:

NIST STOPS RATING LOW-PRIORITY SECURITY FLAWS

INDUSTRY DESK1 MIN READ
SUN, APR 19, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

The National Institute of Standards and Technology will cease assigning severity scores to lower-priority vulnerabilities, citing mounting workload pressures from surging submission volumes.

NIST's decision reflects the agency's resource constraints as the vulnerability landscape expands. The organization will focus its rating efforts on higher-priority flaws while deprioritizing less critical issues. The move addresses a practical bottleneck: security researchers and vendors have increasingly submitted vulnerabilities for official severity assessment, outpacing NIST's capacity to evaluate them. By narrowing its scope, the agency aims to maintain quality and timeliness for critical vulnerability ratings. Organizations relying on NIST severity scores for lower-tier vulnerabilities may need alternative assessment methods or rely on vendor guidance. This shift could accelerate adoption of other vulnerability rating systems or internal assessment frameworks. The decision highlights ongoing challenges in vulnerability management infrastructure as cyber threats proliferate and disclosure practices evolve.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.

JUST NOWIndustry Desk

Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.

6H AGOSecurity Desk

A new variant of RedHook Android malware abuses Wireless ADB (Android Wireless Debugging) to gain shell-level privileges without requiring a computer connection. This represents a significant escalation in the malware's capabilities.

7H AGOSecurity Desk

Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.

11H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.