Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time
In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what …
MITRE releases a shared fraud-cyber framework built from real attack data
Financial fraud losses in the United States reached $16.6 billion in 2024, up from $4.2 billion in 2020. Behind those numbers is a structural problem: the teams responsible …
The case for fixing CWE weakness patterns instead of patching one bug at a time
In this Help Net Security interview, Alec Summers, MITRE CVE/CWE Project Lead, discusses how CWE is moving from a background reference into active use in vulnerability …
CISA looks to partners to shore up the future of the CVE Program
The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we …
New MITRE framework takes aim at crypto threats
MITRE has introduced AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a new cybersecurity framework designed to tackle vulnerabilities in digital financial …
Kanvas: Open-source incident response case management tool
Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet …
Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques
Using the MITRE ATT&CK framework as a baseline, organizations are generally improving year-over-year in understanding security information and event management (SIEM) …
Inside MITRE ATT&CK v17: Smarter defenses, sharper threat intel
In this Help Net Security video, Adam Pennington, MITRE ATT&CK Lead, breaks down what’s new in the ATT&CK v17 release. He highlights the addition of the ESXi …
European Vulnerability Database goes live, but who benefits?
The European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), an initiative under the NIS2 Directive aimed at enhancing digital …
Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs
MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and …
Funding uncertainty may spell the end of MITRE’s CVE program
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal …
Attack Flow: Learn how cyber adversaries combine and sequence offensive techniques
MITRE’s Attack Flow project aims to translate complex cyber operations into a structured language. By describing how adversaries sequence and combine offensive …
Featured news
Resources
Don't miss
- NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward
- Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards
- Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug
- EU cybersecurity standards are at risk if supplier ban passes
- What the EU AI Act requires for AI agent logging