@owasp calls for a new #federated system for tracking and reporting on #vulnerabilities.
https://owasp.org/blog/2025/04/17/owasp-global-vulnerability-intelligence.html
Recent searches
Search options
#vulnerabilities
13 posts13 participants0 posts today
Please make sure to update your devices!
Update Now: iOS 18.4.1 and macOS Sequoia 15.4.1 Address Actively Exploited Vulnerabilities
https://www.macrumors.com/2025/04/16/ios-18-4-1-security-fixes/
The Damn Vulnerable Model Context Protocol (DVMCP) is an educational project designed to demonstrate #security #vulnerabilities in #MCP implementations. It contains 10 challenges of increasing difficulty that showcase different types of vulnerabilities and attack vectors. https://github.com/harishsg993010/damn-vulnerable-MCP-server
GitHubGitHub - harishsg993010/damn-vulnerable-MCP-server: Damn Vulnerable MCP ServerDamn Vulnerable MCP Server. Contribute to harishsg993010/damn-vulnerable-MCP-server development by creating an account on GitHub.
MITRE’s CVE program faced abrupt shutdown after DHS contract expired, but CISA stepped in with an 11-month extension to maintain continuity in vulnerability tracking.
CSO OnlineCVE program faces swift end after DHS fails to renew contract, leaving security flaw tracking in limboMITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program will end April 16 after DHS did not renew its funding contract for reasons unspecified. Experts say ending the program, which served as the crux for most cybersecurity defense programs, is a tragedy.
Nach dem drohenden Aus der #CVE-Liste startet die EU mit der eigenen Schwachstellendatenbank #EUVD.
Die Plattform der der EU-#Cybersicherheitsbehörde #ENISA soll laut NIS2-Richtlinie für mehr IT-Sicherheit in Europa sorgen.
Parallel arbeiten Initiativen an dezentralen und unabhängigen Lösungen. Eine mögliche Vertragsverlängerung durch die US-Behörde #CISA könnte den Dienst vorerst sichern.
heise online · CVE-Aus abgewendet, Schwachstellendatenbank der EU geht an den Start
More from 
Dr. Christopher Kunz
CVE Program Almost Unfunded
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to <a href="https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-... https://www.schneier.com/blog/archives/2025/04/cve-program-almost-unfunded.html
MITRE CVE Contract Extended Just Before Expiration https://thecyberexpress.com/mitre-cve-contract-extended-before-expiration/ #TheCyberExpressNews #TheCyberExpress #Vulnerabilities #FirewallDaily #cybersecurity #CyberNews #MITRE #CISA #CVE #NVD
The Cyber Express · MITRE CVE Contract Extended Just Before Expiration
Just found out that #CVE is basically on life support right now...
What the hell?
https://www.youtube.com/watch?v=itbsfeqrRY4
https://x.com/0xTib3rius/status/1912415702574579717
Apparently, 4chan got hacked. Not going to look into that (mainly because I would like to remain sane) but I can hazard a guess that there will be a small fight because of it.
Pulling the plug on the database would cause "an immediate cascading effect that will impact vulnerability management on a global scale"
#Cybersecurity #Funding #Software #Vulnerabilities #TechNews
Nonprofit That Tracks Software...
Bluesky SocialBluesky
The U.S. Government funding to MITRE, which maintains CVE data, will stop today. New vulnerabilities will no longer be added to the glossary, posing a risk to national security.
Read the full report: https://www.technadu.com/mitre-funding-by-the-u-s-government-to-stop-today-security-teams-left-alarmed/586183/
TechNadu · MITRE Funding by the U.S. Government to Stop Today, Security Teams Left AlarmedMITRE will stop adding new vulnerabilities to its database after the U.S. Government funding for the same expires on April 16.
The backbone of vulnerability tracking may be about to snap. 
MITRE’s federal contract for managing the CVE program expires April 16 — with no confirmed renewal.
Without it, we risk:
A breakdown in standardized vulnerability tracking
Global coordination gaps
Increased exposure to unpatched threats
Cybersecurity doesn’t work without CVE. Leadership must step up before this vital resource goes dark.
#CyberSecurity #CVE #RiskManagement #Vulnerabilities #Leadership
https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-funding
The Verge · The CVE program for tracking security flaws is about to lose federal funding
PHP Core Security Audit Results
For the 4 notable CVEs, one is not published.
CVE-2024-8928: Memory-related vulnerability in PHP’s filter handling, leading to segmentation faults.
#php #vulnerability #vulnerabilities
https://vulnerability.circl.lu/bundle/9bbd91e2-309f-4b35-9b31-fc613b3101d9
vulnerability.circl.luBundle - PHP Core Security Audit ResultsVulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
AI Vulnerability Finding
Microsoft is reporting that its AI systems are able to find <a href="https://www.bleepingcomputer.com/... https://www.schneier.com/blog/archives/2025/04/ai-vulnerability-finding.html
BleepingComputerBleepingComputerBleepingComputer.com is a premier destination for computer users of all skill levels to learn how to use and receive support
for their computer.
NEW - 
DCG Domain Blocklist available - last updated 2025/04/08
1689244 - Domains blocked with that build !
Supercharging your content blocker to increase privacy and security.
All available lists:
- uBlockOrigin
- Hosts format & Hosts format with wildcards
- dnsmasq with wildcards
Ready to use lists combined from many permissively licensed sources.
https://divested.dev/pages/dnsbl
#divested #DivestedComputingGroup
#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #hackernews
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss #freeyourmind
divested.devDnsbl - Divested Computing
WhatsApp Vulnerability Could Facilitate Remote Code Execution https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/ #Vulnerabilities #vulnerability #WhatsApp #Meta #MIME
WhatsApp Vulnerability Could Facilitate Remote Code Execution https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/ #Vulnerabilities #vulnerability #WhatsApp #Meta #MIME
NEW - 
DCG real-ucode
Actually provides the latest CPU microcode for AMD and Intel 
Version: 2025-04-25
Release: 1
updated ucode for amd and intel with that one !
https://github.com/divestedcg/real-ucode/
#divested
#DivestedComputingGroup
#fsf #FUTO #Fedora #alpinelinux #hardening #linuxtech #cybersec #cybersecurity #infosec #foss
#hackernews #opensource #android #skynet #linuxsecurity #ucode #vulnerabilities #vulnerability #freeyourmind
GitHubGitHub - divestedcg/real-ucode: All the microcodes, but packaged!All the microcodes, but packaged! Contribute to divestedcg/real-ucode development by creating an account on GitHub.
NEW - 
DCG rpm-hardened_malloc available
pkgver = 2025/04/04
pkgrel = 1
Release Note = more coverage
Compatibility:
- Fedora 39/40/etc.
- Arch Linux
Hardened allocator designed for modern systems
https://codeberg.org/divested/rpm-hardened_malloc
#divested #DivestedComputingGroup
#fsf #FUTO #Fedora #codeberg #hardening #hardened_malloc #hardenedmalloc #linuxtech #cybersec #cybersecurity #antivirus #hackernews
#opensource #android #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #hardening #foss #infosec #freeyourmind
https://www.europesays.com/1970212/ Heritage Foundation documentary highlights aging U.S. nuclear arsenal vulnerabilities #Aging #China #Conflicts #Documentary #HeritageFoundation #IndoPacific #nuclear #U.S.NuclearArsenal #vulnerabilities
