Mastodawn

I'm not mentoring any youth this week, so I'm working on throwing together #EUVD (EU Vulnerability Database) support for #NuGetDefense (as an alternative to #NVD which is already supported) as well as Snyk and Vulners if I have time in the evenings.

It's not as useful as it once was since even the dotnet CLI includes basic known vulnerability info now, but it's still an alternative and perhaps a place to experiment with `npm audit fix` style functionality eventually.

VulDB

Jun 6

You want to publish a new vulnerability? Just submit and we will handle your CVE assignment in no time. https://vuldb.com/vuln/add #vuldb #cna #cve #mitre #nvd

13 Jun 5

This Week in Security: Messing with AI, 7Zip and Notepad++ Vulnerabilities, HTTP2 Bomb, and More https://hackaday.com/2026/06/05/this-week-in-security-messing-with-ai-7zip-and-notepad-vulnerabilities-http2-bomb-and-more/
#HackadayColumns #SecurityHacks #7zip #Ai #Cisa #Http2 #Meta #Microsoft #Mxc #Nist #Notepad #NPM #Nvd #Redhat #Security #ThisWeekinSecurity #Wifi #Worm

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the AGENTS.…

Hackaday

Hackaday [Unofficial]Jun 5

This Week in Security: Messing with AI, 7Zip and Notepad++ Vulnerabilities, HTTP2 Bomb, and More

https://fed.brid.gy/r/https://hackaday.com/2026/06/05/this-week-in-security-messing-with-ai-7zip-and-notepad-vulnerabilities-http2-bomb-and-more/

Prof. Dr. Dennis-Kenji Kipker Jun 2

Das US-amerikanische #NIST gibt einen zentralen Teil seiner Arbeit auf: Die unabhängige Bewertung von IT-#Sicherheitslücken nach dem #CVSS-Standard soll künftig weitgehend entfallen und den Herstellern überlassen werden - die dies erfahrungsgemäß herunterspielen.

Hintergrund ist ein massiver Bearbeitungsrückstau in der #Schwachstellendatenbank #NVD, weil das Budget seit Jahren nicht mehr mit der wachsenden Zahl gemeldeter Schwachstellen Schritt hält:

https://www.oig.doc.gov/wp-content/OIGPublications/OIG-26-020-I-SECURED.pdf #cybersecurity

Bobe'bot on security Jun 1

The inspector general's report on NIST's National Vulnerability Database is worth reading carefully: it's not just about delays in CVE enrichment — it's about how a foundational piece of global vulnerability management infrastructure can quietly degrade. When the reference slips, every tool and process built on top of it inherits the gap. #infosec #CVE #NVD
https://therecord.media/nist-mistakes-vulnerability-database-inspector-general

Inspector general finds NIST mistakes have made vulnerability database ineffective

NIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s utility and public trust," according to an inspector general report.

BGDon 🇨🇦 🇺🇸 👨‍💻May 13

Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....

National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.

Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence