Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time 2026-04-15 at 10:02 By Mirko Zorz In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure […]
MITRE releases a shared fraud-cyber framework built from real attack data 2026-04-13 at 09:02 By Mirko Zorz Financial fraud losses in the United States reached $16.6 billion in 2024, up from $4.2 billion in 2020. Behind those numbers is a structural problem: the teams responsible for stopping fraud, fraud investigators and cybersecurity analysts, have historically
MITRE releases a shared fraud-cyber framework built from real attack data Read More »
MITRE Releases Fight Fraud Framework 2026-04-10 at 14:45 By Ionut Arghire The document provides a behavior-based model of the tactics and techniques employed by fraudsters. The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
MITRE Releases Fight Fraud Framework Read More »
The case for fixing CWE weakness patterns instead of patching one bug at a time 2026-04-07 at 09:24 By Mirko Zorz In this Help Net Security interview, Alec Summers, MITRE CVE/CWE Project Lead, discusses how CWE is moving from a background reference into active use in vulnerability disclosure. More CVE records now include CWE mappings
The case for fixing CWE weakness patterns instead of patching one bug at a time Read More »
MITRE Launches New Security Framework for Embedded Systems 2026-01-21 at 14:15 By Eduard Kovacs The Embedded Systems Threat Matrix (ESTM) aims to help organizations protect critical embedded systems. The post MITRE Launches New Security Framework for Embedded Systems appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
MITRE Launches New Security Framework for Embedded Systems Read More »
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities 2025-12-12 at 14:04 By Ionut Arghire XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities Read More »
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations 2025-12-11 at 16:25 By Eduard Kovacs Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates. The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations Read More »
MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS 2025-10-29 at 15:47 By Eduard Kovacs MITRE has unveiled the latest version of ATT&CK, with the most significant changes in the defensive part of the framework. The post MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS appeared first on SecurityWeek. This article is
MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS Read More »
CISA looks to partners to shore up the future of the CVE Program 2025-09-12 at 15:32 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that defenders
CISA looks to partners to shore up the future of the CVE Program Read More »
MITRE Updates List of Most Common Hardware Weaknesses 2025-08-22 at 10:52 By Ionut Arghire MITRE has updated the list of Most Important Hardware Weaknesses to align it with evolving hardware security challenges. The post MITRE Updates List of Most Common Hardware Weaknesses appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
MITRE Updates List of Most Common Hardware Weaknesses Read More »
MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats 2025-07-15 at 10:19 By Ionut Arghire The MITRE AADAPT framework provides documentation for identifying, investigating, and responding to weaknesses in digital asset payments. The post MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats Read More »
New MITRE framework takes aim at crypto threats 2025-07-14 at 21:51 By Industry News MITRE has introduced AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a new cybersecurity framework designed to tackle vulnerabilities in digital financial ecosystems, including cryptocurrency platforms. Modeled after the MITRE ATT&CK framework, AADAPT offers developers, policymakers, and financial institutions a structured
New MITRE framework takes aim at crypto threats Read More »
Kanvas: Open-source incident response case management tool 2025-07-09 at 07:31 By Mirko Zorz Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet of Doom) or similar files, so they can handle key tasks without jumping between different
Kanvas: Open-source incident response case management tool Read More »
Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques 2025-06-09 at 07:32 By Help Net Security Using the MITRE ATT&CK framework as a baseline, organizations are generally improving year-over-year in understanding security information and event management (SIEM) detection coverage and quality, but plenty of room for improvement remains, according to CardinalOps. MITRE ATT&CK enhances SOC
Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques Read More »
Inside MITRE ATT&CK v17: Smarter defenses, sharper threat intel 2025-05-19 at 07:04 By Help Net Security In this Help Net Security video, Adam Pennington, MITRE ATT&CK Lead, breaks down what’s new in the ATT&CK v17 release. He highlights the addition of the ESXi platform, new and updated techniques for Linux, refinements to mitigation guidance, and
Inside MITRE ATT&CK v17: Smarter defenses, sharper threat intel Read More »
European Vulnerability Database goes live, but who benefits? 2025-05-14 at 07:20 By Mirko Zorz The European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), an initiative under the NIS2 Directive aimed at enhancing digital security across the EU. The database serves as a centralized repository offering aggregated and actionable information on
European Vulnerability Database goes live, but who benefits? Read More »
Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs 2025-04-23 at 16:13 By Zeljka Zorz MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hypervisors. About MITRE ATT&CK MITRE ATT&CK is a regularly
Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs Read More »
MITRE Hackers’ Backdoor Has Targeted Windows for Years 2025-04-17 at 12:02 By Ionut Arghire Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years. The post MITRE Hackers’ Backdoor Has Targeted Windows for Years appeared first on SecurityWeek. This article is an excerpt
MITRE Hackers’ Backdoor Has Targeted Windows for Years Read More »
MITRE CVE Program Gets Last-Hour Funding Reprieve 2025-04-16 at 19:36 By Ryan Naraine The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational. The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
MITRE CVE Program Gets Last-Hour Funding Reprieve Read More »
Funding uncertainty may spell the end of MITRE’s CVE program 2025-04-16 at 14:56 By Zeljka Zorz The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in
Funding uncertainty may spell the end of MITRE’s CVE program Read More »