NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities

NIST's decision to reduce CVE data enrichment has impacted cybersecurity teams, prompting industry coalitions to step in and help fill the gap. The change affects vulnerability management, requiring new strategies to address high-impact software flaws and maintain cybersecurity resilience.

Rhea Finance reports an $18.4M exploit caused by a slippage flaw, with some funds recovered. The incident highlights ongoing security risks in DeFi platforms and the importance of safeguarding user assets.

Payouts King ransomware now uses QEMU virtual machines to evade endpoint security by establishing reverse SSH backdoors. This technique allows the malware to run hidden VMs on infected systems, bypassing detection. Security researchers warn that this method complicates mitigation efforts and highlights evolving ransomware tactics.

Cybercriminals are adopting device code phishing, exploiting legitimate login flows to trick victims into revealing account access. This new tactic enhances attack sophistication, making phishing campaigns harder to detect and prevent, posing increased risks to user security.

Circle is facing a lawsuit following the Drift Protocol exploit, with claims that it failed to freeze stolen USDC. This case could set a precedent for how courts view the responsibilities of crypto infrastructure providers during hacks. The outcome may influence legal standards for stablecoin and bridge operators in similar situations.

Ethereum is now one of the most heavily shorted assets globally, with institutions acquiring about $21M ETH daily over 21 months, totaling $11.8B. Firms like Bitmine and Sharplink hold an additional $10-15B outside ETFs. ETH's market position reflects its central role in DeFi and tokenization.