European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program
The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE
MITRE develops cybersecurity knowledge bases such as ATT&CK, which practitioners use to map adversary tactics, techniques, and defensive coverage.
Search across headline titles and summaries.
Background for this topic.
MITRE is a U.S. not-for-profit organization whose cybersecurity work includes the ATT&CK knowledge base and the Common Vulnerabilities and Exposures (CVE) program. ATT&CK organizes documented adversary behavior into tactics, such as credential access, and techniques, such as phishing or PowerShell use. CVE assigns standardized identifiers and descriptions to publicly disclosed software vulnerabilities, allowing security teams and tools to refer to the same issue consistently.
Practitioners map threat-intelligence reports, incident evidence, and detection rules to ATT&CK to identify attack behaviors and gaps in monitoring or response coverage. They use CVE identifiers to correlate vulnerability disclosures with affected assets, patches, and other assessment data. An ATT&CK technique describes a behavior, not proof that a particular actor was responsible or that every associated detection is effective. Likewise, a CVE identifier is not a severity score or a guarantee that a system is affected; teams must verify product versions, exposure, exploitability, and available mitigations before prioritizing remediation.
Weekly headline count for the current query.
The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE
NIST and MITRE are collaboratively launching two centers to advance AI security for US manufacturing and critical infrastructure
MITRE has released its Top 25 CWE list for 2025, compiled from software and hardware flaws behind almost 40,000 CVEs
MITRE said it understands why Microsoft, SentinelOne and Palo Alto pulled out of its 2025 of ATT&CK Evaluations test – and promises to do better next year
While “fairly primitive”, APT28’s LameHug was a testbed for future AI-powered attacks, said two MITRE experts during Black Hat USA 2025
MITRE has introduced AADAPT framework, a new cybersecurity framework aimed at mitigating risks in digital financial systems like cryptocurrency
MITRE will be able to keep running the CVE program for at least the next 11 months
Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database
Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database
The 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities
Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days
MITRE’s EMB3D provides industrial manufacturers with a shared understanding to mitigate cyber threats
IBM, Microsoft, MITRE and others join forces
The open source tool will enable cyber teams to consistently test and boost the defenses of ICS environments
CWE Top 25 list is calculated from two years of vulnerability data