NIST Cuts Down CVE Analysis Amid Vulnerability Overload
The National Institute of Standards and Technology announced it will scale back enrichment of its National Vulnerability Database, concentrating only on the most critical CVEs—those in CISA’s Known Exploited Vulnerabilities catalog and software used by the federal government. The change follows a 263% surge in CVE submissions from 2020‑2025, leaving a backlog of over 30,000 entries despite enriching 42,000 CVEs in 2025. NIST will label non‑priority entries as “not scheduled” and will no longer calculate severity scores when vendors provide them. The agency plans to deploy AI, automation and CNA delegation to handle the growing volume.
Attackers Exploit Ivanti EPMM Zero-Days to Seize Control of MDM Servers
Attackers are actively exploiting two critical Ivanti Endpoint Manager Mobile (EPMM) zero‑days (CVE‑2026‑1281 and CVE‑2026‑1340) that allow unauthenticated remote code execution. More than 4,400 EPMM instances are exposed on the public internet, giving threat actors full control of enterprise mobile...
Companies Are Using ‘Summarize with AI’ to Manipulate Enterprise Chatbots
Microsoft's research reveals a new AI hijacking technique called AI recommendation poisoning, where "Summarize with AI" buttons embed hidden prompts that bias enterprise chatbots toward a vendor’s products. Over two months, researchers found 50 instances across 31 companies in sectors...