A Federal Watchdog Says the NVD Is Failing
Big Picture
A Commerce Department audit confirmed the National Vulnerability Database is falling behind on enrichment, the same week Oracle shipped 77 CVEs in one batch and npm got hit again. The shared infrastructure under vulnerability management is straining just as the disclosure load on top of it climbs.
TL;DR
The Watchdog Says the NVD Is Failing
The Commerce Department's Inspector General has now documented how NIST mismanaged the National Vulnerability Database, the central repository that has cataloged and enriched cybersecurity flaws since 2005. The finding is not a surprise to anyone who watched the enrichment backlog balloon over the past two years, and we flagged NIST quietly pulling back on NVD scoring back in April. A federal audit putting it on the record changes the conversation from rumor to fact. When a researcher or vendor reports a flaw, the NVD is where it gets the structured metadata, the severity scoring, the affected-version data that downstream tools consume. That pipeline has been clogged.
Oracle alone just resolved 77 vulnerabilities in a single batch, about a dozen of them critical and several with public exploit code already circulating. That is one vendor, in one month. Disclosure volume keeps climbing across the ecosystem while the shared layer that turns raw CVE IDs into usable, enriched intelligence keeps slipping. Every scanner, every prioritization workflow, every "what's exploitable here" decision draws on that enriched data, directly or through a vendor that does.
Takeaways
A stalling NVD never throws an error. It just lets a CVSS-sorted backlog drift out of date while still looking trustworthy, and you notice only when something you ranked low turns out to be what mattered.
Now the Model Itself Is a Supply-Chain Artifact
Most teams building with AI start from a backbone model: download a large pretrained system, adapt it to a task, ship it. A research team built an attack called BadBone that plants a backdoor in that backbone. The backdoor survives fine-tuning. Downstream tasks that adapt the model inherit the implant without ever touching the original poisoning. Corrupt the skeleton, and everything built on top carries it forward.
For a decade, "supply chain" in security has meant packages, dependencies, and build pipelines. The list keeps growing. This week it added the model weights themselves. A poisoned package at least announces itself in a manifest you can scan. A poisoned backbone is a binary blob you downloaded from somewhere, fine-tuned in good faith, and can no longer easily distinguish from a clean one. Model provenance, the boring question of where exactly these weights came from and who touched them, stops being a procurement footnote.
Takeaways
You could produce a dependency list for your code in minutes. Could you produce one for the model weights you are running at all?
Three EU Regulations, One Budget, Uneven Enforcement
Europe's squeeze this quarter is a sequencing problem. NIS2, DORA, and the AI Act are landing on overlapping timelines, and member states are implementing them at different speeds. The result is a compliance picture where the same organization can be ahead of schedule in one country and exposed in another, with limited clarity on what to prioritize first.
That unevenness is itself the near-term pressure. A multinational can't wait for the slowest member state to set the pace, because the strictest one effectively defines the floor. Security leaders say each regulation is legible on its own. The strain comes from sequencing all three against one budget and one team while enforcement signals arrive piecemeal across jurisdictions.
Takeaways
The teams that handle this well stop funding NIS2, DORA, and the AI Act as three separate projects and start funding the overlap between them as one.
The Week in Supply Chain
Exploitation kept a brisk pace this week, and one npm detail stands out. The Miasma worm compromised more than 30 official @redhat-cloud-services npm packages using a stolen GitHub account, planting a malicious preinstall hook that steals cloud credentials and can republish other packages. The worm mechanics are familiar by now. The namespace is what stands out: this lived under a trusted vendor's official packages, not a typosquat.
The exploited flaws piled up alongside it. Google patched an actively exploited Android zero-day among 124 fixes, attackers began forging authentication cookies against Palo Alto GlobalProtect (CVE-2026-0257) four days after disclosure, and a Windows Netlogon RCE patched in May (CVE-2026-41089) is now exploited against domain controllers. The sharper signal sits in Oracle's calendar change, a shift we flagged when Oracle first signaled it last month. Standing up a monthly Critical Security Patch Update for urgent fixes on top of its long-running quarterly cycle is a vendor conceding in its own release calendar that quarterly alone can no longer keep pace.
Takeaways
Your patch SLAs were almost certainly written for a quarterly world. The vendors just walked out of it.
Vulnerabilities in the Wild
By the numbers: 20 notable disclosures tracked | 5 under active exploitation | 1 zero-day | 9 with public PoC code
Critical
• CVE-2026-46840 — Oracle REST Data Services (24.2.0–26.1.0). CVSS 10.0 RCE. Unauthenticated takeover of the API gateway over HTTPS. Patch available. Source
• CVE-2026-41089 — Microsoft Windows Netlogon. Critical RCE, actively exploited against domain controllers; Belgium CERT issued warnings. Patched May 2026. Source
• CVE-2026-46775 / CVE-2026-46839 — Oracle REST Data Services (core). CVSS 9.9 RCE; held off a perfect score only by the need for network credentials. Patch available. Source
• CVE-2026-46822 — Oracle E-Business Suite. Critically rated flaw in Oracle's first monthly CSPU. Patch available. Source
• CVE-2026-46824 — Oracle Universal Work Queue portal. Critically rated flaw in Oracle's first monthly CSPU. Patch available. Source
• CVE-2026-46817 — Oracle Payments. Critically rated flaw in Oracle's first monthly CSPU. Patch available. Source
• CVE-2026-40933 — Flowise (self-hosted, MCP stdio servers). Critical one-click post-auth RCE via malicious chatflow import; researchers warn the official patch's input validation is trivially bypassed. Flowise Cloud unaffected. PoC available. Source
High
• CVE-2026-0257 — Palo Alto Networks GlobalProtect / PAN-OS. High-severity authentication bypass (CVSS 7.8) via forged cookies, actively exploited four days after disclosure. Source
• Android June 2026 zero-day (CVE-2025-48595) — Google Android (Framework). High-severity elevation-of-privilege flaw under limited, targeted exploitation; part of a 124-flaw June batch. Source
• WP Maps Pro admin-creation flaw — WordPress plugin (fixed in 6.1.1). Unauthenticated admin account creation, actively exploited; attacks already blocked at scale. Source
• CIFSwitch — 19-year-old Linux kernel flaw across multiple distributions. Local privilege escalation to root; PoC released. Source
• Miasma worm — 32+ official @redhat-cloud-services npm packages. Actively exploited self-propagating credential-stealing worm via malicious preinstall hook; steals cloud creds and CI/CD secrets, can republish packages. Source
Notable PoC & Lower-Severity
• Drupal Core 10.5.5 — error-based SQL injection; PoC published. Source
• WordPress OrderConvo 14 — path traversal; PoC published. Source
• phpBB 4.0.0-alpha1 — blind POST SSRF in Web Push (coordinated disclosure with phpBB). Source
• CVE-2026-2332 (Oracle REST Data Services) and CVE-2025-15467 / CVE-2025-58050 / CVE-2026-25646 (Oracle Communications Unified Assurance) — older flaws in embedded open-source components with PoC code reportedly circulating; Oracle advises patching these first. CVE-2025-58050 was first made public last August. Source
Curated Reading List
Thought-Provoking
• Move over, Mythos. Here comes... pretty much any other model with a good harness — Why it's worth your time: Argues the harness around a model matters more than which model you pick for most AppSec work. A sharp counter to model-hype that reframes how you evaluate AI security tooling.
• A Reference Architecture for Containing Agents: What Cequence Built and Anthropic Arrived At Independently — Why it's worth your time: Makes the case that prompt-injection detection and identity gateways aim at the wrong boundary, and offers a containment architecture for agent tool access. Useful if you're designing agent guardrails.
• Stop Treating Mobile App Security Like Web Security — Why it's worth your time: Unpacks why the web-security mental model breaks on mobile, where sensitive logic ships inside the client. A blind spot many teams carry into mobile reviews.
Current Events
• Containers on fire: from container escapes to supply chain attacks — Why it's worth your time: Kaspersky Securelist maps the primary container attack vectors — exposed secrets, privilege misconfigs, API compromise, and supply chain — a primary-source technical reference for hardening containerized workloads.
• Scala Security Audit (Quarkslab / OSTIF) — Why it's worth your time: Quarkslab's first OSTIF-funded audit of Scala 3 is a primary-source look at how a major language toolchain gets hardened through static and dynamic analysis.
• Microsoft Defender Vulnerability Management gets a smarter exposure score — Why it's worth your time: Defender's new model blends exploitability signals and asset context into the exposure score — a concrete example of the shift from raw CVSS toward risk-based prioritization the NVD story gestures at.
