Saturday , June 20 2026

FIRST CVSS 4.0
FIRST releases new vulnerability scoring system CVSS 4.0

infosecbulletin Thursday , November 2 2023 Hot Topic, International

The Forum of Incident Response and Security Teams (FIRST) has recently announced the release of CVSS v4.0, the latest version of the Common Vulnerability Scoring System (CVSS) standard. This update comes more than eight years after the release of CVSS v3.0 in June 2015.

Version 4.0 of CVSS aims to improve vulnerability assessment for both industry and the public, according to FIRST.

CISA: Splunk flaw under active exploit, patch by Sunday

By infosecbulletin / Saturday , June 20 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has asked federal agencies to protect their systems by Sunday from a...
Read More
CISA: Splunk flaw under active exploit, patch by Sunday

Texas data breach exposes 3 million driver’s licenses

By infosecbulletin / Saturday , June 20 2026
The Texas Parks and Wildlife Department (TPWD) revealed a data leak at its license system provider. This leak exposed private...
Read More
Texas data breach exposes 3 million driver’s licenses

Critical Cisco ISE Vulnerability Enables Remote Code Execution

By infosecbulletin / Friday , June 19 2026
Cisco has revealed critical security flaws in its Identity Services Engine (ISE). These flaws could let attackers run harmful code...
Read More
Critical Cisco ISE Vulnerability Enables Remote Code Execution

F5 Patches NGINX Flaw for Code Execution and DoS Attacks

By infosecbulletin / Thursday , June 18 2026
F5 has shared a security warning about serious flaws in NGINX. These issues could let attackers run any code and...
Read More
F5 Patches NGINX Flaw for Code Execution and DoS Attacks

FortiBleed: 70,000 Fortinet Firewalls Compromised Globally

By infosecbulletin / Wednesday , June 17 2026
A vast cyber spying operation called “FortiBleed” has quietly compromised more than 73,932 different Fortinet firewall URLs in 194 countries....
Read More
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally

New Rokarolla Android malware hits 217 banking and crypto apps

By infosecbulletin / Wednesday , June 17 2026
A new Android banking trojan called Rokarolla is hitting 217 banking and cryptocurrency apps with a wide range of 137...
Read More
New Rokarolla Android malware hits 217 banking and crypto apps

Phishing Campaign Exploits Legitimate Microsoft Login Flow

By infosecbulletin / Tuesday , June 16 2026
Attackers are using Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow in a campaign to take control of Microsoft...
Read More
Phishing Campaign Exploits Legitimate Microsoft Login Flow

ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks

By infosecbulletin / Tuesday , June 16 2026
Cisco on Monday told customers about a new SD-WAN product flaw used in attacks. The flaw, called CVE-2026-20262, is a...
Read More
ALERT Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks

“Panthalassa” builds floating AI data centers powered by ocean waves

By infosecbulletin / Tuesday , June 16 2026
Every American data center story these days follows almost the same pattern. Someone has the chips, someone has the cash,...
Read More
“Panthalassa” builds floating AI data centers powered by ocean waves

Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion

By infosecbulletin / Monday , June 15 2026
A critical security flaw has affected the open-source security community. Recently, complete details and working exploit code were shared online....
Read More
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion

CVSS is used to measure the severity of security vulnerabilities. It assigns a numerical score to each vulnerability, which can be translated into levels like low, medium, high, and critical. This helps organizations prioritize their vulnerability management.

In July 2019, an important update was made to CVSS v3.1. It highlighted that CVSS is meant to gauge the seriousness of a vulnerability and should not be the sole factor in evaluating risk.

CVSS v3.1 has received criticism for its scoring scale and for not properly representing health, human safety, and industrial control systems.

The new standard has added extra metrics to assess vulnerabilities. These metrics include Safety (S), Automatable (A), Recovery (R), Value Density (V), Vulnerability Response Effort (RE), and Provider Urgency (U).

It introduces new names for scoring CVSS. The new names are Base (CVSS-B), Base + Threat (CVSS-BT), Base + Environmental (CVSS-BE), and Base + Threat + Environmental (CVSS-BTE).

“The recommended approach is to emphasize that CVSS encompasses more than just the Base score, and this terminology should be employed whenever a numerical CVSS value is presented or conveyed.”

“The CVSS Base Score should be considered in conjunction with the analysis of the environment and attributes that may change over time.”

Check Also

Anthropic

Anthropic disables Fable 5 and Mythos 5 Access after US order limiting foreign access

Anthropic said on Friday it will quickly turn off its best AI models for everyone. …

Mail: [email protected]
© Copyright 2026, All Rights Reserved InfoSecBulletin