Tag: cve
-
CVE Program Almost Unfunded
Mitre’s CVE’s program”, which provides common naming and other informational resources about cybersecurity vulnerabilities”, was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces…
-
CVE Program Stays Online as CISA Backs Temporary MITRE Extension
MITRE avoids CVE program shutdown with last-minute contract extension. Questions remain about long-term funding and the future of… First seen on hackread.com Jump to article: hackread.com/cve-program-online-cisa-temporary-mitre-extension/
-
Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems
A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide. The flaw, which enables NTLM hash disclosure through spoofing, allows attackers to harvest sensitive user credentials with minimal interaction, potentially leading to privilege escalation and full network compromise. Despite Microsoft releasing a…
-
Mitre CVE program regains funding as renewal deal reached
The information security industry feared a lapse would lead to industrywide exposures of software vulnerabilities. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-extend-funding-cve/745531/
-
CVE, global source of cybersecurity info, was hours from being cut by DHS
Board members have launched a nonprofit to take over the program from MITRE. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/crucial-cve-flaw-tracking-database-narrowly-avoids-closure-to-dhs-cuts/
-
CISA extends CVE program contract with MITRE for 11 months amid alarm over potential lapse
“The CVE Program is invaluable to the cyber community and a priority of CISA,” a CISA spokesperson said. “We appreciate our partners’ and stakeholders’ patience.” First seen on therecord.media Jump to article: therecord.media/cisa-extends-cve-program-contract-with-mitre
-
CVE program gets last-minute funding from CISA and maybe a new home
Uncertainty is the new certainty First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/cve_program_funding_save/
-
CISA Extends Support a Last Minute to CVE Program, Averting Global Cybersecurity Crisis
CISA announced an eleventh-hour contract extension with MITRE Corporation to maintain the Common Vulnerabilities and Exposures (CVE) program, narrowly avoiding a lapse in federal funding that threatened to destabilize vulnerability management worldwide. The move came just hours before the program’s expiration deadline on April 16, 2025, preserving a system that has served as the backbone…
-
CVE program averts swift end after CISA executes 11-month contract extension
Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-managementImportant update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
-
Sicherheits-Desaster: Trump stoppt mit DOGE die MITRE-Finanzierung; CVE-Datenbank eingestellt? Update: Es geht doch weiter
Eine schlechte Nachricht für die Cybersicherheit. Die US-Administration unter Präsident Donald Trump hat über deren DOGE-Programm wohl die Finanzierung von MITRE gestoppt, so dass die von dieser Organisation gepflegte CVE-Datenbank, die über Sicherheitslücken informiert, eingestellt werden muss. Nachtrag: Es hat … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/16/sicherheits-desaster-trump-stoppt-mit-doge-die-mitre-finanzierung/
-
Cybersecurity Alarms Sound Over Loss of CVE Program Funding
Board Members Announce Launch of ‘CVE Foundation’ to Secure Program’s Future. Warnings are being sounded over the risk to global cybersecurity posed by the imminent disruption or management shutdown of the Common Vulnerabilities and Exposures program. A fix could be forthcoming in the form of a new, stand-alone foundation, although its details and funding remain…
-
CISA reverses course, extends MITRE CVE contract
While the last-minute extension averts an immediate lapse in support, rival organizations are being stood up to supplant the global vulnerability system. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-reverses-course-extends-mitre-cve-contract/
-
MITRE Crisis: CVE Cash Ends TODAY, CISA says ‘No Lapse’
These are “interesting” times: U.S. government funding for the Common Vulnerabilities and Exposures program expires April 16. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/mitre-cve-funding-crisis-richixbw/
-
CISA at the Last Minute Extends Funding for Crucial MITRE CVE Program
The Trump Administration is ending funding for MITRE’s crucial CVE database program, a move that promises to hobble cybersecurity efforts around the world. However, CVE Board members introduce a new nonprofit organizations free of government funding and oversight. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/government-funding-for-cve-program-ends-but-a-new-group-emerges/
-
Oracle April 2025 Critical Patch Update Addresses 171 CVEs
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates. Background On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security updates across 32 Oracle product…
-
Mitre warns over lapse in CVE coverage
Mitre, the operator of the world-renowned CVE repository, has warned of significant impacts to global cyber security standards, and increased risk from threat actors, as it emerges its US government contract will lapse imminently First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622813/MITRE-warns-over-lapse-in-CVE-coverage
-
CISA extends funding to ensure ‘no lapse in critical CVE services’
CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
-
Cybersecurity Alarms Sound as CVE Program Funding Ceases
Board Members Announce Launch of ‘CVE Foundation’ to Secure Program’s Future. Warnings are being sounded over the risk to global cybersecurity posed by the imminent disruption or management shutdown of the Common Vulnerabilities and Exposures program. A fix could be forthcoming in the form of a new, stand-alone foundation, although its details and funding remain…
-
Funding uncertainty may spell the end of MITRE’s CVE program
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/16/funding-uncertainty-may-spell-the-end-of-mitres-cve-program/
-
American Sigh
A long, long time ago I can still remember How those CVEs would make me smile And I knew if I had my chance To patch a vuln or take a stance Maybe we’d be secure for a while But April ides made me shiver With each leaked memo and press release delivered Bad news……
-
Sicherheits-Desaster: Trump stoppt mit DOGE die MITRE-Finanzierung; CVE-Datenbank eingestellt
Eine schlechte Nachricht für die Cybersicherheit. Die US-Administration unter Präsident Donald Trump hat über deren DOGE-Programm wohl die Finanzierung von MITRE gestoppt, so dass die von dieser Organisation gepflegte CVE-Datenbank, die über Sicherheitslücken informiert, eingestellt werden muss. Ankündigung der MITRE … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/16/sicherheits-desaster-trump-stoppt-mit-doge-die-mitre-finanzierung/
-
CVE-Finanzierung unklar: Datenbank für kritische Sicherheitslücken gefährdet
Tags: cveFür die Fortsetzung des CVE-Programms, der internationalen Datenbank für Sicherheitslücken, stehen keine finanziellen Mittel mehr zur Verfügung. First seen on golem.de Jump to article: www.golem.de/news/cve-finanzierung-unklar-datenbank-fuer-kritische-sicherheitsluecken-gefaehrdet-2504-195410.html
-
Chaos Reigns as MITRE Set to Cease CVE and CWE Operations
Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chaos-reigns-mitre-cease-cve-cwe/
-
Cybersicherheit – USA stellen Finanzierung des CVE-Programms ein
Heute endet die zwischen der US-Regierung und MITRE geschlossene Finanzierung des CVE-Programms, was deutliche Auswirkungen haben könnte. First seen on computerbase.de Jump to article: www.computerbase.de/news/wirtschaft/cybersicherheit-usa-stellen-finanzierung-des-cve-programms-ein.92215
-
U.S. Govt. Funding for MITRE’s CVE Ends April 16, Cybersecurity Community on Alert
The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem.The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard…
-
MITRE warns that funding for critical CVE program expires today
MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mitre-warns-that-funding-for-critical-cve-program-expires-today/
-
MITRE Ends CVE Program Support Leaked Internal Memo Confirms Departure
A leaked internal memo dated April 15, 2025, has sent shockwaves through the cybersecurity community, revealing that MITRE’s contract to operate the Common Vulnerabilities and Exposures (CVE) program is set to expire today, April 16, 2025. The letter, reportedly obtained from a reliable source and addressed to CVE Board Members, is signed by Yosry Barsoum,…
-
MITRE CVE Program Funding Set To Expire
Tags: cve, cvss, cybersecurity, data, github, identity, intelligence, mitre, monitoring, nist, technology, update, vulnerability, vulnerability-managementMITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged. Background On April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along…
-
CVE program faces swift end after DHS fails to renew contract, leaving security flaw tracking in limbo
Tags: china, cisa, cve, cyber, cybersecurity, data, detection, endpoint, flaw, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, technology, threat, vulnerability, vulnerability-managementMITRE’s CVE program foundational to cybersecurity: MITRE’s CVE program is a foundational pillar of the global cybersecurity ecosystem and is the de facto standard for identifying vulnerabilities and guiding defenders’ vulnerability management programs. It provides foundational data to vendor products across vulnerability management, cyber threat intelligence, security information, event management, and endpoint detection and response.Although…