惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
F
Fortinet All Blogs
阮一峰的网络日志
阮一峰的网络日志
Apple Machine Learning Research
Apple Machine Learning Research
爱范儿
爱范儿
WordPress大学
WordPress大学
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
J
Java Code Geeks
罗磊的独立博客
S
SegmentFault 最新的问题
V
V2EX
V
Visual Studio Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
美团技术团队
博客园 - 三生石上(FineUI控件)
Stack Overflow Blog
Stack Overflow Blog
Y
Y Combinator Blog
MyScale Blog
MyScale Blog
D
Docker
Google DeepMind News
Google DeepMind News
Blog — PlanetScale
Blog — PlanetScale
M
Microsoft Research Blog - Microsoft Research
Martin Fowler
Martin Fowler
S
Secure Thoughts
B
Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Recent Announcements
Recent Announcements
MongoDB | Blog
MongoDB | Blog
C
Cisco Blogs
C
CERT Recently Published Vulnerability Notes
T
True Tiger Recordings
GbyAI
GbyAI
P
Proofpoint News Feed
P
Privacy International News Feed
Jina AI
Jina AI
The Cloudflare Blog
I
Intezer
AWS News Blog
AWS News Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
Security Archives - TechRepublic
NISL@THU
NISL@THU
The Register - Security
The Register - Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
P
Palo Alto Networks Blog
S
Schneier on Security
L
LINUX DO - 热门话题
C
CXSECURITY Database RSS Feed - CXSecurity.com
Security Latest
Security Latest
C
Cybersecurity and Infrastructure Security Agency CISA

Help Net Security

Kore.ai unveils AI-native platform for enterprise multiagent systems Suspected KimWolf botnet admin arrested over DDoS-for-hire operation Versa extends zero trust principles to AI agents and MCP workflows GitLab 19.0 adds AI workflows, secrets management, and self-hosted model support Proton Pass adds monitored credential sharing for AI agents Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR Microsoft 365 users targeted by new phishing threat that bypasses MFA Meet Fractal, an OS made for microarchitecture reverse engineering Downtime has become a $600 billion business problem The new economics of fraud: Cheaper, faster, more convincing New infosec products of the week: May 22, 2026 Microsoft open-sources tools for designing and testing AI agents Authorities dismantle First VPN, used by ransomware actors GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) Virtru centers file collaboration around data-level protection ASAPP expands adversarial testing for enterprise AI systems Tenable Hexa AI automates remediation across attack surfaces Riverbed introduces new Aternity tools for autonomous IT operations Forward launches Predict to test network changes before deployment CTERA brings AI insights and automation for unstructured data Terra adds continuous network exploitation validation to its platform Why AI changed the threat model for travel technology Most dark web activity revolves around a handful of topics AI red teaming agents change how LLMs get tested Product showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin Cyber threats push SMBs to spend more on security Webworm APT targets European government organizations with new backdoors Verizon DBIR: Vulnerability exploitation is the dominant initial access vector NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw FBI: $388 million lost in crypto ATM scams in 2026 ArmorCode gives security teams AI workers for exposure and remediation Novata uses AI to map risk across portfolios and supply chains TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Trust3 AI focuses on AI agent risks with MCP Security layer Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals Darwinium updates mobile SDKs to detect remote access scam activity Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) Communicating cyber risk in dollars boards understand CVE Lite CLI: Open-source dependency vulnerability scanner When your AI assistant has the keys to production 7 hard truths security pros should know: 2026 DevOps Threats Report What happens when your identity provider becomes the kill chain PureLogs infostealer is stealing credentials worldwide Selector extends AI-driven observability into multi-cloud environments LaunchDarkly adds real-time controls for AI agents in production Canonical ships Ubuntu Core 26 with 15 years of security maintenance New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain The end of unencrypted Discord calls is here Babel Street targets AI-driven threats with new agentic investigation capabilities iProov brings identity verification to video meetings to reduce fraud risks Egnyte unveils Email Capture and AI features to unify fragmented data Public Instagram posts provide raw material for AI phishing campaigns Earbud sensors can authenticate users by their heartbeat, study finds AI infrastructure is cracking under sovereignty demands Cybersecurity jobs available right now: May 19, 2026 AI is drowning software maintainers in junk security reports Game over for 74 suspected scammers after Dutch cops plastered their faces on billboards Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) SmartBear expands ReadyAPI with AI-powered API testing capabilities Attackers accessed, downloaded code from Grafana Labs’ GitHub 201 arrested in INTERPOL disruption of phishing and fraud networks The AI backdoor your security stack is not built to see Lyrie: Open-source autonomous pentesting agent AI shrinks vulnerability exploitation window to hours Product showcase: McAfee + ChatGPT integration turns doubt into a scam check When ransomware hits, confidence doesn’t restore endpoints Debian 13.5 point release lands with security fixes, bug patches Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited Google lets Workspace admins apply one policy across all SAML apps Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Penske Logistics launches platform for real-time supply chain visibility DigiCert breached via malicious screensaver file Operant AI Endpoint Protector secures AI agents and MCP tools Owl IRD enables one-way forensic data transfer for incident response teams Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940) Blend Autopilot MCP brings AI agent orchestration to lending platforms Two cybersecurity pros get prison time for helping ransomware gang Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching 15-year-old detained over massive data breach at French government agency Lens Agents brings policy control to AI across cloud and desktop Brush shell 0.4.0 tightens script safety, widens platform support Pipelock: Open-source AI agent firewall Spotting third-party cyber risk before attackers do What researchers learned about building an LLM security workflow Your work apps are quietly handing 19 data points to someone ChatGPT advanced account security adds passkeys and hardware keys Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months Automating Pentest Delivery: A Step-by-Step Guide - PlexTrac Open-source privacy proxy masks PII before prompts reach external AI services Shadow AI risks deepen as 31% of users get no employer training Identity is the control plane for distributed infrastructure AI traffic is getting bigger, louder, and less predictable New infosec products of the month: April 2026 cPanel zero-day exploited for months before patch release (CVE-2026-41940) Cisco releases open-source toolkit for verifying AI model lineage Met Police face criticism for using AI to spy on their own officers Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Hacker with a special interest in breaching sports institutions ends behind bars - Help Net Security IP Fabric MCP server adds governance and control to enterprise AIOps workflows - Help Net Security
CISA’s new KEV nomination form opens reporting to vendors and researchers
Anamarija Po · 2026-05-22 · via Help Net Security

The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog.

KEV nomination form

The form gives outside contributors a direct way to submit vulnerabilities to CISA. Email submissions remain available at vulnerability@cisa.dhs.gov for organizations and individuals who prefer that route.

“Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” Chris Butera, CISA’s Acting Executive Assistant Director for Cybersecurity said. “Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale. CISA strongly encourages researchers and organizations to share vulnerability threats and help us secure the systems Americans rely on every day.”

Context for the change

CISA started the KEV catalog in November 2021 and has grown it steadily. The agency has drawn criticism for being slow to add actively exploited bugs. Opening up outside reporting should help the agency add actively exploited bugs faster and keep the list current.

Submissions still have to meet the existing bar: an assigned CVE, confirmed exploitation, and remediation guidance.

Download: 2026 SANS Identity Threats & Defenses Survey

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。