I boosted several posts about this already, but since people keep asking if I've seen it....

MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.

I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.

https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001

MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject

Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said:

“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”

Okay, this is not good:

"Executive Summary
On 21 March 2025, CloudSEK’s XVigil discovered a threat actor, "rose87168," selling 6M records exfiltrated from SSO and LDAP of Oracle Cloud. The data includes JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys."

"The attacker, active since January 2025, is incentivizing decryption assistance and demanding payment for data removal from over 140K affected tenants. Our engagement with the threat actor suggests a possible undisclosed vulnerability on login.(region-name).oraclecloud.com, leading to unauthorized access. While the threat actor has no prior history, their methods indicate high sophistication, CloudSEK assesses this threat with medium confidence and rates it as High in severity."

https://www.cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants

https://exposure.cloudsek.com/

No, this is no a new CAPTCHA, this is a new malware vector which tricks users to open #Windows command line and paste a command to download some harmful stuff.

Just reported by Mohamed Aruham on Twitter.