FIRST.org

@[email protected]
747 Followers
14 Following
549 Posts
Improving Security Together
Websitehttps://www.first.org
FIRST.org11h ago

New on the FIRST blog: Jenn Gile, Co-Founder of OpenSourceMalware and #VulnCon26 speaker, on why malicious open source packages don't fit the traditional vulnerability intelligence model.

The response motion looks familiar. A malicious package appears in a public registry, a record lands in OSV, tools fire an alert, and someone opens a ticket. But the data and the playbook don't actually match the threat.

🔍 Vulnerabilities are passive. They wait to be exploited.
⚡ Malicious packages are active. They execute on install.
🔧 Vulnerabilities have a fixed version.
🚫 Malicious packages ARE the latest version.

That mismatch leaves three investigative gaps vulnerability databases weren't built to fill:

📦 Payload: what the malware did and which files were affected.
👤 Threat actor: C2 infrastructure and accounts reused across campaigns.
🔗 Campaign: how one package connects to broader activity.

Case in point: the axios account takeover on March 30, 2026. OSV surfaces three IOCs. The campaign has at least nine, two of them shared with other malicious assets.

Jenn's argument: malicious packages need their own intelligence track, built around a different set of questions.

📖 Read more: https://go.first.org/BwFfv

#cybersecurity #infosec #VulnerabilityManagement

Malicious Packages Don't Fit the Vulnerability Intelligence Model

Malicious open source packages and software vulnerabilities may look alike on the surface, but they demand entirely different response playbooks. Treating a malicious npm or PyPI package like a CVE leaves critical questions unanswered: what did it execute, where did it phone home, and what campaign is it part of? Purpose-built malicious package intelligence infrastructure is needed to answer those questions.

FIRST — Forum of Incident Response and Security Teams
FIRST.org20h ago
Guten Morgen from Munich! ☕
#FIRSTCTI26 is LIVE and #CyberThreatIntelligence is flowing!
🔍💥 Jump into the TLP:CLEAR sessions streaming right now on YouTube:
👉 https://www.youtube.com/watch?v=-9GbyvoktXc
Prost to great CTI! 🍻
#FIRSTCTI26 #CyberThreatIntelligence #CTI #Infosec #Munich
2026 FIRST CTI Conference - Day 1 Plenary Sessions - Live Stream

YouTube
FIRST.org21h ago
Day 2 begins with the same energy and curiosity that makes this CTI community so strong. Looking forward to another full day of shared insights and meaningful dialogue. 🤝✨ #FIRSTCTI26 #cyberthreatintelligence #threatintel 🔗https://go.first.org/1OpsO
2026 Cyber Threat Intelligence Conference | #FIRSTCTI26

FIRST — Forum of Incident Response and Security Teams
FIRST.org1d ago
Day 1 of the FIRST Cyber Threat Intelligence Conference is officially underway here in #Munich. We’re kicking off three days of insights, collaboration, and forward‑thinking discussions shaping the future of CTI. 🛡️✨ #FIRSTCTI26 #cyberthreatintelligence #threatintel 🔗https://go.first.org/1OpsO
2026 Cyber Threat Intelligence Conference | #FIRSTCTI26

FIRST — Forum of Incident Response and Security Teams
FIRST.org2d ago
🥾Heads up, hikers! Don’t get stuck at basecamp! Registration prices start climbing after April 30, so lock in your rate while the trail is still easy. 🏔️⚡#FIRSTCON26 #LastChanceToSave
FIRST.org5d ago

📰 Maria Korolov, CSO Online covered NIST's major shift in CVE handling announced at #VulnCon26, as the National Vulnerability Database buckles under a 30,000+ backlog and submissions grow 263% since 2020.

FIRST CEO Chris Gibson weighs in on the vulnerability velocity crisis, with FIRST projecting 59,427 CVEs in 2026 and realistic scenarios cracking 100,000 amid the rise of AI-powered discovery tools like Anthropic's Mythos.

Harold Booth, Supervisory Computer Scientist, NIST outlined the agency's pivot to prioritize KEV-listed and critical software CVEs while turning to LLMs, AI agents, and RPA to tackle the backlog.

Jay Jacobs, Co-Founder & Data Scientist, Empirical Security, FIRST EPSS-SIG Co-Chair, CVE Consumer WG Chair shares optimism that AI-driven automation can help NIST keep pace, noting that even if it isn't Mythos, "something is going to come out next week."

Read more: https://go.first.org/9k8UO

#cybersecurity #infosec #VulnerabilityManagement

NIST cuts down CVE analysis amid vulnerability overload

The agency will only add enrichment details to CVEs in limited cases going forward, prioritizing known exploited flaws and vaguely defined ‘critical software.’

CSO Online
FIRST.org5d ago

🎤 Call for Speakers — Now Open! ❄️
Cold Incident Response 2026 is officially accepting talk proposals.

Got blue‑team brilliance to share? Whether it’s incidents, monitoring, detection, engineering, tooling, or hard‑won stories from the trenches, we want to hear it. If the community can learn from it, it belongs on our stage.

Never presented before? No worries. You’ll be speaking to the friendliest crowd in the world—real operational security folks who write their own hunting queries and love practical tips they can use the very next workday.

📅 Submission deadline: July 7 📬 Feedback by: August 15

Ready to bring the heat to cold response? 👉 Submit your proposal: 🔗https://go.first.org/ASews

#technicalcolloquium #incidentresponse

FIRST TC Oslo: Cold Incident Response

FIRST TC Oslo: Cold Incident Response is an annual conference organized by the Norwegian FIRST community, focusing on security monitoring and incident response. This website provides information on the current conference.

ColdIncidentResponse
FIRST.org5d ago

📰 Kevin Poireault, Infosecurity Magazine, sat down with FIRST CEO Chris Gibson at #VulnCon26 in Scottsdale, AZ, unpacking the AI-driven vulnerability tsunami reshaping #VulnerabilityManagement, with mean time to exploit now measured in hours, not weeks.

Gibson makes the case for global collaboration over fragmentation, welcomes ENISA joining CISA and MITRE as a Top-Level Root CNA, and predicts Anthropic and OpenAI will become CVE Numbering Authorities by year-end.

Read more: https://go.first.org/lM4sa

#CVE #CyberDefense #cybersecurity #infosec

FIRST CEO Calls for CVE Collaboration amid AI Vulnerability Tsunami

FIRST CEO Chris Gibson urged global CVE collaboration and integrating AI companies to combat automated cyber threats

Infosecurity Magazine
FIRST.org5d ago
We’re heading back to where it all began — Munich. FIRST’s Cyber Threat Intelligence Conference returns next week April 21-23, bringing together experts shaping the future of CTI. 🛡️✨ #FIRSTCTI26 #cyberthreatintelligence #threatintel 🔗https://go.first.org/1OpsO
2026 Cyber Threat Intelligence Conference | #FIRSTCTI26

FIRST — Forum of Incident Response and Security Teams
FIRST.org6d ago

🎉 The CVE/FIRST #VulnCon26 & Annual CNA Summit has wrapped, and what a week it was.

500+ security professionals from around the world gathered in Scottsdale, AZ to advance the #VulnerabilityManagement ecosystem, with sessions led by leaders from CISA, ENISA, NIST, Google, Microsoft, NVIDIA, Cisco, Dell, and dozens more.

Highlights:
✅ CISA reaffirmed the CVE program as a top agency priority and called on AI companies to play a larger role going forward
✅ CWE is becoming a more integral part of vulnerability disclosure, with root-cause mapping gaining wider adoption
✅ New product launches on the show floor, including Volerion's Vulnerability Intelligence Platform, NetRise Provenance, and a major Red Hat security data overhaul
✅ Key updates from CVE Working Groups, the EPSS SIG, and Women of FIRST

Speaker sessions will be available on-demand for virtual attendees in the FIRST Events app, as well as FIRST's YouTube channel in the coming weeks.

A huge thank you to everyone who attended, presented, sponsored, and supported this event.

This community is what makes the vulnerability management ecosystem stronger!

Read more: https://go.first.org/WabqC

#CyberDefense #cybersecurity #infosec