VulnCheck bug listing to help track new threats quicker

VulnCheck, a US-based exploit intelligence specialist, has launched its own Known Exploited Vulnerabilities (KEV) catalogue, with the aim of publicising impactful common vulnerabilities and exposures (CVEs) more widely among end-users.

The organisation said the tool, which will be accessible for free to those joining the VulnCheck community, will provide security teams and other defenders with intel on vulnerabilities that are being exploited in the wild, helping them better manage threats, figure out what needs to be prioritised, and stay ahead of problematic bugs.

The concept behind VulnCheck’s initiative drawns on the well-known KEV catalogue run by the US Cybersecurity Infrastructure and Security Agency (CISA), America’s counterpart to the UK’s National Cyber Security Centre (NCSC).

The CISA KEV catalogue is designed to track vulnerabilities than the agency assesses are a threat to US government bodies, and it mandates remediating or patching within a set timescale – these conditions do not apply to private organisations or members of the public.

However, CISA’s strict focus means it has been known to miss things. VulnCheck said that, at present, it is tracking 876, or 81%, more vulnerabilities exploited in the wild than CISA, and adding new bugs to its catalogue 27 days earlier than the Arlington, Virginia-based agency, which forms part of the Department of Homeland Security (DHS).

“The CISA KEV catalogue continues to be an invaluable tool and a driving force in our industry, but there is an opportunity for broader visibility and often earlier indicators into known exploitation,” said Anthony Bettini, founder and CEO of VulnCheck.

“This is why we decided to offer a community resource that provides broader known exploited vulnerability intelligence and reference materials, all delivered at machine speed.”

Recent research conducted by Coalition, a supplier of cyber risk and insurance services, found that the total number of CVEs disclosed was set to grow by 25% during 2024, hitting a new high of almost 35,000. In light of this rapid growth – and equally rapid exploitation by malicious actors – VulnCheck said the ability to move quickly and access a wide breadth of data were highly valuable assets to security teams, something it hopes it can provide through its own service.

Some of the key features of the new service include comprehensive CVE tracking, including all those listed by CISA; contextual exploit intelligence, including publicly available proof of concept (PoC) exploit code if possible; and exploit references. The new KEV provides citations for all CVEs listed to give defenders an idea of why a particular CVE has made the cut – for example, if one is being used by a ransomware gang, evidence of this will be given.

The tool is available now to community members via the VulnCheck KEV dashboard, machine-readable JSON, and the VulnCheck KEV API endpoint.