NVD Scales Back Amid Vuln/Supply Chain Flood
Key Questions
Why is NVD scaling back efforts?
NIST is prioritizing its Known Exploited Vulnerabilities (KEV) catalog amid over 40,000 CVEs expected in 2025 and a growing backlog.
What are recent supply chain vulnerabilities?
Ongoing attacks target security and dev tools like Trivy and Vercel, alongside critical CVEs in ActiveMQ and Cosmos, prompting enterprise reprioritization.
What is the role of AI in vulnerability discovery?
Mythos AI is driving a surge in vulnerability discoveries, contributing to the flood of CVEs and supply chain risks highlighted in weekly threat briefings.
Notable recent CVEs mentioned?
Includes Google Chrome multiple vulnerabilities and CVE-2026-7220 in jackwri software, recently published to the NVD dataset.
How should UK SMEs handle vulnerability disclosure?
Follow practical guides for safe vulnerability disclosure, ensuring secure reporting processes amid rising supply chain threats and board-level scrutiny.
NIST KEV focus on 40k+ 2025 CVEs/backlog; Mythos AI discovery surge; sec tools chain (Trivy/Vercel), ActiveMQ/Cosmos CVEs. Enterprises reprioritize exploit chains.