You know when you see news articles about hacks of password databases or critical vulnerabilities in popular software, they usually quote a "CVE" number that officially identified the issue and allowed it to be defined precisely, and tracked? Well that's gone as of today. Looks like the trump regime has cancelled one off the foundational authorities on cybersecurity, the CVE or Common Vulnerabilities and Exposures program, without explanation. Basically the whole of "tech" relies on this, but I guess it's just America supporting the rest of the world, so it has to go. #cybersecurity #cybersec #cve #vulnerability #VulnerabilityDatabase

Edits: typos/autocorrupt

So...besides @mcfly, who else do I know on here that has to manage vulnerabilities for large code bases and deployments as part of their job?

It might be a bit early, seeing that Dear Leader tends to flip-flop on these kinds of unpopular decisions, but I think it might be wise to at least prepare, and organize a forum to talk about a post-MITRE world?

@adamshostack 's thoughts on the cancellation of CVE funding.

https://shostack.org/blog/thoughts-on-cve/

Das CVE-Programm zur Katalogisierung von Softwareschwachstellen verliert seine Finanzierung. Experten warnen vor verheerenden Folgen für die globale IT-Sicherheit. Und das ab sofort. #Cybersecurity #CVE https://winfuture.de/news,150367.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Fuck.

https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html

bye bye CVEs tomorrow everyone back to bugtraq like the good old days I actually like how it was done in bugtraq etc https://en.wikipedia.org/wiki/Bugtraq #cve #cves #bugtraq #usenet
#goodoldays #hacking #cybersecurity

It’s official: Cybersecurity CVE funding has expired.

The U.S. government let MITRE’s contract lapse — and with it, the core of our global cybersecurity vulnerability tracking ecosystem.

This means:
No new CVE IDs
Disruptions across patch workflows
Coordination breakdowns for defenders worldwide
Increased time-to-response across industries

Every org that relies on coordinated disclosure is now flying with one engine. This isn’t a future risk — it’s a present emergency.

#CyberSecurity #CVE #ThreatIntel #VulnerabilityManagement #InfoSec #security #privacy #cloud
https://www.theregister.com/2025/04/16/homeland_security_funding_for_cve

Explosive allegations are hitting Elon Musk’s DOGE team.

A whistleblower says:
10GB of NLRB data was exfiltrated
Security settings were disabled
Photos of staff were used to intimidate
Claims involve surveillance, union suppression, and cyber intrusion

Musk called it “insane,” but the NLRB is reportedly cooperating with federal investigations. Whether true or not — this underscores the growing overlap of cybersecurity, labor rights, and executive power.

#CyberSecurity #Whistleblower #ElonMusk #NLRB #DigitalEthics #security #privacy #cloud #infosec
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security

Health and Human Services Systems Are in Danger of Collapsing, Workers Say

The purging of IT and #cybersecurity staff at the Department of #Health and Human Services could threaten the systems used by the agency’s staff and the safety of critical health data.
#hhs #Musk #Trump #maga #takedown #medicine

https://www.wired.com/story/department-health-human-services-possible-collapse/

Trump is putting global cybersecurity at risk, not just because the US ceased to be a reliable ally or because he's going after Chris Krebs on a petty vendetta, but because he's dismantling a cybersecurity architecture that is critical to transnational efforts to combat cybercrime. The US Cybersecurity & Infrastructure Security Agency (or CISA for short) has provided resources that organisations around the world rely on to keep their infrastructure secure.

1/4

#Cryptomator Hub 1.4.0: More Trust, More Control, More Transparency

https://cryptomator.org/blog/2025/04/15/hub-1.4.0/

Just a reminder: Vulnerability Lookup isn’t just about finding CVEs. It supports the full chain, collection from multiple sources, continuous distribution, and allocation within a coordinated vulnerability disclosure (CVD) process. 100% open source.

An online version maintained by @circl https://vulnerability.circl.lu/

https://www.vulnerability-lookup.org/

https://github.com/vulnerability-lookup/vulnerability-lookup