The National Vulnerability Database will prioritize only critical software vulnerabilities and those under active exploitation, a strategic shift to address a significant backlog created by a 2024 funding lapse.
NIST's decision marks a substantial change in how the agency manages its vulnerability analysis workload. The database will now concentrate on CVEs listed in CISA's known exploited catalog and vulnerabilities affecting federal government systems.
The funding lapse in 2024 created a substantial backlog that exceeded the agency's capacity to analyze all reported vulnerabilities. Rather than process submissions across the board, NIST is implementing a triage approach focused on threats with the highest impact and immediate risk.
Critical software vulnerabilities—those affecting widely-used systems—remain the primary focus. Vulnerabilities already documented as exploited in the wild by CISA take precedence, reflecting the real-world threat landscape.
The shift acknowledges resource constraints while maintaining focus on vulnerabilities posing the greatest risk to organizations and government infrastructure. NIST continues accepting submissions for all vulnerability types, though analysis timelines for lower-priority entries may extend significantly.
A new macOS malware called CrashStealer disguises itself as Apple's crash-reporting tool to steal credentials, keychain data, and cryptocurrency wallets from infected systems.
Security firm Jscrambler disclosed that attackers published a malicious version of its npm package, which was downloaded nearly 1,500 times before detection. The compromised package contained infostealer malware targeting developer systems.
Security researchers are turning prompt injection attacks into a defensive weapon. The technique, called "context bombing," forces malicious AI agents to shut down before causing damage.
The Los Angeles Police Department has allowed its contract with surveillance company Flock to expire, citing serious civil liberties and privacy concerns. The move marks a significant departure for one of Flock's largest government customers.