Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced: “The current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.” Official letter from MITRE Corp announcing the implications and expiration of the CVE Program.

Erlang/OTP ships with an SSH daemon that many telecom, IoT, Elixir/Phoenix, RabbitMQ and CouchDB deployments leave running for convenience. A flaw in how that daemon parses pre-authentication SSH protocol messages enables an attacker to break out of the key-exchange state machine and open an arbitrary channel before credentials are verified.

CrushFTP—a Java-based, multi-protocol file-transfer server—ships with an Amazon S3–compatible API.

When it comes to exposure management, actionable context is key. Security teams don’t just need data – they need the right insights, in the right place, at the right time to drive remediation activities. That’s why seamless integrations between security and workflow tools are essential. At Seemplicity, building these integrations quickly and effectively isn’t just a goal, it’s a core competency.

I'm thrilled to announce Snyk API & Web, our next-generation dynamic application security testing (DAST) solution. It's more than just a product launch; it's Snyk’s answer to securing the complex, AI-powered applications developers are building today, deepening the integration of DAST into our comprehensive Developer Security Platform.

On April 16, 2025, fixes were released for a maximum severity vulnerability in Erlang/OTP SSH, CVE-2025-32433. Erlang/OTP SSH is a library within the Erlang/OTP platform, typically used in telecommunications, messaging, IoT, and distributed applications. CVE-2025-32433 allows unauthenticated remote threat actors to achieve remote code execution (RCE) in the SSH daemon. The issue arises due to a flaw in SSH protocol message handling, which permits the sending of protocol messages before authentication.

The recent financial crisis surrounding MITRE and the CVE program has sent shockwaves through the cybersecurity industry. For decades, CVEs have been the de facto index of software vulnerabilities. They’ve structured how we communicate, prioritize, and track issues across the ecosystem. But now, with their future uncertain, we’re forced to ask: what if the CVE system collapses? And more importantly—what should come next?

Imagine waking up to news that your company’s data has been leaked, your customers' trust is shattered, and your brand’s reputation is in tatters. Cybercriminals don’t wait for you to react—they exploit vulnerabilities the moment they find them. You're already playing a dangerous game if your security measures are outdated or reactive.