Vulnerability databases, such as the National Vulnerability Database (NVD), offer detailed descriptions of Common Vulnerabilities and Exposures (CVEs), but often lack information on their real-world impact, such as the tactics, techniques, and procedures (TTPs) that adversaries may use to exploit the vulnerability. However, manually linking CVEs to their corresponding TTPs is a challenging and time-consuming task, and the high volume of new vulnerabilities published annually makes automated support desirable. This paper introduces TRIAGE, a two-pronged automated approach that uses Large Language Models (LLMs) to map CVEs to relevant techniques from the ATT&CK knowledge base. We first prompt an LLM with instructions based on MITRE's CVE Mapping Methodology to predict an initial list of techniques. This list is then combined with the results from a second LLM-based module that uses in-context learning to map a CVE to relevant techniques. This hybrid approach strategically combines rule-based reasoning with data-driven inference. Our evaluation reveals that in-context learning outperforms the individual mapping methods, and the hybrid approach improves recall of exploitation techniques. We also find that GPT-4o-mini performs better than Llama3.3-70B on this task. Overall, our results show that LLMs can be used to automatically predict the impact of cybersecurity vulnerabilities and TRIAGE makes the process of mapping CVEs to ATT&CK more efficient. A replication package is available for download from https://doi.org/10.5281/zenodo.17341503. Keywords: vulnerability impact, CVE, ATT&CK techniques, large language models, automated mapping.

Google has come up with a way to keep pedestrians who are hit by self-driving cars off the road... and stuck to the hood. The company has received a new patent for a protective coating on the car's hood, front bumper and front side panels that would act as flypaper, taking the pedestrian from struck to stuck. Google explains that when pedestrians are struck by cars, injury comes not only from the initial impact with the vehicle - but from the'secondary impact' when they hit the road or another car. The adhesive coating Google has proposed would be covered by another'protective coating' that would shatter from the impact of a collision, including one involving a person or animal. Google has received a new patent for an adhesive coating that would keep pedestrians stuck to the hood like flypaper in the situation they're hit by a self-moving car That would then expose the adhesive coating, which would bond the pedestrian to the vehicle and keep them from'bouncing off' into the street and incoming traffic.