Homeland (CSH)

7515 Colshire Drive ■ McLean, VA 22102-7539 ■ (703) 983-6000

Wenn du eine formellere oder lockerere Version brauchst, sag einfach Bescheid!

**ZeroDaily** @zerodaily@mastodon.social · 5h

ZeroDaily @zerodaily@mastodon.social

Windows NTLM flaw (CVE-2025-24054) is under active exploitation! Learn how this critical vulnerability impacts your security and what you can do to stay safe.

#CyberSecurity #InfoSec #ThreatIntel #Vulnerability #WindowsSecurity #CVE #ZeroDay #SecurityNews

Learn more: https://zerodaily.me/blog/2025-04-18-windows-ntlm-cve-2025-24054-under-active-exploitation

ZeroDaily - Cybersecurity News · 14hWindows NTLM Hash Leak CVE-2025-24054 Under Active Exploitation: Patch Now to Prevent Credential TheftA critical Windows vulnerability (CVE-2025-24054) is under active exploitation, allowing attackers to leak NTLM hashes and compromise credentials via phishing and malicious .library-ms files. Immediate patching is strongly recommended.

**PrivacyDigest** @PrivacyDigest@mas.to · 7h

PrivacyDigest @PrivacyDigest@mas.to

'Stupid and Dangerous': #CISA Funding Chaos Threatens Essential #Cybersecurity Program

The #CVE Program is the primary way software #vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.

https://www.wired.com/story/cve-program-cisa-funding-chaos/

WIRED · 1d‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity ProgramBy Lily Hay Newman

**Pyrzout** @jos1264@social.skynetcloud.site · 12h

12h

Pyrzout @jos1264@social.skynetcloud.site

Moving CVEs past one-nation control – Source: news.sophos.com https://ciso2ciso.com/moving-cves-past-one-nation-control-source-news-sophos-com/ #rssfeedpostgeneratorecho #SecurityOperations #CyberSecurityNews #ThreatResearch #nakedsecurity #nakedsecurity #FEATURED #featured #MITRE #CVE

CISO2CISO.COM & CYBER SECURITY GROUP · 12hMoving CVEs past one-nation control – Source: news.sophos.comSource: news.sophos.com - Author: Chester Wisniewski Sometimes you don’t know how much you will miss something until you (almost) lose it. That is certa

**Steele Fortress** @steelefortress@infosec.exchange · 21h

21h

Steele Fortress @steelefortress@infosec.exchange

The US government has decided to continue funding the Common Vulnerabilities and Exposures (CVE) program, crucial for tracking cybersecurity weaknesses. This move by CISA aims to enhance national security. How do you think this will impact vulnerability management? #cybersecurity #CVE

Read more: https://short.steelefortress.com/m8clej

Continued thread

**Matt "msw" Wilson** @msw@mstdn.social · 22h

22h

Matt "msw" Wilson @msw@mstdn.social

I frequently grump about what the #CVE system has become in practice. Folks may think that I’m not a proponent of the program. That’s not true at all. I’m an advocate for it, and for all those who pour their time and talent into it (often voluntarily).

But, IMO it is an overstatement to say that a CVE is a critical element in coordinating response to emerging vulnerabilities like heartbleed or log4shell. Embargoed critical vulns are rarely identified with CVEs among defenders.

#InfoSec #CVD

**ComputerBase** @ComputerBase@mastodon.social · 22h

22h

ComputerBase @ComputerBase@mastodon.social

Cybersicherheit: USA stellen Finanzierung des CVE-Programms ein (Update) https://www.computerbase.de/news/wirtschaft/cybersicherheit-usa-stellen-finanzierung-des-cve-programms-ein.92215/#update-2025-04-17T17:41 #cve #cybersicherheit

ComputerBase · 2dCybersicherheit: USA stellen Finanzierung des CVE-Programms einBy Michael Schäfer

Replied in thread

**Michal** @michal@vltava.cloud · 22h *

22h *

Michal @michal@vltava.cloud

@myfear
#cve
Who is owner of domain thecvefoundation.org?

**Marcus "MajorLinux" Summers** @majorlinux@toot.majorshouse.com · 22h

22h

Marcus "MajorLinux" Summers @majorlinux@toot.majorshouse.com

Saved at the final hour!

Security Database Used by Apple Goes Independent After Funding Cut [Updated]

https://www.macrumors.com/2025/04/16/security-database-used-apple-goes-independent/

#Security #Apple #CVE

**The New Oil** @thenewoil@mastodon.thenewoil.org · 23h

23h

The New Oil @thenewoil@mastodon.thenewoil.org

#CISA extends funding to ensure 'no lapse in critical #CVE services'

https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/

#cybersecurity #politics

**John Leonard** @johnleonard@mastodon.social · 23h

23h

John Leonard @johnleonard@mastodon.social

The US Cybersecurity and Infrastructure Security Agency (CISA) has moved to secure continued operations of the Common Vulnerabilities and Exposures (CVE) programme by extending its contract with MITRE, preventing a potentially disruptive lapse in critical cybersecurity services.

https://www.computing.co.uk/news/2025/security/cisa-extends-mitre-s-bug-tracking-funding-for-now

www.computing.co.ukCISA extends MITRE's CVE bug tracking funding – for nowRelents at the last moment to avert disruption to critical cybersecurity infrastructure

#mitre #cisa #infosec

**#cryptohagen** @cryptohagen@social.data.coop · 23h *

23h *

#cryptohagen @cryptohagen@social.data.coop

CISA extends MITRE-backed #CVE contract hours before its lapse

The Cybersecurity and Infrastructure Security Agency extended its contract for the MITRE-backed Common Vulnerabilities and Exposures Program late Tuesday night
https://www.nextgov.com/cybersecurity/2025/04/cisa-extends-mitre-backed-cve-contract-hours-its-lapse/404601/?oref=ng-homepage-river

Nextgov.comCISA extends MITRE-backed CVE contract hours before its lapse“Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services,” an agency spokesperson said.

**boB Rudis** @hrbrmstr@mastodon.social · 23h

23h

boB Rudis @hrbrmstr@mastodon.social

We're taking a first step to mitigate future damage from the irreparably broken, and IRL harmful legacy #CVE system by adding EUVD (https://euvd.enisa.europa.eu/) references to all formerly CVE-based tags.

I hope ENISA becomes a GCVE (https://gcve.eu/) CNA, soon, and starts to transition to a more stable vulnerability reference system/standard, free from U.S. government ineptness and vendor biases.

Gonna try to get all the EUVD URL refs added while y'all are boozing it up at RSA next week.

euvd.enisa.europa.euVulnerability DatabaseWeb site created using create-react-app