Cyber threats
Barometer

In April 2025, the American organisation MITRE found itself at the centre of a significant crisis. 16 April was the expiry date for US federal funding for the CVE programme at the Cybersecurity and Infrastructure Security Agency (CISA), with no renewal having been agreed. This situation, the result of massive budget cuts decided by the US government as part of a policy to ‘rationalise’ public spending, jeopardised the continuity of this critical service for global cybersecurity.

MITRE quickly sounded the alarm to the community, emphasising that the termination of the CVE programme would have serious and immediate consequences: disruption of the vulnerability database, weakening of risk management tools, and difficulty for businesses and governments to respond effectively to security breaches.

Faced with the scale of the mobilisation and awareness of the risk that removing this organisation from the cyber landscape would entail, the CISA finally announced on the morning of 16 April that it was extending the contract for 11 months, ensuring the continuity of the CVE programme until March 2026. MITRE was nevertheless forced to lay off 442 employees as a result of the loss of government contracts.
Meanwhile, a coalition of CVE committee members created the CVE Foundation, a new non-profit organisation, to ensure the programme’s long-term future, regardless of political developments. The EUVD (European Union Vulnerability Database) has also been put forward as a possible alternative within the European Union.

This event highlighted the critical dependence of the global cybersecurity ecosystem on US public/private infrastructure such as MITRE. It also served as a reminder of the fragility of these systems in the face of political decisions, while emphasising the importance of stable governance and sustainable funding to guarantee digital security for all.

MITRE is a US non-profit organisation founded in 1958, whose mission is to work in the public interest, primarily in the fields of systems engineering, information technology, defence, aeronautics, health and, of course, cybersecurity. MITRE operates several research and development centres funded by the US federal government and develops tools and repositories that have become essential for the global cyber community, such as:

• CVE (Common Vulnerabilities and Exposures): a universal catalogue of computer security vulnerabilities used by all industry players to identify, reference and communicate vulnerabilities
• CWE (Common Weakness Enumeration): classification of software weaknesses.
• ATT&CK Framework: repository of tactics and techniques used by cyber attackers

These tools have become global standards, facilitating coordination between researchers, software publishers, governments and businesses for cyber risk management.

Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI, our Cyber Threat Intelligence platform.

Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.