NVD Goes Dark as CISA KEV Floods and IR Trust Collapses

◆ DEEP DIVES

1. 01

   NIST NVD Stopped Enriching Most CVEs — Your Vulnerability Management Program Just Went Partially Blind

   <h3>What Happened</h3><p>As of <strong>April 15, 2026</strong>, NIST's National Vulnerability Database only enriches CVEs meeting one of three criteria: listed in CISA's KEV catalog, affecting US federal government software, or qualifying as critical under <strong>EO 14028</strong>. Everything else — the vast majority of CVEs — receives a CVE number and <em>nothing more</em>. No CVSS score. No CWE classification. No CPE mapping. This is not a temporary backlog issue; it's a <strong>permanent policy shift</strong> driven by unsustainable volume growth.</p><hr><h3>Why This Matters Now</h3><p>Your vulnerability scanners, SCA tools, SIEM correlation rules, compliance dashboards, and executive reports almost certainly consume NVD enrichment data. Without CVSS scores, your severity-based SLAs don't fire. Without CPE data, your asset-to-vulnerability mapping breaks. Without CWE classifications, your root cause analysis loses a primary taxonomy. <strong>Every downstream process that assumes NVD enrichment exists is now operating with incomplete data.</strong></p><p>This collides with two other developments that amplify the impact:</p><ul><li><strong>8 new CISA KEV entries</strong> dropped today — including three simultaneous Cisco Catalyst SD-WAN Manager CVEs (CVE-2026-20122, CVE-2026-20128, CVE-2026-20133) that suggest coordinated targeting of network management infrastructure, plus Zimbra, TeamCity, Kentico, Quest KACE, and PaperCut</li><li><strong>Mean time-to-exploit collapsed to 20 hours</strong> (down from 2.3 years in 2018), per the CSA/SANS 'Mythos-Ready' CISO Framework co-authored by Jen Easterly and Bruce Schneier</li></ul><p>Two-thirds of mass-internet scanning surges <strong>precede vendor disclosures by a median of 11 days</strong>. Your attackers are scanning before the CVE exists, exploiting within 20 hours of disclosure, and now the enrichment data your triage depends on won't arrive for most vulnerabilities — <em>ever</em>.</p><blockquote>A 12-day average patch time was described by one expert as 'essentially a suicide note for your network' — and that was before NVD went dark on enrichment.</blockquote><hr><h3>Cross-Source Analysis</h3><p>Five independent sources converge on the same conclusion: the traditional vulnerability management model is <strong>structurally broken</strong>. The NVD enrichment gap means you can't triage by severity. The 20-hour MTTE means you can't wait for enrichment even if it existed. The pre-disclosure scanning data means attackers are ahead of you before the race starts. And thousands of Apache ActiveMQ instances remain unpatched weeks after active exploitation — proving that even with full enrichment, organizations aren't patching fast enough.</p><p>The only area of disagreement across sources is <em>what replaces NVD</em>. Options cited include the <strong>GitHub Advisory Database, OSV, VulnDB, and Snyk Vuln DB</strong>. No single source provides equivalent coverage. Your program likely needs multiple supplemental feeds — and the integration work starts now.</p><h4>The 8 KEV Entries Demand Immediate Action</h4><table><thead><tr><th>CVE</th><th>Product</th><th>Action</th></tr></thead><tbody><tr><td>CVE-2026-20122/20128/20133</td><td>Cisco SD-WAN Manager</td><td>Patch or restrict management plane</td></tr><tr><td>CVE-2025-48700</td><td>Zimbra Collaboration</td><td>Patch immediately</td></tr><tr><td>CVE-2024-27199</td><td>JetBrains TeamCity</td><td>Patch — older CVE now confirmed exploited</td></tr><tr><td>CVE-2025-2749</td><td>Kentico CMS</td><td>Patch immediately</td></tr><tr><td>CVE-2025-32975</td><td>Quest KACE</td><td>Patch immediately</td></tr><tr><td>CVE-2023-27351</td><td>PaperCut</td><td>Patch — 2023 CVE now exploited</td></tr></tbody></table><p><em>Note: CVE-2024-27199 (TeamCity) and CVE-2023-27351 (PaperCut) are older CVEs now confirmed exploited in the wild. If you deprioritized these because they weren't initially seen as exploited, that assumption just expired.</em></p>

   Action items

   • Map every tool, dashboard, SIEM rule, and compliance report consuming NVD enrichment data — identify which will break or degrade without CVSS/CWE/CPE
   • Patch or mitigate all 8 CISA KEV entries by end of week — prioritize Cisco SD-WAN Manager (3 CVEs suggest coordinated campaign)
   • Evaluate GitHub Advisory Database, OSV, VulnDB, and Snyk Vuln DB as supplemental enrichment sources by end of month
   • Integrate EPSS scores into your vulnerability triage workflow alongside CVSS this quarter

   Sources:protobuf.js CVSS 9.4 RCE is in your Firebase & gRPC stack — and NIST just stopped enriching most CVEs · 8 New KEV Exploits, a Supply Chain Breach Pattern You Need to Hunt For, and Your AI Tools Are the New Attack Surface · Your AI agents are leaking credentials: Azure SRE, Antigravity IDE, and Teams cross-tenant attacks all hit this week · Your AI tooling OAuth tokens are the new attack surface — Vercel breach proves it

2. 02

   Your Ransomware Negotiator Was Working for BlackCat — The IR Ecosystem Has a Confirmed Trust Problem

   <h3>The Breach of Trust</h3><p>Angelo John Martino III, a former ransomware negotiator at <strong>DigitalMint</strong>, pleaded guilty to colluding with <strong>BlackCat/ALPHV affiliates</strong>. During active engagements where he was trusted to represent victim organizations, Martino fed attackers the intelligence that determines how much a victim pays: <strong>insurance coverage limits, negotiation posture, organizational desperation, and willingness to pay</strong>. Five clients paid ransoms while Martino played both sides. Authorities seized approximately <strong>$10 million in assets</strong>. He faces up to 20 years at sentencing in July 2026.</p><p>This is not an isolated actor. Martino conspired with <strong>other IR professionals</strong> to deploy BlackCat ransomware against additional US firms in 2023 — meaning the insider threat extends across multiple individuals in the response ecosystem.</p><hr><h3>Why Four Sources Flagged This Simultaneously</h3><p>Four independent intelligence sources elevated this story to priority status today, and the convergence is instructive. Each highlights a different facet of the same structural vulnerability:</p><ul><li><strong>The operational intelligence angle</strong>: During a ransomware incident, negotiators typically access insurance policy limits, business interruption estimates, board-level payment authorization, and the full scope of technical compromise</li><li><strong>The threat actor angle</strong>: This is functionally an intelligence operation embedded inside the victim's crisis response — MITRE ATT&CK T1199 (Trusted Relationship) weaponized at the human layer</li><li><strong>The ecosystem angle</strong>: If IR professionals are both deploying ransomware <em>and</em> negotiating on behalf of victims, the trust model underpinning the entire incident response industry requires re-examination</li><li><strong>The detection angle</strong>: Your detection capability for this vector is almost certainly zero — no SIEM rule catches a trusted adviser sharing privileged information via side channel</li></ul><blockquote>Your IR vendor has the keys to your worst day. After the Martino conviction, if you haven't compartmentalized insurance and negotiation data from your IR vendors, you're giving threat actors a cheat sheet to your willingness to pay.</blockquote><hr><h3>Compartmentalization Framework</h3><p>The same zero-trust principles you apply to your network must now apply to your <strong>crisis response chain</strong>. During a ransomware incident, information should be separated into distinct streams with different access controls:</p><table><thead><tr><th>Information Stream</th><th>Access</th><th>Excluded From</th></tr></thead><tbody><tr><td>Technical remediation</td><td>IR firm, internal security</td><td>Insurance details, payment strategy</td></tr><tr><td>Business continuity</td><td>C-suite, operations</td><td>Detailed technical findings, attacker comms</td></tr><tr><td>Financial/insurance</td><td>CFO + outside counsel only</td><td>IR firm, technical team, negotiator</td></tr><tr><td>Negotiation strategy</td><td>Counsel + designated exec</td><td>Anyone not directly authorizing payment</td></tr></tbody></table><p><strong>No single external party should have visibility across all four streams.</strong> The Martino case demonstrates that a negotiator with cross-stream access is an intelligence goldmine for the adversary.</p>

   Action items

   • Review all IR retainer and ransomware negotiation contracts this week for information compartmentalization requirements, personnel vetting clauses, and conflict-of-interest disclosures
   • Implement need-to-know compartmentalization in your ransomware response playbook — separate insurance data, negotiation strategy, and technical remediation into distinct access-controlled streams
   • Request updated background checks and conflict-of-interest disclosures from all active IR and negotiation retainer firms
   • Add dual-authorization requirements and communication monitoring provisions to IR retainer contracts at next renewal

   Sources:8 New KEV Exploits, a Supply Chain Breach Pattern You Need to Hunt For, and Your AI Tools Are the New Attack Surface · Your IR retainer could be feeding BlackCat your insurance limits — insider threat confirmed in ransomware negotiation ecosystem · Anthropic's cybersecurity AI breached on launch day via your weakest link: predictable URLs and contractor access · Your IR retainer might be working for ALPHV/BlackCat — and your devs' code editor just got a new owner

3. 03

   Anthropic's Restricted Mythos Model Was Breached on Announcement Day — And It Found 271 Firefox Zero-Days

   <h3>The Dual-Edge Inflection Point</h3><p>Anthropic's <strong>Mythos model</strong> — deliberately withheld from public release because of its cyberattack capabilities — was accessed by unauthorized users through a <strong>chained supply chain compromise</strong>. Seven independent sources reported on the breach and its implications, making this the most widely flagged AI security story of the day. Simultaneously, Mozilla disclosed that Mythos discovered <strong>271 security vulnerabilities in Firefox 150</strong> during a controlled engagement — a step-function increase over human researcher yield.</p><p>The attack chain was devastatingly simple: credentials exposed in <strong>Mercor's prior data breach</strong> were used to authenticate into a third-party development environment that Anthropic maintains for partner organizations under <strong>Project Glasswing</strong>. Through this environment, attackers gained access to Mythos and other unreleased models. At least one attacker had access through <strong>employment at a third-party contractor</strong>.</p><blockquote>If the most safety-conscious AI lab can't keep its restricted models restricted, your threat model needs to assume offensive AI capabilities are already widely available.</blockquote><hr><h3>The 271-Vulnerability Problem</h3><p>The Mythos-Firefox result demands a recalibration of your vulnerability management expectations. Mozilla acknowledged these findings could have been made by elite researchers or automated fuzzing — but Mythos <strong>compressed months of effort into days</strong>. The implications cascade:</p><table><thead><tr><th>Dimension</th><th>Before AI Vuln Discovery</th><th>After Mythos-Class Tools</th></tr></thead><tbody><tr><td>Yield per codebase</td><td>Dozens per release</td><td>Hundreds per release</td></tr><tr><td>Discovery speed</td><td>Weeks to months</td><td>Hours to days</td></tr><tr><td>Attacker access barrier</td><td>Elite skills required</td><td>API access to frontier model</td></tr><tr><td>Patch window pressure</td><td>30-90 days manageable</td><td>Days before stockpile exploitation</td></tr></tbody></table><p>The dual-use math is unforgiving: defenders can use Mythos-class tools to find bugs, but the <strong>containment failure proves adversaries can access equivalent capabilities</strong>. One source flagged that OpenAI's Sam Altman called Anthropic's restriction 'fear-based marketing' — suggesting the industry may shift toward broader defensive access rather than tighter restriction. Watch for Anthropic to expand Project Glasswing access.</p><hr><h3>Cross-Source Tension</h3><p>Sources diverge on one critical question: <strong>was this breach significant or contained?</strong> Anthropic's official position is that unauthorized access didn't impact core systems. Bloomberg confirmed the breach independently. Sources closest to the technical details note the attackers reportedly used Mythos for benign tasks (building websites), suggesting opportunistic access rather than offensive weaponization — <em>this time</em>. But the access path is proven and repeatable.</p><p>Anthropic has responded by requiring <strong>government-issued IDs and selfies</strong> for high-stakes accounts — a reactive control that addresses authentication but not the supply chain vector that enabled the breach. The Mercor-to-Anthropic chain is the proof point that one vendor's breach can unlock another vendor's crown jewels.</p><p>The strategic takeaway is clear: <strong>AI model containment through access restriction alone doesn't survive contact with a supply chain breach.</strong> If you participate in any AI company's research, red team, or early access program, your credentials are part of the attack surface for that lab's most sensitive assets.</p>

   Action items

   • Update your threat model this sprint to assume adversaries have access to frontier offensive AI capabilities — prioritize detection of AI-augmented attack patterns (automated vuln discovery, polymorphic payloads, AI-generated phishing)
   • Audit all AI vendor partner credentials — verify any research program, red team, or early access credentials are unique, rotated, and not shared with other platforms
   • Evaluate AI-powered SAST/DAST integration into your SDLC this quarter — run a POC comparing AI findings against your last pen test on your highest-risk codebase
   • Ensure Firefox is patched to 150+ fleet-wide and set alerting for new Mozilla security advisories over the next 60 days

   Sources:Anthropic's cybersecurity AI breached on launch day via your weakest link: predictable URLs and contractor access · Anthropic's 'too dangerous to release' AI model just leaked — and it already found 271 Firefox vulns · Anthropic's 'too dangerous to release' AI model just leaked via supply chain breach — your containment assumptions need updating · Anthropic's Mythos breached via third-party access — and your autonomous agent attack surface just exploded · Vault's static creds are dead, Grafana's new plugin marketplace is your next supply chain risk, and Mozilla proved AI finds 271 vulns per release · Anthropic's Mythos just found 271 vulns in Firefox — AI-powered vuln discovery is months faster than your current audit cycle