Explore the latest MITRE frameworks and cybersecurity defense strategies. Stay informed on ATT&CK updates and MITRE-related infosec insights.
Search across headline titles and summaries.
Background for this topic.
The MITRE Corporation is a not-for-profit organization that operates multiple federally funded research and development centers (FFRDCs) in the United States. Within the realm of information security, MITRE is known for its contribution to cybersecurity standards and frameworks, most notably the MITRE ATT&CK framework, and the Common Vulnerabilities and Exposures (CVE) system.
The MITRE ATT&CK framework is a comprehensive matrix of tactics and techniques observed in millions of real-world cyber attacks. It provides a structured approach for cybersecurity professional to track, analyze, and respond to cyber threats by understanding threat actors' behavior and methodologies. By focusing on the post-compromise behavior of attackers, the framework serves as a vital resource in detecting and mitigating such threats in a proactive manner.
The Common Vulnerabilities and Exposures (CVE) system is another critical cybersecurity standard that MITRE maintains. It is a list of publicly known cybersecurity vulnerabilities and exposures. Each entry in the CVE system includes an identifier number, a description, and at least one public reference. This system facilitates the sharing of data across different security tools and services, ensuring various stakeholders can openly communicate and manage common vulnerabilities and exposures in a standardized way.
Through these contributions and others, MITRE plays a significant role in enhancing and shaping global information security practices and defense mechanisms.
Weekly headline count for the current query.
The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE
How MITRE has mismanaged the world's vulnerability database for decades and wasted millions along the way.
MITRE loses its lead as the top reporter of vulnerabilities, while new organizations pump out CVEs and reported bugs in WordPress plug-ins surge.
This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI Research™ monitoring and TrendAI Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations.
NIST and MITRE are collaboratively launching two centers to advance AI security for US manufacturing and critical infrastructure
MITRE has released its Top 25 CWE list for 2025, compiled from software and hardware flaws behind almost 40,000 CVEs
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations.
MITRE said it understands why Microsoft, SentinelOne and Palo Alto pulled out of its 2025 of ATT&CK Evaluations test – and promises to do better next year
While “fairly primitive”, APT28’s LameHug was a testbed for future AI-powered attacks, said two MITRE experts during Black Hat USA 2025
MITRE has introduced AADAPT framework, a new cybersecurity framework aimed at mitigating risks in digital financial systems like cryptocurrency
The new framework is modeled after and meant to complement the MITRE ATT&CK framework, and it is aimed at detecting and responding to cyberattacks on cryptocurrency assets and other financial targets.
CardinalOps' report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.
New MITRE ATLAS submission helps strengthen organizations’ cyber resilience
Despite all MITRE has done for cybersecurity, it is clear we should not wait 11 months to discuss the future of the CVE database. It's simply too important for that.
PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more! Infosec in brief Samsung has warned that some of its Galaxy devices store passwords in plaintext.…
Despite Last-Minute Reprieve, Fresh Approach and Ownership Required, and SoonThis week's near-disruption in funding for the Mitre-administered Common Vulnerabilities and Exposures Program shows that the U.S. government no longer wants to be footing the tab. Many experts say this is an opportunity to redesign the CVE Program to be more neutral, sustainable and international.
MITRE, EUVD, GCVE … WTF? Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.…
After threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute — extending its government contract for another 11 months. After that, it looks like it's up to the private sector to find the cash to keep it going.
MITRE will be able to keep running the CVE program for at least the next 11 months