Tag: nist
-
NIST will test three major tech firms’ frontier AI models for cybersecurity risks
After Anthropic’s announcement of Claude Mythos, agencies across the government are racing to get ahead of new AI models’ potential dangers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-ai-model-testing-caisi-google-microsoft/819452/
-
AI finds 20-year-old bugs in PostgreSQL and MariaDB
Tags: ai, breach, credentials, cve, exploit, flaw, github, injection, nist, rce, remote-code-execution, sql, vulnerabilityInadequate JSON parsing allowed RCE on the MariaDB server: In MariaDB, a buffer overflow bug, tracked as CVE-2026-32710, was found in the JSON_SCHEMA_VALID() function using Xint Code. The vulnerability allows an authenticated user to trigger a crash, which, under controlled conditions, could be escalated into remote code execution.Compared to the PostgreSQL flaws, exploitation here is…
-
Cyberresilienz: Ausfallzeiten nach Sicherheitsverstoß minimieren
Ausfallzeiten sind der entscheidende Schadenstreiber nicht nur der Angriff selbst, sondern die Dauer der Wiederherstellung bestimmt die Gesamtkosten. Prävention genügt nicht mehr Unternehmen müssen gleichermaßen in Erkennung, Reaktion und Wiederherstellung investieren. NIST CSF 2.0 bietet ein klares Resilienz”‘Framework Govern, Identify, Protect, Detect, Respond, Recover strukturieren Risiken und Prioritäten. Detect, Respond und Recover… First seen on…
-
Cyberresilienz:Ausfallzeiten nach Sicherheitsverstoß minimieren
Ausfallzeiten sind der entscheidende Schadenstreiber nicht nur der Angriff selbst, sondern die Dauer der Wiederherstellung bestimmt die Gesamtkosten. Prävention genügt nicht mehr Unternehmen müssen gleichermaßen in Erkennung, Reaktion und Wiederherstellung investieren. NIST CSF 2.0 bietet ein klares Resilienz”‘Framework Govern, Identify, Protect, Detect, Respond, Recover strukturieren Risiken und Prioritäten. Detect, Respond und Recover… First seen on…
-
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI
Tags: access, ai, api, attack, automation, business, ciso, compliance, control, cve, cybersecurity, data, exploit, framework, group, identity, Internet, login, nist, okta, service, supply-chain, threat, update, vulnerability, vulnerability-managementDetecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider, automating the hunt for asset owners in seconds. Key takeaways The accountability gap is the real bottleneck. Finding a vulnerability…
-
NIST Cybersecurity Framework for UK SMEs: A Practical Guide to Identify, Protect, Detect, Respond, and Recover
NIST Cybersecurity Framework for UK SMEs: A Practical Guide to Identify, Protect, Detect, Respond, and Recover The NIST Cybersecurity Framework is a useful way to organise cybersecurity work around business risk. For UK SMEs, that matters because most teams do not have the time or budget to do everything at once. A framework gives you……
-
NIST Cybersecurity Framework for UK SMEs: A Practical Guide to Identify, Protect, Detect, Respond, and Recover
NIST Cybersecurity Framework for UK SMEs: A Practical Guide to Identify, Protect, Detect, Respond, and Recover The NIST Cybersecurity Framework is a useful way to organise cybersecurity work around business risk. For UK SMEs, that matters because most teams do not have the time or budget to do everything at once. A framework gives you……
-
From Shadow AI to Full Control: FireTail’s Q1 2026 Updates FireTail Blog
Apr 28, 2026 – Timo Rüppell – Most security teams have accepted a hard truth in recent months. AI has already arrived in your organization. It resides in your codebase, runs in your cloud infrastructure, and is likely open in a nearby browser tab right now.The question is no longer whether to let AI in.…
-
Änderungen an der NVD – NIST reagiert auf Schwachstellen-Flut
First seen on security-insider.de Jump to article: www.security-insider.de/nist-priorisiert-cves-nvd-risikobasiertes-modell-a-b62bfc43745006c9f34e3a70de0332f2/
-
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
Tags: 2fa, access, attack, authentication, awareness, breach, communications, compliance, control, credentials, data, defense, detection, email, finance, framework, identity, incident response, login, mfa, microsoft, monitoring, nist, passkey, phishing, risk, service, threat, tool, trainingThe 3 controls that close the gap: Control #1: Bind sessions to managed devices The most impactful single control for session security is requiring managed, compliant devices as a condition of accessing sensitive resources. When access policies, such as Microsoft Entra Conditional Access, require that the device presenting a session token is enrolled, managed and…
-
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-dayNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
-
AI Security Questionnaires: Why Most Startups Fail (And the Trust Stack That Fixes It)
AI Security Questionnaires: Why Most Startups Fail (And the Trust Stack That Fixes It) It’s Monday. Your enterprise prospect just sent a 312-question security questionnaire. Forty of those questions are about AI, model bias, training data lineage, ISO 42001, NIST AI RMF. Your Series B closes in six weeks. You don’t have answers. You’re…The post…
-
NIST Scales Back Vulnerability Scoring in 2026 as CVE Volume Surges
NIST is scaling back NVD enrichment as CVE volumes surge, shifting more risk prioritization to organizations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/nist-scales-back-vulnerability-scoring-in-2026-as-cve-volume-surges/
-
NIST Adopts Risk-Based NVD Model as CVE Submissions Jump 263% Since 2020
According to a recent announcement from the National Institute of Standards and Technology (NIST), the agency is fundamentally restructuring how it manages the National Vulnerability Database (NVD). Driven by a massive 263% increase in Common Vulnerabilities and Exposures (CVE) submissions between 2020 and 2025, NIST is shifting from a comprehensive analysis approach to a targeted,…
-
NIST to stop rating non-priority flaws due to volume increase
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nist-to-stop-rating-non-priority-flaws-due-to-volume-increase/
-
Surging CVE disclosures force NIST to shake up workflows
NIST announces big changes to the way it categorises and manages CVEs, set to have a big impact on how organisations manage patching and remediation. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641916/Surging-CVE-disclosures-force-NIST-to-shake-up-workflows
-
How NIST’s Cutback of CVE Handling Impacts Cyber Teams
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST’s decision to cut back on CVE data enrichment. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/nist-cutbacks-nvd-handling-impacts-cyber-teams
-
NIST, Overrun by Massive Numbers of Submitted CVEs, Limits Analysis Work
NIST said it overwhelmed by the surge in the number of CVEs submissions in recent years, so it is paring back the analysis work it does on the dangerous security flaws. Security experts say the number of new vulnerabilities detected will only grow during the AI era and that the private sector will need to…
-
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-revamps-cve-framework-to-focus-on-high-impact-vulnerabilities
-
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions.”CVEs that do not meet those criteria will still be listed…
-
NIST limits vulnerability analysis as CVE backlog swells
The agency will stop adding detailed information to vulnerabilities that don’t meet certain criteria. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-vulnerability-analysis-criteria-nvd-cve/817683/
-
NIST cuts down CVE analysis amid vulnerability overload
Tags: ai, automation, awareness, ceo, cve, cybersecurity, defense, exploit, flaw, government, group, incident response, nist, software, technology, threat, update, vulnerability, zero-daySOURCE: www.cve.org/about/Metrics CSOAs a result, NIST will now forego enrichment for all but the most critical of vulnerabilities.Backlogged CVEs received prior to March 1 will also be labeled “not scheduled.” None of those are critical vulnerabilities, NIST said, because those have always been handled first.”They’ve just come out and publicly stated, ‘We are never going…
-
NIST to limit work on CVE entries as submissions surge
NIST said it will only add details and information to the records of vulnerabilities that meet a certain threshold, changing a longstanding mission to categorize every CVE, which stands for cybersecurity vulnerabilities and exposures. First seen on therecord.media Jump to article: therecord.media/nist-to-limit-work-on-cve-entries-surge
-
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
The National Vulnerability Database will now only analyze vulnerabilities in critical software, systems used in the federal government and those under active exploitation. First seen on cyberscoop.com Jump to article: cyberscoop.com/nist-narrows-cve-analysis-nvd/
-
NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward
NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes >>enrichment<< of only the most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/nist-national-vulnerability-database-nvd-enrichment/
-
How AI is transforming threat detection
Tags: ai, attack, automation, best-practice, business, ceo, cisa, cve, cyber, data, detection, email, endpoint, framework, google, governance, group, incident response, intelligence, international, jobs, kev, malware, network, nist, organized, phishing, risk, skills, soc, switch, technology, threat, toolReducing alert fatigue: In alert triage, AI agents are reducing alert fatigue by clustering alert patterns and enabling risk-based prioritization, adds Dipto Chakravarty, chief product and technology officer at Black Duck.For example, natural language processing agents can summarize threat alerts at scale and correlate them with threat intel feeds such as CVE.org and the CISA KEV Catalog,…
-
LLM-generated passwords are indefensible. Your codebase may already prove it
Temperature is not a remedy: A reflexive objection from practitioners familiar with LLM configuration holds that increasing sampling temperature would attenuate these distributional biases by flattening the probability landscape from which characters are drawn. Irregular’s empirical results are unambiguous in refuting this intuition. Testing conducted at temperature 1.0, the maximum setting on Claude, produces no…
-
The tabletop exercise grows up
would do. They do not do it.Every experienced facilitator knows the moment: someone in the room challenges the premise and the facilitator asks participants to “suspend disbelief.” That phrase should give us pause. If the scenario requires suspension of disbelief, it is not building preparedness. It is building familiarity with a document.The gap between documentation…
-
Lattice-based Cryptographic Integration for MCP Transport Layers
Learn how to implement lattice-based PQC for MCP transport layers. Protect AI infrastructure from quantum threats with NIST ML-KEM and ML-DSA standards. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/lattice-based-cryptographic-integration-for-mcp-transport-layers/