Tuesday , April 29 2025

FIRST CVSS 4.0
FIRST releases new vulnerability scoring system CVSS 4.0

The Forum of Incident Response and Security Teams (FIRST) has recently announced the release of CVSS v4.0, the latest version of the Common Vulnerability Scoring System (CVSS) standard. This update comes more than eight years after the release of CVSS v3.0 in June 2015.

Version 4.0 of CVSS aims to improve vulnerability assessment for both industry and the public, according to FIRST.

Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

Google's Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related...
Read More
Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

Palo Alto Networks to Acquire AI Security Firm “Protect AI”

On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...
Read More
Palo Alto Networks to Acquire AI Security Firm “Protect AI”

CISA Releases Seven ICS Advisories

On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....
Read More
CISA Releases Seven ICS Advisories

India Launches First Quantum Computing Village in Amaravati

India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
India Launches First Quantum Computing Village in Amaravati

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library

A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
CVE-2025-43859  Request Smuggling Vulnerability in Python’s h11 HTTP Library

NVIDIA Releases Security Update For GPU Driver Vulnerabilities

NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...
Read More
NVIDIA Releases Security Update For GPU Driver Vulnerabilities

‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about real-time attacks using fake login...
Read More
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild....
Read More
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

CVSS is used to measure the severity of security vulnerabilities. It assigns a numerical score to each vulnerability, which can be translated into levels like low, medium, high, and critical. This helps organizations prioritize their vulnerability management.

In July 2019, an important update was made to CVSS v3.1. It highlighted that CVSS is meant to gauge the seriousness of a vulnerability and should not be the sole factor in evaluating risk.

CVSS v3.1 has received criticism for its scoring scale and for not properly representing health, human safety, and industrial control systems.

The new standard has added extra metrics to assess vulnerabilities. These metrics include Safety (S), Automatable (A), Recovery (R), Value Density (V), Vulnerability Response Effort (RE), and Provider Urgency (U).

It introduces new names for scoring CVSS. The new names are Base (CVSS-B), Base + Threat (CVSS-BT), Base + Environmental (CVSS-BE), and Base + Threat + Environmental (CVSS-BTE).

“The recommended approach is to emphasize that CVSS encompasses more than just the Base score, and this terminology should be employed whenever a numerical CVSS value is presented or conveyed.”

“The CVSS Base Score should be considered in conjunction with the analysis of the environment and attributes that may change over time.”

Check Also

SSL.com

SSL.com’s domain validation system’s bug found: Hacker exploited

SSL.com has revealed a major security flaw in its domain validation system, which could enable …

Leave a Reply

Your email address will not be published. Required fields are marked *