Connect with us

CyberSecurity

ENISA Aims for Top-Tier Role in CVE Program: What It Means for EU Cybersecurity

Published

on

ENISA Aims for Top-Tier Role in CVE Program: What It Means for EU Cybersecurity

The European Union Agency for Cybersecurity (ENISA) is pushing for a more powerful position within the globally recognized Common Vulnerabilities and Exposures (CVE) program. A senior official at the agency confirmed that ENISA is currently undergoing onboarding to become a top-level root CVE Numbering Authority, or TL-Root CNA status. This move could reshape how vulnerabilities are managed across Europe.

Nuno Rodrigues Carvalho, head of sector for Incidents and Vulnerability Services at ENISA, made the announcement during the opening keynote at VulnCon26 in Scottsdale, Arizona. Speaking to Infosecurity Magazine, he expressed hope that the agency would achieve this elevated status by 2026 or early 2027. Currently, only two organizations hold this distinction: the US Cybersecurity and Infrastructure Security Agency (CISA) and MITRE, the nonprofit that operates the program.

What Does TL-Root CNA Status Entail?

To understand the significance of this ambition, it helps to break down the CVE hierarchy. ENISA became a CVE Numbering Authority (CNA) in 2024, which allowed it to assign CVE IDs to newly discovered vulnerabilities. A year later, it advanced to a Root CNA, taking on responsibilities such as overseeing and coordinating multiple CNAs within a specific domain or region, onboarding new CNAs, and resolving disputes.

If granted TL-Root CNA status, ENISA would become a top-level authority managing the entire CVE Program alongside CISA and MITRE. This means setting global policies, ensuring consistency across all Root CNAs and CNAs, and representing European interests at the highest decision-making table. Johannes Kaspar Clos, a responsible disclosure and CSIRT collaboration expert working on CNA service implementation at ENISA, explained that this expanded role offers more than operational leverage. “As a Root CNA, we have a bigger operational footprint,” he said. “Now, as a TL-Root CNA, we would be represented in the CVE Program’s Board, where there is currently no European representatives. We want to help and support the CVE Program to blossom and grow and share our European vision.”

Why Europe Needs More CNAs

Currently, the CVE Program boasts 502 CNAs worldwide, but only 83 are based in Europe. Carvalho acknowledged that while he wouldn’t call Europe “underrepresented,” he believes there should be more European CNAs. “We know that the European market is not as big as the US market, but we’d like to have more representatives from the EU,” he noted.

During his VulnCon speech, Carvalho highlighted that ENISA is already onboarding new CNAs. The agency’s top priority is to vet all national computer emergency response teams (CERTs) and computer security incident response teams (CSIRTs) across Europe to become CNAs. This initiative aims to strengthen the continent’s vulnerability response capabilities and ensure a more balanced global representation.

Addressing the Vulnerability Gap

Both Carvalho and Clos emphasized that the push for greater ENISA involvement came directly from EU member-states. The growing volume and complexity of reported vulnerabilities demand more stakeholders participate in the program. This is especially urgent now that AI companies like OpenAI and Anthropic have launched models capable of autonomously finding and fixing cybersecurity vulnerabilities at scale.

“We need to include a diverse crowd of cybersecurity practitioners, from product and national CERTs and CSIRTs to researchers and vulnerability finders,” Clos said. This diversity is crucial for keeping pace with the rapidly evolving threat landscape.

Building the Team for the Challenge

Carvalho admitted that while the ambition to join the CVE Program’s top tier has been a long-standing goal, ENISA needed time to mature its services and team. “The challenge was always in front of us but was never picked up,” Clos added. “I guess the concerns about software vulnerabilities were not big enough until now.”

To meet this challenge, ENISA is actively hiring. Carvalho noted that the agency is expanding its vulnerability branch to build a critical mass capable of handling tasks like onboarding national CERTs and CSIRTs. “You’ll find vacancy notices on ENISA’s website,” he said. This growth reflects the agency’s commitment to representing EU interests effectively on the CVE Program’s Board.

The Road Ahead: Uncharted Territory

Both Carvalho and Clos described the TL-Root CNA onboarding process as “uncharted territory.” Since CISA and MITRE have operated the program from its inception, no entity has ever been granted this status before. “While it doesn’t depend solely on us, we hope ENISA can become a TL-Root CNA in 2026 or in early 2027. We will do our best for meeting this timeframe,” Carvalho concluded.

This development aligns with the CVE Program’s broader diversification and internationalization strategy. For more insights on how AI is influencing vulnerability management, check out our article on AI Companies to Play Bigger Role in CVE Program, Says CISA. Additionally, learn about the importance of effective vulnerability management strategies for organizations.

As ENISA navigates this complex process, the cybersecurity community watches closely. The agency’s success could herald a new era of collaboration between US and European entities in tackling global vulnerabilities.

CyberSecurity

Google and Microsoft Yank ModHeader Extension With 1.6 Million Users After Hidden Collector Discovered

Published

on

ModHeader extension pulled

ModHeader Extension Yanked After Dormant Data Collector Found

Google and Microsoft have both pulled the popular ModHeader extension pulled from their official stores. The header-editing tool, which had roughly 1.6 million installs across Google Chrome and Microsoft Edge, was removed after security researchers uncovered a hidden browsing-history collector buried in its code.

The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain. But its mere presence was enough to trigger a takedown from both companies.

What ModHeader Did — and What Got Hidden Inside

ModHeader let developers and power users modify HTTP request headers on the fly. It was a niche but essential tool for testing web apps, debugging APIs, and spoofing headers for development work. Many users installed it years ago and never thought twice about it.

Then researchers at BleepingComputer took a closer look at the extension’s code. They found a function that could collect domains from a user’s browsing history and send them to a remote server. The collector was gated by an allow-list — a list of domains it would actually track. That list was empty.

Empty or not, the code was there. And once you ship code that can exfiltrate data, the damage to trust is done.

1.6 Million Installs — But No Evidence of Data Theft

Here’s the tricky part. The collector was never active. No domains were ever sent. The extension’s developer likely inserted the code as a placeholder for future functionality — or maybe as a test that got accidentally pushed to the store. Either way, it violated each store’s policies against unauthorized data collection.

Google’s Chrome Web Store policy is clear: extensions must only request permissions they actually use. Code that could collect browsing history, even if dormant, is a red flag. Microsoft’s Microsoft Edge Add-ons policy is similarly strict.

Both companies acted fast. The extension was removed within days of the report. Users who already have ModHeader installed can still use it, but it won’t receive updates. And it won’t be available for new installs.

What This Means for Extension Developers

This incident is a sharp reminder: if you include code that can collect user data — even if it’s switched off — you’re playing with fire. Store reviewers are getting better at spotting suspicious patterns. And researchers are constantly scanning popular extensions for hidden functionality.

For users, the lesson is simpler. ModHeader extension pulled from stores doesn’t mean it’s safe to keep using. If you have it installed, consider whether you trust the developer to never flip that switch. Many users are already looking for alternatives like Requestly or Header Editor.

  • Check your installed extensions regularly.
  • Remove anything you don’t actively use.
  • Stick to well-known developers with transparent privacy policies.

Alternatives to ModHeader

If you relied on ModHeader for development work, you’re not stranded. Several alternatives offer similar header-editing capabilities:

  • Requestly — open-source, actively maintained, with a clear privacy policy.
  • Header Editor — lightweight and focused on modifying request and response headers.
  • Modify Headers — another solid option for HTTP header manipulation.

Each of these tools has been vetted by the community. None have hidden data collectors — at least, not yet. That’s the uncomfortable truth about browser extensions: you’re trusting the developer every time you click “Add to Chrome.”

The Bigger Picture: Trust in Browser Extensions

The ModHeader case isn’t an isolated incident. In 2023, Google removed dozens of extensions caught stealing user data. In 2024, a popular ad-blocker was found to be quietly sending browsing data to a marketing firm. The pattern keeps repeating.

Browser extensions are powerful. They can see everything you do — every page you visit, every form you fill, every password you type. That power makes them a prime target for bad actors. And even well-intentioned developers can make mistakes that compromise user privacy.

The ModHeader extension pulled story is a cautionary tale. It shows how quickly trust can evaporate. And it underscores why you should treat every extension as a potential risk — even one with 1.6 million installs and years of good reputation.

For now, the collector remains dormant. But the code is still there. And that’s enough to make anyone think twice.

Continue Reading

CyberSecurity

Lessons Learned from CISA’s Recent GitHub Leak: What Every Security Team Should Know

Published

on

CISA GitHub leak

The 844 MB Wake-Up Call

On May 15, 2026, security firm GitGuardian spotted something alarming: a public GitHub repository named “Private CISA” containing 844 MB of sensitive data from the Cybersecurity and Infrastructure Security Agency (CISA). Inside sat files like “importantAWStokens” — administrative credentials to three AWS GovCloud servers — and a CSV listing plaintext usernames and passwords for dozens of internal CISA systems.

The repository had been public for nearly six months before KrebsOnSecurity alerted the agency. CISA’s own postmortem, published by acting CIO Preston Werntz and acting CISO Brad Libbey, doesn’t sugarcoat what went wrong. It’s a rare, transparent look at how a national cybersecurity agency fumbled its own security — and what every organization can learn from the mess.

Key Rotation Took Too Long

CISA acknowledged the alert quickly, but invalidating the exposed AWS keys and other secrets took more than 48 hours. The agency blamed the delay on “complexities of the agency’s systems and interconnections with federal and industry partners.”

The lesson is blunt: key rotation must be fast and well-practiced. CISA now recommends that all organizations maintain “mature and well-tested key management capabilities.” If rotating a compromised credential takes two days, an attacker has a wide window to cause damage.

Why Speed Matters

Every hour a credential stays live increases risk. The postmortem doesn’t say whether the exposed keys were used maliciously, but it does confirm that detailed logs showed no unauthorized access. That’s lucky — not a strategy.

Nine Ignored Alerts, Six Months of Exposure

Guillaume Valadon, the GitGuardian researcher who first contacted KrebsOnSecurity, revealed a damning detail: CISA had received nine automated alerts about the exposed credentials before the May 15 notification. Each alert went unanswered.

“Letting nine notification emails go unanswered is how a one-day incident becomes a six-month exposure,” Valadon wrote in his own analysis. His point is sharp: automated scanning is useless if nobody reads the reports.

Organizations should configure alerts to escalate if ignored. A single unread email shouldn’t leave sensitive data exposed for half a year.

Reporting Channels Were a Maze

When Valadon tried to report the leak, he hit dead ends. CISA’s vulnerability disclosure platform was designed for product bugs, not reports about the agency’s own infrastructure. He ended up emailing the contractor who leaked the data, submitting through the wrong channel, and eventually going to a reporter.

The postmortem admits these channels “were not well defined.” CISA is now refining them to make reporting faster and easier. The agency also stresses that organizations should publish reporting instructions in multiple prominent locations — not just a security.txt file.

Valadon’s advice: “Make it trivial to report a leak about you, not just about your products. The person reporting a leak to you is not the threat.”

The Playbook Didn’t Cover GitHub

CISA had an incident response playbook, but it somehow didn’t include scenarios involving GitHub or other cloud services. That gap meant the team had to improvise when dealing with a public repository full of their own secrets.

The lesson is straightforward: incident response playbooks must cover modern attack surfaces. Cloud repositories, CI/CD pipelines, and third-party integrations all need dedicated procedures. If your playbook only covers traditional network intrusions, you’re not ready for today’s threats.

Continuous Scanning Is Non-Negotiable

The “Private CISA” repository sat exposed for six months. GitGuardian found it through continuous monitoring of public GitHub — not a quarterly scan. Valadon argues that comprehensive internal scanning could have caught the plaintext passwords and committed backups long before they left the building.

CISA has since rotated all secrets and created an action plan to improve developer secret management and monitoring. The agency now advocates for continuous secrets scanning, a practice Valadon calls “exactly the incident communication we should expect from every organization.”

What Went Right: Logging and Zero Trust

CISA gave itself passing grades on several fronts. Enhanced logging capabilities allowed the agency to gauge the scope and impact of the exposure. Adoption of zero-trust principles in both production and development systems meant that even though credentials leaked, they couldn’t be used outside CISA’s environments.

The agency confirmed that no customer or mission data was exposed, and the contractor who leaked the secrets had their system access revoked. These controls prevented a bad situation from becoming catastrophic.

The Biggest Takeaway: Transparency

Valadon praised CISA for publishing the postmortem at all. “To my knowledge, it is also the first time a national cybersecurity agency has publicly advocated for secrets scanning and for simplifying relations with security researchers,” he wrote.

That’s the real lesson. A detailed, honest post-incident report — one that admits mistakes and offers concrete fixes — builds trust. It also helps the entire security community improve. Every organization should aim for that level of candor.

For more on securing your development workflows, check out our guide on GitHub secrets scanning best practices and learn how to set up automated credential monitoring.

Continue Reading

CyberSecurity

JadePuffer: How an AI-Driven Ransomware Attack Exploited Langflow to Steal and Encrypt

Published

on

LLM-driven ransomware attack

The First True AI-Powered Ransomware Campaign Has Arrived

Cybersecurity researchers have documented what they’re calling the first fully autonomous ransomware attack orchestrated by a large language model. Dubbed JadePuffer, the campaign didn’t just use AI as a helper tool — it let an LLM drive the entire kill chain, from initial access to data exfiltration and file encryption.

The attack exploited a known vulnerability in Langflow, an open-source visual framework for building LLM applications. The flaw gave the AI agent a foothold into a production database server. From there, it moved laterally, stealing sensitive data and locking down other systems.

This isn’t a proof-of-concept or a red-team exercise. It’s a real-world breach, and it changes how defenders need to think about AI threats.

What Makes JadePuffer Different from Previous AI-Assisted Attacks

Earlier ransomware strains have used AI for narrow tasks — generating phishing emails, writing malicious code snippets, or evading detection. JadePuffer is different. Security analysts describe it as an “agentic threat actor”: the LLM acted as the central brain, making decisions and executing actions across the entire attack lifecycle.

The AI chose which vulnerabilities to probe. It selected the data worth stealing. It decided which systems to encrypt and when to trigger the ransom note. Human operators were barely in the loop.

This level of autonomy is a leap forward for cybercriminals. It also means the attack speed was blistering — the AI doesn’t sleep, doesn’t hesitate, and doesn’t need to coordinate time zones.

How the Langflow Flaw Was Used

Langflow is popular among developers for prototyping LLM workflows. The specific vulnerability, tracked as CVE-2024-XXXX (publicly disclosed in early 2024), allowed remote code execution via a malicious API request. The JadePuffer LLM scanned for exposed Langflow instances, found one connected to a production database, and exploited the flaw within seconds.

Once inside, the AI agent enumerated the network, located backup servers, and deleted shadow copies to hinder recovery. Then it began encrypting files using a custom implementation of AES-256, leaving a ransom note that demanded payment in Monero.

The Data Theft Component — Not Just Encryption

Many ransomware attacks focus on encryption alone, hoping victims will pay to unlock files. JadePuffer added a second pressure point: data theft. Before encryption, the LLM extracted customer records, financial data, and proprietary code from the database server.

The stolen data was exfiltrated to a remote server via encrypted channels. The ransom note explicitly threatened to leak the data publicly if payment wasn’t received within 72 hours. This dual-extortion tactic is common in human-led attacks, but seeing an AI orchestrate it autonomously is new.

Researchers estimate the total data volume stolen at roughly 1.2 terabytes, including personally identifiable information (PII) for hundreds of thousands of individuals.

Implications for Enterprise Security Teams

JadePuffer forces a hard question: if an LLM can pull off a complete ransomware attack today, what comes next? The answer is uncomfortable. AI agents are getting cheaper to run, easier to customize, and harder to detect because they mimic human decision-making patterns.

Defenders need to rethink several assumptions:

  • Vulnerability patching is now a race against AI speed. The JadePuffer LLM scanned and exploited the Langflow flaw within minutes of finding it. Manual patching cycles of weeks are no longer acceptable.
  • Network segmentation must be AI-aware. The LLM moved laterally by analyzing network topology in real time. Traditional perimeter defenses didn’t slow it down.
  • Monitoring for AI behavior is different. The attack showed consistent, rapid decision-making — something no human operator could sustain. Security tools need to flag machine-speed lateral movement.

For more on protecting against AI-powered threats, check out our guide on ransomware prevention strategies for 2024.

How to Detect and Block Agentic AI Attacks

Detection starts with understanding what “agentic” behavior looks like in network logs. Key indicators include:

  • Rapid, sequential API calls to multiple endpoints without human-like pauses
  • Unusual data extraction patterns — the AI stole data in structured, parallel streams rather than manual downloads
  • Encryption activity that begins seconds after data exfiltration, with no delay

Organizations using Langflow or similar LLM orchestration tools should immediately patch known vulnerabilities and restrict network access to these systems. Air-gapping critical database servers from internet-facing LLM tools is a prudent step.

Behavioral detection tools that use machine learning to spot anomalous patterns may catch AI-driven attacks more effectively than signature-based antivirus. The JadePuffer LLM didn’t use any known malware — it wrote custom scripts on the fly, which means traditional file-hashing detection was useless.

Finally, incident response plans need to account for the speed of AI attacks. Manual containment procedures that take hours are obsolete. Automated isolation of compromised systems — triggered by behavioral alerts — is now essential.

The Broader Picture: AI as a Cyber Weapon

JadePuffer is a milestone, but it won’t be the last. The barrier to entry for building an agentic ransomware LLM is dropping fast. Open-source models like Llama 3 and Mistral can be fine-tuned for malicious purposes with relatively little effort.

Security researchers are already seeing copycat attempts. The code and techniques used in JadePuffer are being discussed in underground forums. It’s only a matter of time before less sophisticated criminals clone the approach.

For a deeper look at how AI is reshaping the threat landscape, read our analysis on the rise of autonomous cyberattacks.

The era of LLM-driven ransomware is here. JadePuffer is the first complete example — it won’t be the last.

Continue Reading

Trending