Slashdot

News for nerds, stuff that matters

NIST Limits CVE Enrichment After 263% Surge In Vulnerability Submissions

NIST is narrowing how it handles CVEs in the National Vulnerability Database (NVD), saying it will only automatically enrich higher-priority vulnerabilities. "CVEs that do not meet those criteria will still be listed in the NVD but will not automatically be enriched by NIST," it said. "This change is driven by a surge in CVE submissions, which increased 263% between 2020 and 2025. We don't expect this trend to let up anytime soon." The Hacker News reports: The prioritization criteria outlined by NIST, which went into effect on April 15, 2026, are as follows:

- CVEs appearing in the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog.
- CVEs for software used within the federal government.
- CVEs for critical software as defined by Executive Order 14028: this includes software that's designed to run with elevated privilege or managed privileges, has privileged access to networking or computing resources, controls access to data or operational technology, and operates outside of normal trust boundaries with elevated access.

Any CVE submission that doesn't meet these thresholds will be marked as "Not Scheduled." The idea, NIST said, is to focus on CVEs that have the maximum potential for widespread impact. "While CVEs that do not meet these criteria may have a significant impact on affected systems, they generally do not present the same level of systemic risk as those in the prioritized categories," it added. [...]

Changes have also been instituted for various other aspects of the NVD operations. These include:
- NIST will no longer routinely provide a separate severity score for a CVE where the CVE Numbering Authority has already provided a severity score.
- A modified CVE will be reanalyzed only if it "materially impacts" the enrichment data. Users can request specific CVEs to be reanalyzed by sending an email to the same address listed above.
- All unenriched CVEs currently in backlog with an NVD publish date earlier than March 1, 2026, will be moved into the "Not Scheduled" category. This does not apply to CVEs that are already in the KEV catalog.
- NIST has updated the CVE status labels and descriptions, as well as the NVD Dashboard, to accurately reflect the status of all CVEs and other statistics in real time.

Read more of this story at Slashdot.

Gazing Into Sam Altman's Orb Could Solve Ticket Scalping

An anonymous reader quotes a report from Wired: Sam Altman's iris-scanning, humanity-verifying World project announced at an event in San Francisco on Friday that Tinder users around the globe can now put a digital badge on their profiles signaling to potential suitors that they're a real human, provided they've already stared into one of World's glossy white Orbs and allowed their eyes to be scanned. The announcement follows a pilot project for Tinder verification that World previously conducted in Japan.

[...] In addition to the Tinder global expansion, Tools for Humanity, the company behind World, announced a number of other consumer and enterprise partnerships on Friday at its Lift Off event in San Francisco. The startup says Tinder users who verify with their World ID will receive five free "boosts," typically a paid feature that increases the number of users who see a profile by up to 10 times for 30 minutes. The videoconferencing platform Zoom also says that users can now require other participants to verify their identity with World before joining a call. Docusign, the contract signing software, will allow users to require World's identity verification technology.

Tiago Sada, Tools for Humanity's chief product officer, tells WIRED the company sees major platform partnerships as key to helping World become a mainstream identity-verification technology. Sada said he's especially interested in working with social media companies in the future, and was encouraged to see that Reddit has started testing World as a solution to help users distinguish bots from real people. [...] World is also launching a tool called Concert Kit, which lets artists reserve concert tickets for verified humans, a pitch aimed squarely at the bot-driven scalping problem that critics say has plagued sites like TicketMaster. World will test the feature on the upcoming Bruno Mars World Tour featuring Anderson .Paak, who is scheduled to play a verified-humans-only show under his alias DJ Pee .Wee in San Francisco on Friday night. "The idea that World ID is not just private, but it's one of the most private things you've ever used, that's not obvious," says Sada. "We're just not used to this kind of technology. Many people used to tape their [iPhone's sensor used to enable] Face ID when it came out, then we got used to it."

Read more of this story at Slashdot.

Mozilla 'Thunderbolt' Is an Open-Source AI Client Focused On Control and Self-Hosting

BrianFagioli writes: Mozilla's email subsidiary MZLA Technologies just introduced Thunderbolt, an open-source AI client aimed at organizations that want to run AI on their own infrastructure instead of relying entirely on cloud services. The idea is to give companies full control over their data, models, and workflows while still offering things like chat, research tools, automation, and integration with enterprise systems through the Haystack AI framework. Native apps are planned for Windows, macOS, Linux, iOS, and Android. Thunderbolt allows organizations to do the following:
- Run AI with their choice of models, from leading commercial providers to open-source and local models

- Connect to systems and data: Integrate with pipelines and open protocols, including: deepset's Haystack platform, Model Context Protocol (MCP) servers, and agents with the Agent Client Protocol (ACP)

- Automate workflows and recurring tasks: Generate daily briefings, monitor topics, compile reports, or trigger actions based on events and schedules

- Work seamlessly across devices with native applications for Windows, macOS, Linux, iOS, and Android

- Maintain security with self-hosted deployment, optional end-to-end encryption, and device-level access controls

Read more of this story at Slashdot.

Amazon's New Fire TV Sticks No Longer Support Sideloading

Amazon's newest Fire TV Sticks are dropping support for normal sideloading, blocking apps from outside the Amazon Appstore unless the device is registered with developers. Cord Cutters News reports: This week, Amazon announced the upcoming launch of a new Fire TV Stick HD. The new model will run on Amazon's Vega OS, rather than Android, so most streaming apps will be supported, but users won't be add third party apps. Now, on the product page to preorder the new Fire Stick, some Amazon customers are getting a message warning them that the new model won't allow sideloading. Interestingly, not all customers are getting the message, whether signed in to an Amazon account or not.

The message, shown in a screenshot below, says: "For enhanced security, this device prevents sideloading or installing apps from unknown sources. Only apps from the Amazon Appstore are available for download." [...] The Fire TV Stick Select, announced in September 2025, also runs on Vega and some customers will see the same message about sideloading on that product page. [...] While Amazon continues to be a "multi-OS company," we should expect that future Fire TV models will also be built with Vega OS, limiting the apps users can access with their streaming devices to those from the Amazon Appstore.

Read more of this story at Slashdot.

MetaFilter

The past 24 hours of MetaFilter

Is It Time What?

This clock displays the current time alphabetically.

"Never met him"

"No living American historian is as prolific as Blake Whiting. In one week alone last fall, he published 13 books on a host of complex archaeological and historical subjects, ranging from the collapse of Near Eastern civilizations in 1177 BCE to the recent discovery of a huge Silk Road–era city in Central Asia."
Who Is Blake Whiting? The most astonishingly productive historian in recent times is someone you'll never meet

"...Amazon sells his hardbacks for $28.99, the paperbacks for $20.99, and the Kindle versions for a bargain $7.99. What you can't buy from Amazon at any price, however, is Blake Whiting's CV. Though the books claim to be copyrighted in his name, you won't find an author picture or bio, nor will you find his website or Instagram. He does not belong to the faculty of any college or university, and he is unknown to those academics he cites in his books—which are not actually copyrighted. Whiting, as you have guessed, is neither historian nor human."

VK: Voorpagina

Volkskrant.nl biedt het laatste nieuws, opinie en achtergronden

Iran zegt verrijkt uranium niet af te staan, tegen Trumps beweringen in • CNN: maandag weer vredesoverleg

The Guardian

Latest news, sport, business, comment, analysis and reviews from the Guardian, the world's leading liberal voice

Clair Obscur and Dispatch share top honours at Bafta games awards

Role-playing adventure and superhero comedy among big winners on a varied night in London

With 12 nominations, acclaimed role-playing adventure Clair Obscur: Expedition 33 was expected to be the runaway success at the 2026 Bafta games awards, held in London on Friday evening.

And while it couldn’t quite match its nine wins at the Game Awards back in December, it was still the joint biggest winner on the night, taking best game and debut game as well as the performer in a leading role award for Jennifer English.

Continue reading...

Rashford faces summer in post-loan limbo but Carrick says door at United is not closed

  • Barcelona increasingly unlikely to make loan permanent

  • United keen to sell forward but few can afford wages

Marcus Rashford could have a summer of transfer limbo in store despite Michael Carrick admitting the door is not completely closed on the forward playing for Manchester United again. Rashford is currently on loan at Barcelona but it is becoming increasingly unlikely the move will be made permanent, which will obligate a return to Old Trafford where he would receive a wage rise if the club qualify for the Champions League.

The 28-year-old has not played for United since December 2024, spending the past 16 months out on loan at Aston Villa and Barcelona, who have the option to purchase Rashford for €30m (£26m). United sit comfortably in third, seven points above Saturday’s opponents, sixth-placed Chelsea, but will not want to see the gap close come full time at Stamford Bridge.

Continue reading...

Arsenal will not play for a draw in Manchester City face-off, insists Arteta

  • Arsenal coach sees trip to Etihad as ‘a big opportunity’

  • Bukayo Saka still unavailable with an achilles problem

Mikel Arteta will go all out for victory in Sunday’s Premier League title showdown at Manchester City and has not thought for “one second” about setting up for a draw.

Arsenal are six points clear of City, albeit they have played an extra game, and a stalemate could move them decisively towards the trophy they crave. According to Opta’s projections, Arsenal would have an 89% probability of winning the title if it finished all square at the Etihad Stadium.

Continue reading...

Frank Lampard delight as nervy draw at Blackburn seals promotion for Coventry

Coventry City are finally back in the big time for the first time in a generation. After 25 years away, a period during which the club changed stadiums, hit financial rock bottom and plummeted to the depths of League Two as recently as 2017-18, manager Frank Lampard has led them to the promised land, with this 1-1 draw sealing a famous promotion.

The Sky Blues struggled to find a way past Blackburn for much of this tense evening and went behind to Ryoya Morishita’s strike, before Bobby Thomas blew the lid off the away end at Ewood Park with a header that will go down in Coventry folklore. The Premier League is calling once again.

Continue reading...

Peaceful

BertvB posted a photo:

Peaceful

Jeffrey Gibson, I Know You Have a Lot of Strength Left

Thomas Hawk posted a photo:

Jeffrey Gibson, I Know You Have a Lot of Strength Left

America

Thomas Hawk posted a photo:

America

The Register

Biting the hand that feeds IT — Enterprise Technology News and Analysis

Intel eases reliance on TSMC with 'Merica-made Core Series 3 processors

Stripped-down Ultra for laptops and low-power edge boxes

Intel brought a few more chips home from Taiwan this week, with a new round of budget-oriented Core Series 3 processors fabbed right in the US-of-A.…

Formula 1 News

Formula 1® - The Official F1® Website

Audi team battle key to Bortoleto betting success

An exciting season match bet battle is brewing at Audi.

this isn't happiness.

ART, PHOTOGRAPHY, DESIGN & DISAPPOINTMENT INSTAGRAM ★ ELSEWHERES

Octopussy, Min Ding







Octopussy, Min Ding

Suck it up, Penique Productions







Suck it up, Penique Productions

Too tired, Anastasia Sierra





Too tired, Anastasia Sierra

Friday Squid Blogging: New Giant Squid Video

Pretty fantastic video from Japan of a giant squid eating another squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.