Skip to content
The Nexus
DossierENTITY

CVE

Coverage of CVE in the Nexus archive.

Earliest in view: Apr 14 · 20:40 UTCMost recent: May 27 · 16:11 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 27 · 16:11 UTCDARK READING
    AI-Assisted Exploit Development Outpaces Scanner Detection

    Attackers are leveraging AI to significantly accelerate the creation of exploits for CVEs, as reported in new research. This advancement outpaces the ability of existing security scanners to detect these threats.

  • SECURITYMay 12 · 18:12 UTCHACKER NEWS
    CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq

    CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq, a software used for domain name management and other network services. The vulnerabilities pose significant risks to users, and the release of these CVEs aims to inform and protect them. The article discussing this issue has garnered comments and attention online.

  • SECURITYMay 8 · 21:23 UTCHACKER NEWS
    Non-determinism is an issue with patching CVEs

    The article discusses non-determinism as an issue with patching CVEs, highlighting the challenges of achieving rapid CVE remediation in an era of escalating vulnerabilities. The post is available on the flox.dev blog and has garnered comments on news.ycombinator.com. The topic has received 17 points and 5 comments.

  • SECURITYMay 7 · 17:45 UTCTHE HACKER NEWS
    PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

    Cybersecurity researchers have discovered a new credential theft framework called PCPJack that targets exposed cloud infrastructure and steals credentials from various services. The framework exploits five CVEs to spread worm-like across cloud systems. It harvests credentials and exfiltrates data through attacker-controlled infrastructure.

  • SECURITYMay 5 · 14:00 UTCBLEEPING COMPUTER
    The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.

    Critical vulnerabilities can exist in open source software that scanners don't check, creating blind spots in CVE feeds and SCA tools. HeroDevs offers a free end-of-life scan for projects. EOL software is a significant security risk.

  • SECURITYMay 5 · 14:00 UTCBLEEPING COMPUTER
    The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss

    Critical vulnerabilities exist in open source software that scanners don't check, creating blind spots in CVE feeds and SCA tools. HeroDevs offers a free end-of-life scan for projects. EOL software poses a significant security risk.

  • SECURITYApr 17 · 15:09 UTCHACKER NEWS
    NIST gives up enriching most CVEs

    NIST has decided to stop enriching most Common Vulnerabilities and Exposures (CVEs), shifting focus from detailed vulnerability descriptions to maintaining core identifiers. This change may impact how organizations track and prioritize security risks.

  • SECURITYApr 17 · 07:14 UTCTHE HACKER NEWS
    NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

    The National Institute of Standards and Technology (NIST) has adjusted its CVE enrichment process in the National Vulnerability Database (NVD) due to a 263% surge in vulnerability submissions. Only CVEs meeting specific criteria will now be enriched, while others will remain listed without additional details.

  • SECURITYApr 16 · 21:47 UTCDARK READING
    NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities

    The National Institute of Standards and Technology (NIST) has updated its CVE framework to prioritize high-impact vulnerabilities, shifting focus toward software flaws with the greatest potential for harm. This change aims to improve vulnerability remediation strategies by emphasizing critical risks.

  • TECHNOLOGYApr 15 · 21:33 UTCTHE REGISTER
    Anthropic's Project Glasswing CVE tally is still anyone's guess

    Anthropic's Project Glasswing involves over 50 companies testing its Mythos model for security vulnerabilities, but the exact number of discovered issues remains unclear. The initiative aims to identify security flaws in participants' products using the advanced LLM, though results are still uncertain.

  • SECURITYApr 14 · 20:40 UTCTHE REGISTER
    Microsoft's massive Patch Tuesday: It's raining bugs

    Microsoft released a major security update addressing 164 vulnerabilities, including a spoofing flaw in SharePoint Server exploited by attackers before the patch. A disclosed CVE highlights ongoing security risks despite the patch release.

CVE · Dossier · The Nexus