Storm Watch by GreyNoise Intelligence

Cyber Threat Showdown: TikTok Malware, Exploit Scoring Wars & Real-World Attacks

June 3, 2025·50 min
Episode Description from the Publisher

Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we're diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental metrics to give a comprehensive score. It's widely used but has limitations—especially since it doesn't always reflect real-world exploitability. **Coalition Exploit Scoring System (ESS):** This system uses AI and large language models to predict the likelihood that a CVE will be exploited in the wild. ESS goes beyond technical severity, focusing on exploit availability and usage probabilities, helping organizations prioritize patching with better accuracy than CVSS alone. **EPSS (Exploit Prediction Scoring System):** EPSS is a data-driven approach that estimates the probability of a vulnerability being exploited, using real-world data from honeypots, IDS/IPS, and more. It updates daily and helps teams focus on the most urgent risks. **VEDAS (Vulnerability & Exploit Data Aggregation System):** VEDAS aggregates data from over 50 sources and clusters vulnerabilities, providing a score based on exploit prevalence and maturity. It's designed to help teams understand which vulnerabilities are most likely to be actively exploited. **LEV/LEV2 (Likely Exploited Vulnerabilities):** Proposed by NIST, this metric uses historical EPSS data to probabilistically assess exploitation, helping organizations identify high-risk vulnerabilities that might otherwise be missed. **CVSS BT:** This project enriches CVSS scores with real-world threat intelligence, including data from CISA KEV, ExploitDB, and

Podzilla Summary coming soon

Sign up to get notified when the full AI-powered summary is ready.

Get Free Summaries →

Free forever for up to 3 podcasts. No credit card required.

Listen to This Episode

Apple Podcasts

More from Storm Watch by GreyNoise Intelligence

ASUS Router Botnet Attack: AI Uncovers Hidden Backdoor

May 27, 2025·1h 4m

AI Layoffs, Bug Bounty Fails & Cyber Workforce Crisis

May 13, 2025·57 min

Biggest Cybersecurity Threats EXPOSED: Zero-Day Attacks, Chinese Hackers & Enterprise Breaches

May 6, 2025·52 min

2025 Cybersecurity Report Breakdown: FBI, Mandiant, GreyNoise, VulnCheck

April 29, 2025·1h 1m
View all episodes →

Get summaries like this every morning.

Free AI-powered recaps of Storm Watch by GreyNoise Intelligence and your other favorite podcasts, delivered to your inbox.

Get Free Summaries →

Free forever for up to 3 podcasts. No credit card required.