MITRE shares 2025's top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
MITRE develops cybersecurity knowledge bases such as ATT&CK, which practitioners use to map adversary tactics, techniques, and defensive coverage.
Search across headline titles and summaries.
Background for this topic.
MITRE is a U.S. not-for-profit organization whose cybersecurity work includes the ATT&CK knowledge base and the Common Vulnerabilities and Exposures (CVE) program. ATT&CK organizes documented adversary behavior into tactics, such as credential access, and techniques, such as phishing or PowerShell use. CVE assigns standardized identifiers and descriptions to publicly disclosed software vulnerabilities, allowing security teams and tools to refer to the same issue consistently.
Practitioners map threat-intelligence reports, incident evidence, and detection rules to ATT&CK to identify attack behaviors and gaps in monitoring or response coverage. They use CVE identifiers to correlate vulnerability disclosures with affected assets, patches, and other assessment data. An ATT&CK technique describes a behavior, not proof that a particular actor was responsible or that every associated detection is effective. Likewise, a CVE identifier is not a severity score or a guarantee that a system is affected; teams must verify product versions, exposure, exploitability, and available mitigations before prioritizing remediation.
Weekly headline count for the current query.
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. [...]
The 2024 MITRE ATT&CK Evaluation results are now available with Cynet achieving 100% Visibility and 100% Protection in the 2024 evaluation. Learn more from Cynet about what these results mean. [...]
The "MITRE Engenuity ATT&CK Evaluations: Enterprise" stand out as an essential resource for cybersecurity decision makers. Learn more from Cynet on what to expect in the upcoming 2024 MITRE ATT&CK Evaluation results. [...]
MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. [...]
A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. [...]
The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. [...]
MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years. [...]
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released 'Decider,' an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports. [...]
A security advisory for a vulnerability (CVE) published by MITRE has accidentally been exposing links to remote admin consoles of over a dozen vulnerable IP devices since at least April 2022. [...]
MITRE shared this year's list of the top 25 most common and dangerous weaknesses impacting software throughout the previous two calendar years. [...]