Latest news with #CISAKEV
Yahoo
21-05-2025
- Business
- Yahoo
Attaxion Becomes the First EASM Platform to Integrate ENISA's EU Vulnerability Database (EUVD)
DOVER, Del., May 21, 2025 /PRNewswire/ -- Attaxion, the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform. Operated by the European Union Agency for Cybersecurity (ENISA), the EUVD is a publicly accessible vulnerability repository developed in response to the NIS2 Directive. It entered beta testing in mid-April 2025. The database takes a multi-stakeholder approach, assigning unique EUVD identifiers, cross-referencing CVEs, aggregating input from CSIRTs and other sources, and publishing actionable information such as mitigation measures and exploitation status. With the recent nearly avoided CVE funding crisis and the growing backlog of vulnerabilities yet to be processed by NIST, many organizations started to look for additional sources of truth for their vulnerability management efforts. Attaxion data shows that only 30% of discovered vulnerabilities have a CVE identifier assigned to them. EUVD emerges as a key resource in addressing these problems. Every vulnerability in an organization's external attack surface identified by Attaxion will now display its corresponding EUVD ID, where available, providing security teams with broader coverage and context for vulnerability prioritization. Figure 1 - EUVD ID appearing in the vulnerability name and as a tag in issue reports. The EUVD integration enhances Attaxion's ability to correlate and enrich vulnerability data with authoritative European intelligence. Each mapped EUVD ID brings additional metadata such as exploitation confirmation, affected products, and references — details that may not appear in other global sources. This layered context enables faster triage, risk-based prioritization, and supports compliance with regulations such as the NIS2 Directive and the upcoming Cyber Resilience Act. In parallel, EUVD data is now presented alongside existing vulnerability indicators such as CVSS scores and CISA KEV inclusion within the Attaxion platform. This unified view helps security teams evaluate issues based on severity, exploitability, and regulatory relevance, ultimately supporting better prioritization and remediation decisions. The update is part of an ongoing effort to consolidate diverse threat intelligence into a streamlined operational workflow. Figure 2 - EUVD IDs in vulnerability lists alongside CVSS and CISA KEV data. "We're constantly working to improve our vulnerability coverage and deliver more meaningful context to our users," said Max Beatty, Head of Growth & Strategy at Attaxion. "The integration of a second independent scoring system with EUVD data not only expands the range of vulnerabilities we uncover but also enhances their analytical depth. With trusted, region-specific insights at the source, we're helping organizations make better-informed decisions and provide their users with meaningful data, spanning diverse geographies and regulatory environments." As the first EASM platform to integrate EUVD, Attaxion also sets a precedent for aligning external attack surface management with emerging public-sector threat intelligence efforts. The move underscores a broader industry shift toward interoperability between commercial platforms and government-backed datasets — bridging gaps between security operations and regulatory intelligence at scale. About Attaxion Attaxion helps organizations discover, monitor, and secure their internet-facing assets. The platform combines automated discovery, continuous assessment, and guided remediation to deliver 97% greater asset visibility and AI-driven vulnerability prioritization — making robust cyber defense accessible to teams of every size. To support early evaluation and integration, Attaxion is available with a 30-day free trial. ContactPR TeamAttaxion LLCpress@ Photo - - - View original content to download multimedia: SOURCE Attaxion Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
21-05-2025
- Business
- Yahoo
Attaxion Becomes the First EASM Platform to Integrate ENISA's EU Vulnerability Database (EUVD)
DOVER, Del., May 21, 2025 /PRNewswire/ -- Attaxion, the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform. Operated by the European Union Agency for Cybersecurity (ENISA), the EUVD is a publicly accessible vulnerability repository developed in response to the NIS2 Directive. It entered beta testing in mid-April 2025. The database takes a multi-stakeholder approach, assigning unique EUVD identifiers, cross-referencing CVEs, aggregating input from CSIRTs and other sources, and publishing actionable information such as mitigation measures and exploitation status. With the recent nearly avoided CVE funding crisis and the growing backlog of vulnerabilities yet to be processed by NIST, many organizations started to look for additional sources of truth for their vulnerability management efforts. Attaxion data shows that only 30% of discovered vulnerabilities have a CVE identifier assigned to them. EUVD emerges as a key resource in addressing these problems. Every vulnerability in an organization's external attack surface identified by Attaxion will now display its corresponding EUVD ID, where available, providing security teams with broader coverage and context for vulnerability prioritization. Figure 1 - EUVD ID appearing in the vulnerability name and as a tag in issue reports. The EUVD integration enhances Attaxion's ability to correlate and enrich vulnerability data with authoritative European intelligence. Each mapped EUVD ID brings additional metadata such as exploitation confirmation, affected products, and references — details that may not appear in other global sources. This layered context enables faster triage, risk-based prioritization, and supports compliance with regulations such as the NIS2 Directive and the upcoming Cyber Resilience Act. In parallel, EUVD data is now presented alongside existing vulnerability indicators such as CVSS scores and CISA KEV inclusion within the Attaxion platform. This unified view helps security teams evaluate issues based on severity, exploitability, and regulatory relevance, ultimately supporting better prioritization and remediation decisions. The update is part of an ongoing effort to consolidate diverse threat intelligence into a streamlined operational workflow. Figure 2 - EUVD IDs in vulnerability lists alongside CVSS and CISA KEV data. "We're constantly working to improve our vulnerability coverage and deliver more meaningful context to our users," said Max Beatty, Head of Growth & Strategy at Attaxion. "The integration of a second independent scoring system with EUVD data not only expands the range of vulnerabilities we uncover but also enhances their analytical depth. With trusted, region-specific insights at the source, we're helping organizations make better-informed decisions and provide their users with meaningful data, spanning diverse geographies and regulatory environments." As the first EASM platform to integrate EUVD, Attaxion also sets a precedent for aligning external attack surface management with emerging public-sector threat intelligence efforts. The move underscores a broader industry shift toward interoperability between commercial platforms and government-backed datasets — bridging gaps between security operations and regulatory intelligence at scale. About Attaxion Attaxion helps organizations discover, monitor, and secure their internet-facing assets. The platform combines automated discovery, continuous assessment, and guided remediation to deliver 97% greater asset visibility and AI-driven vulnerability prioritization — making robust cyber defense accessible to teams of every size. To support early evaluation and integration, Attaxion is available with a 30-day free trial. ContactPR TeamAttaxion LLCpress@ Photo - - - View original content to download multimedia: SOURCE Attaxion Sign in to access your portfolio
Yahoo
07-05-2025
- Business
- Yahoo
VulnCheck KEV Surges to Track More than 3,600 Known Exploited Vulnerabilities
Exploit Intelligence Company Now Tracking 173% More Known Exploited Vulnerabilities than CISA KEV; VulnCheck Community Surpasses 10,000 Users LEXINGTON, Mass., May 07, 2025--(BUSINESS WIRE)--VulnCheck, the exploit intelligence company, today announced significant growth of its Known Exploited Vulnerabilities (KEV) catalog, which now tracks over 3,600 known exploited vulnerabilities, and has surpassed over 10,000 users worldwide. The VulnCheck KEV is available through the VulnCheck Community as a free intelligence feed for any enterprise, cybersecurity firm, government team, or managed service provider. VulnCheck launched its Community offerings in early 2024, with hundreds of cybersecurity platforms now powered with VulnCheck intelligence. The volume of the VulnCheck KEV catalog exceeds the CISA KEV catalog by 173%. On average, the VulnCheck KEV is 27 days faster at informing users of known exploited vulnerabilities than the CISA KEV, and currently averages 125% more known exploited vulnerabilities added monthly. The VulnCheck KEV provides security teams and detection engineers with a dashboard featuring the largest real-time collection of known exploited vulnerabilities. Through its new interface, VulnCheck KEV users have enriched CVE context, including links to exploit proof-of-concept (POC) code, making it easier to find exploitation evidence and exploits for validation and testing against VulnCheck XDB - another Community resource that provides users with exploit POC code in Git repositories, programmatically compiled with validation steps that involve human analysis and automated block lists. "Our research shows that 28% of CVEs are exploited within the first 24 hours of disclosure to gain access to critical systems and organizations," said Anthony Bettini, CEO and founder, VulnCheck. "As defenders struggle to keep up, getting information into their hands faster about which vulnerabilities need remediation first can help stop breaches before they occur. The VulnCheck KEV solves this issue for thousands of defenders worldwide." The VulnCheck KEV catalog also includes citations and evidence explaining why each vulnerability is listed, linking to known threat actors, ransomware groups, or botnet activity when available. The VulnCheck KEV helps teams better manage threats, build detections faster, and solve the vulnerability prioritization challenge. In 2024, VulnCheck:
Business Wire
07-05-2025
- Business
- Business Wire
VulnCheck KEV Surges to Track More than 3,600 Known Exploited Vulnerabilities
LEXINGTON, Mass.--(BUSINESS WIRE)-- VulnCheck, the exploit intelligence company, today announced significant growth of its Known Exploited Vulnerabilities (KEV) catalog, which now tracks over 3,600 known exploited vulnerabilities, and has surpassed over 10,000 users worldwide. The VulnCheck KEV is available through the VulnCheck Community as a free intelligence feed for any enterprise, cybersecurity firm, government team, or managed service provider. VulnCheck launched its Community offerings in early 2024, with hundreds of cybersecurity platforms now powered with VulnCheck intelligence. The volume of the VulnCheck KEV catalog exceeds the CISA KEV catalog by 173%. On average, the VulnCheck KEV is 27 days faster at informing users of known exploited vulnerabilities than the CISA KEV, and currently averages 125% more known exploited vulnerabilities added monthly. The VulnCheck KEV provides security teams and detection engineers with a dashboard featuring the largest real-time collection of known exploited vulnerabilities. Through its new interface, VulnCheck KEV users have enriched CVE context, including links to exploit proof-of-concept (POC) code, making it easier to find exploitation evidence and exploits for validation and testing against VulnCheck XDB - another Community resource that provides users with exploit POC code in Git repositories, programmatically compiled with validation steps that involve human analysis and automated block lists. 'Our research shows that 28% of CVEs are exploited within the first 24 hours of disclosure to gain access to critical systems and organizations,' said Anthony Bettini, CEO and founder, VulnCheck. 'As defenders struggle to keep up, getting information into their hands faster about which vulnerabilities need remediation first can help stop breaches before they occur. The VulnCheck KEV solves this issue for thousands of defenders worldwide.' The VulnCheck KEV catalog also includes citations and evidence explaining why each vulnerability is listed, linking to known threat actors, ransomware groups, or botnet activity when available. The VulnCheck KEV helps teams better manage threats, build detections faster, and solve the vulnerability prioritization challenge. In 2024, VulnCheck: Added 717 new known exploited vulnerabilities for an average of 59.8/month compared to 170 added to the CISA KEV for an average of 14.2/month. Added 410 unique vendors with one or more known exploited vulnerabilities to the VulnCheck KEV vs. 56 unique vendors in the CISA KEV. Provided teams with contextual intelligence on the top 10 vendors by number of exploited vulnerabilities, including Microsoft (55), Apache (18), Ivanti (17), Apple (16), D-Link (14), Oracle (14), Google (13), Cisco (11), Progress (11) and VMware (11). Provided teams with intelligence on the top 10 products with exploited vulnerabilities, including Microsoft Windows (30), Google Chrome / Chromium (11), Apple IOS products (9), Apache OFBiz (6), Ivanti Connect Secure (6), Citrix Netscaler (6), Apple Safari (5), Cisco ASA / FTD (5), QNAP QTS (5), and openSSL (5). For more information on the VulnCheck KEV and to sign up for the VulnCheck Community, visit About VulnCheck VulnCheck is the exploit intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn or X. To learn more about VulnCheck, visit /.
Yahoo
24-03-2025
- Business
- Yahoo
VulnCheck Named Startup Spotlight Competition Finalist at Black Hat Asia 2025
Vulnerability and Exploit Intelligence Technology Leader Set to Present Before Panel of Esteemed Judges on April 3 LEXINGTON, Mass., March 24, 2025--(BUSINESS WIRE)--VulnCheck, the exploit intelligence company, today announced that it has been named a finalist for the first-ever Startup Spotlight Competition at Black Hat Asia 2025. VulnCheck will present its comprehensive exploit and vulnerability intelligence technology to a panel of distinguished industry judges and a live audience on Thursday, April 3 at the Marina Bay Sands in Singapore. Vulnerability exploitation has persisted as the top cybersecurity threat for years. Despite $30 billion spent annually across both the vulnerability management and threat intelligence sectors, security teams struggle to maintain pace with the volume of new vulnerabilities and the speed at which adversaries weaponize unpatched software. In fact, vulnerability exploitation increased by nearly 200% in 2024 and more than 23% of known exploited vulnerabilities (KEVs) were exploited on or before the day their CVEs were publicly disclosed. Recognizing the need to gather better data, faster, VulnCheck built an autonomous collection system to monitor threats at internet scale to give customers a prioritized view of the vulnerabilities that matter. "We now see sophisticated cybercriminals exploiting new vulnerabilities in as little as four hours," said Benjamin Harris, CEO and founder at watchTowr. "Defenders need to determine exposure to emerging vulnerabilities much sooner to effectively respond and prevent attacks before they occur. While dealing with slowdowns within industry-standard intelligence sources like CISA KEV, NVD and MITRE, VulnCheck data helps us fill this gap." VulnCheck delivers the most comprehensive, real-time exploit and vulnerability intelligence, autonomously collected at the time of disclosure. VulnCheck sources data from nearly 500 channels and over 400 million records across all CVEs. The platform refreshes its feed multiple times per day and provides data output in machine-readable feeds. Designed for seamless integration into security workflows and products, VulnCheck enables product, security and response teams to track, prioritize, and remediate the most critical vulnerabilities early and often. "We have the largest collection of vulnerability and exploit intelligence in the industry, and we make it available before anyone else," said Anthony Bettini, CEO and founder of VulnCheck. "As vulnerabilities are exploited on an increasingly compressed timeline, we believe it is critical for this unique, best-in-class threat data to be available on a global scale. This recognition from Black Hat Asia helps us expand even further in the APAC market, reaffirms our approach and is a testament to our team's commitment to supporting analysts and defending organizations from emerging threats." Last week, VulnCheck announced a $12 million Series A funding round led by Ten Eleven Ventures, with participation from existing investors including Sorenson Capital and In-Q-Tel (IQT). This follows a year in which the company achieved 3x year-over-year Annual Recurring Revenue growth, 158% customer growth and a 100% customer retention rate. The Startup Spotlight Competition begins at 4:15 p.m. SGT on April 3. VulnCheck's Chief Marketing Officer Tom Bain will be delivering the presentation, in addition to a second talk in Business Hall Theatre A at 11:35 a.m. SGT. Bain presented on behalf of VulnCheck in the 2024 RSAC Innovation Sandbox competition, where VulnCheck was one of 10 finalists, and most recently at the Montgomery Summit, where VulnCheck was a presenting company. The panel of expert judges includes Chiko David, Programs Director at Hatch; Lucas Nelson, Partner at Lytical Ventures; Jon Ong, Senior Cybersecurity Analyst at Omdia; and Sunil Sapra, co-founder and Chief Growth Officer at Eventus Security. Shanna Daly, CISO at OpSys will host the contest. For more information regarding the Black Hat Asia 2025 Conference at the Marina Bay Sands in Singapore from April 1-4, please visit To learn more about VulnCheck and its exploit intelligence solutions, visit About VulnCheck VulnCheck is the exploit intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn or X. To learn more about VulnCheck, visit About Black Hat Black Hat is the cybersecurity industry's most established and in-depth security event series. Founded in 1997, these annual, multi-day events provide attendees with the latest in cybersecurity research, developments, and trends. Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more. As the event series where all career levels and academic disciplines convene to collaborate, network, and discuss the cybersecurity topics that matter most to them, attendees can find Black Hat events in the United States, Canada, Europe, Middle East and Africa, and Asia. For more information, please visit View source version on Contacts Media Geoff LopesMarketbridge for VulnCheckvulncheck@
