惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
L
LangChain Blog
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
F
Full Disclosure
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Register - Security
The Register - Security
G
Google Developers Blog
C
Check Point Blog
GbyAI
GbyAI
A
About on SuperTechFans
V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
T
Tor Project blog
AWS News Blog
AWS News Blog
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
MongoDB | Blog
MongoDB | Blog
Latest news
Latest news
aimingoo的专栏
aimingoo的专栏
U
Unit 42
Y
Y Combinator Blog
P
Privacy International News Feed
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
S
Schneier on Security
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
C
Cisco Blogs
Webroot Blog
Webroot Blog
T
Troy Hunt's Blog
Google Online Security Blog
Google Online Security Blog
月光博客
月光博客
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
罗磊的独立博客
Cloudbric
Cloudbric
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Microsoft Security Blog
Microsoft Security Blog

Threat Intelligence Blog | Flashpoint

Understanding Illicit Ecosystems: How Dark Web Forums Structure Cybercrime AI, Trust, and the Future of Threat Intelligence Remus Stealer: A New, Not-So-New Infostealer America250 Fourth of July Threat Assessment Unmasking the Digital Trail: Essential Techniques for Vetting AI-Generated Content The Shift to Threat-Informed Prioritization: Operationalizing CISA BOD 26-04 Identity Is the New Attack Surface: How Infostealers Are Reshaping Enterprise Risk Understanding Illicit Ecosystems: Weaponizing Mainstream Apps and Social Infrastructure Connecting Vulnerability Intelligence to Real-World Exposure With Flashpoint EASM Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground How to Align and Measure Threat Intelligence Operations: Flashpoint Priority Intelligence Requirements The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation Understanding Illicit Ecosystems: The Hybrid Threat of “The Com” AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities How Mergers and Acquisitions Expand Your Attack Surface Overnight The Evolution of the Geotag: How AI is Bridging the Gap in Location-Based OSINT Navigating the Threat Landscape of the 2026 FIFA World Cup Inside the 2026 Cyber Threat Landscape: Data-Driven Security Priorities Flashpoint MCP Server: Operationalizing Cyber Threat Data for Agentic AI Security Workflows 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence: Key Takeaways for Security Leaders Escalation in the Middle East: Tracking “Operation Epic Fury” Across Military and Cyber Domains How to Build and Operationalize Priority Intelligence Requirements Flashpoint Surpasses Cataloging 7,000 Known Exploited Vulnerabilities as Disclosure Volume Accelerates Why Intelligence Requirements Fall Flat and How to Fix Them with a Practical Priority Intelligence Requirements Framework The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks Tax Refund Fraud in 2026: How Threat Actors Exploit Identity, Verification, and Cash-Out Channels The Language of Emojis in Threat Intelligence: How Adversaries Signal, Obfuscate, and Coordinate Online What the NVD ‘Slowdown’ Means For You: How to Stay Ahead in Vulnerability Management Forrester Threat Intelligence Landscape: Key Takeaways for Security Leaders Connecting Threat Intelligence to Decision-Making: How Flashpoint Is Operationalizing Intelligence in 2026 Iran-Aligned Militias Signal Expanded Regional Risk Amid US–Israel–Iran Conflict Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks Navigating 2026’s Converged Threats: Insights from Flashpoint’s Global Threat Intelligence Report What to Know About the Notepad++ Supply-Chain Attack Cyber Threat Intelligence Index: Q3 2023 Edition Beyond Hamas: Militant and Terrorist Groups Involved in the October 7 Attack on Israel The First 72 Hours of the Israel-Hamas War: Hamas and PIJ Activity on Telegram About Us Qakbot Takedown: A Brief Victory in the Fight Against Resilient Malware Unmasking the Attacker and Decoding Threat Actor Patterns The Flashpoint Firehose: 5 Questions With Michael Raypold, VP of Engineering The Seven Phases of a Ransomware Attack: A Step-by-Step Breakdown of the Attack Lifecycle Lost in Transition: A Timeline of Failed Successors to Breach and Raid Forums Days of Chaos: How OSINT Helps Us Understand the Putin-Prigozhin Schism Lessons From Clop: Combating Ransomware and Cyber Extortion Events How to Combat Check Fraud: Leveraging Intelligence to Prevent Financial Loss Beyond Gates and Alarms: The Scope and Impact of Physical Security Intelligence Why We Built Flashpoint Ignite: Unity, Power, and Performance The Risk-Reducing Power of Flashpoint Video Search Card Shop Threat Landscape: BidenCash Dumps 2.1M Stolen Credit Cards Flashpoint in 2023: A Note From Our CEO 5 Reasons Taiwan Is a Growing Source of US-China Tension Why We Acquired Echosec Systems: The OSINT Revolution Open Source Intelligence
National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges
Flashpoint · 2026-04-18 · via Threat Intelligence Blog | Flashpoint

The National Vulnerability Database (NVD) is changing how it processes and enriches vulnerability data in response to sustained growth in CVE submissions.

Under a new model announced by the National Institute of Standards and Technology, NVD will no longer enrich every CVE. Instead, enrichment efforts will focus on a defined subset, including vulnerabilities in the CISA KEV catalog, software used by the federal government, and software designated as critical.

All other CVEs will remain in the database without additional context unless specifically requested.

Rising disclosure volumes are placing pressure on public vulnerability infrastructure, and it has direct implications for how security teams consume and act on vulnerability data.

What Changed in NVD’s Operating Model

For years, NVD aimed to provide consistent enrichment across all CVEs, including severity scoring, affected product data, and supporting context for prioritization.

That approach has not been sustainable since late 2023.

In 2025, Flashpoint tracked 44,509 disclosed vulnerabilities, 14,593 of which had publicly available exploits (and 1,944 more with proof-of-concepts). 

CVE submissions increased by 263% between 2020 and 2025, with 2026 already tracking higher year-over-year. Even with increased throughput, NVD has not been able to keep pace.

Under the updated model:

  • CVEs meeting prioritization criteria will be enriched on an accelerated timeline
  • CVEs outside those criteria will be labeled and left without enrichment
  • Re-analysis of modified CVEs will occur selectively
  • Separate NVD severity scoring will no longer be applied by default

This introduces a significant structural change in how vulnerability data is published and maintained.

The Impact on Vulnerability Workflows

Many security programs rely on NVD enrichment to operationalize CVE data. That enrichment provides the context needed to evaluate risk and determine remediation priorities.

With enrichment applied selectively, teams will encounter a growing number of CVEs that include:

  • Limited or no severity scoring
  • Incomplete product and version data
  • Minimal context on exploitability or impact
  • No CPE strings that allow for programmatic consumption of data

At the same time, disclosure volume continues to rise, and exploitation timelines remain compressed. This creates a gap between what is disclosed and what can be acted on efficiently.

Security teams will need to account for:

  • Larger backlogs of CVEs without actionable context
  • Increased manual effort to evaluate relevance and risk
  • Greater variability in data quality across sources

These changes affect vulnerability management, threat intelligence, and security operations workflows simultaneously.

Prioritization Criteria Will Not Capture the Full Risk Landscape

NVD’s updated model focuses enrichment on a defined set of criteria, including known exploited vulnerabilities and software relevant to federal systems.

These categories represent important segments of risk, but they do not encompass the full set of vulnerabilities that organizations encounter in practice.

Modern environments include:

  • Open-source dependencies
  • SaaS platforms and APIs
  • Cloud infrastructure and services
  • Third-party and partner integrations

Many vulnerabilities affecting these environments fall outside formal prioritization frameworks or lack immediate classification within public datasets. As a result, security teams will continue to face exposure from vulnerabilities that are:

  • Actively exploited but not yet included in prioritized lists
  • Missing complete metadata or enrichment
  • Relevant to their environment but not captured by federal-centric criteria

Vulnerability Intelligence Requires Broader Coverage and Deeper Context

As public enrichment becomes more selective, organizations will rely more heavily on alternative sources to maintain visibility and context.

Effective vulnerability intelligence requires:

  • Coverage across CVE and non-CVE vulnerabilities
  • Continuous tracking of exploitation activity and adversary usage
  • Context on exploit maturity, and remediation
  • Consistent enrichment that can be integrated into operational workflows

This level of detail supports faster and more accurate decision-making in environments where both volume and speed are increasing.

Flashpoint’s vulnerability intelligence model is built to address these requirements, with a dataset that includes over 7,000 known exploited vulnerabilities and ongoing analyst-driven enrichment across global sources.

What Security Teams Should Do Next

This shift in NVD operations does not change the need to track CVEs. It changes how that data can be used. Security teams should evaluate how their current workflows depend on:

  • NVD enrichment for prioritization
  • CVSS scoring as a primary decision input
  • Completeness of public vulnerability data

From there, teams can take steps to strengthen resilience:

  • Incorporate sources of vulnerability intelligence that cover CVE and more
  • Align prioritization to exploitation activity and environmental relevance
  • Validate coverage across software, cloud, and third-party dependencies
  • Ensure that enrichment gaps do not delay remediation decisions

A Structural Shift in Vulnerability Data

For many teams, NVD has been a default source of vulnerability context. This change makes clear that its role is narrowing at a time when disclosure volume and prioritization demands are increasing.

At the same time, the role of vulnerability intelligence is expanding.

Security teams need access to data that supports prioritization, not just identification. They need consistent enrichment, faster turnaround, broader coverage, and context tied to real-world activity. As disclosure volumes continue to grow, those requirements become more central to how organizations manage risk.

Flashpoint’s Vulnerability Intelligence provides this level of coverage and context, with analyst-driven enrichment, global visibility across CVE and non-CVE vulnerabilities, and a dataset that includes over 7,000 known exploited vulnerabilities.

Request a demo to see how Flashpoint helps security teams prioritize and act on vulnerability risk with greater precision and confidence.