Vulnerabilities Surge, But Messy Reporting Blurs Picture
MITRE loses its lead as the top reporter of vulnerabilities, while new organizations pump out CVEs and reported bugs in WordPress plug-ins surge.
MITRE develops cybersecurity knowledge bases such as ATT&CK, which practitioners use to map adversary tactics, techniques, and defensive coverage.
Search across headline titles and summaries.
Background for this topic.
MITRE is a U.S. not-for-profit organization whose cybersecurity work includes the ATT&CK knowledge base and the Common Vulnerabilities and Exposures (CVE) program. ATT&CK organizes documented adversary behavior into tactics, such as credential access, and techniques, such as phishing or PowerShell use. CVE assigns standardized identifiers and descriptions to publicly disclosed software vulnerabilities, allowing security teams and tools to refer to the same issue consistently.
Practitioners map threat-intelligence reports, incident evidence, and detection rules to ATT&CK to identify attack behaviors and gaps in monitoring or response coverage. They use CVE identifiers to correlate vulnerability disclosures with affected assets, patches, and other assessment data. An ATT&CK technique describes a behavior, not proof that a particular actor was responsible or that every associated detection is effective. Likewise, a CVE identifier is not a severity score or a guarantee that a system is affected; teams must verify product versions, exposure, exploitability, and available mitigations before prioritizing remediation.
MITRE loses its lead as the top reporter of vulnerabilities, while new organizations pump out CVEs and reported bugs in WordPress plug-ins surge.
This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI Research™ monitoring and TrendAI Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations.