Ransomlook 2.0 "Mira" Released - Observability, Crypto Traceability, and a Cleaner Core.

Ransomlook 2.0 "Mira" Released - Observability, Crypto Traceability, and a Cleaner Core.

Ransomlook 2.0 "Mira" Released - Observability, Crypto Traceability, and a Cleaner Core.

Thanks to all the contributors who helped and worked on this release. A huge thanks to @F_kZ_ for his continuous commitment to make ransomlook always better […]

[Original post on infosec.exchange]

xcited to share that the MITRE Fight Fraud Framework™ (F3) is now included in the default MISP galaxy and available across all MISP instances. F3 is a curated knowledge base of tactics and techniques used by financial fraud actors, helping analysts structure, share, and enrich fraud-related intelligence more effectively. A great step forward for the MISP community and for teams tracking financial fraud.

xcited to share that the MITRE Fight Fraud Framework™ (F3) is now included in the default MISP galaxy and available across all MISP instances. F3 is a curated knowledge base of tactics and techniques used by financial fraud actors, helping analysts structure, share, and enrich fraud-related intelligence more effectively. A great step forward for the MISP community and for teams tracking financial fraud.

Excited to share that the MITRE Fight Fraud Framework™ (F3) is now included in the default MISP galaxy and available across all MISP instances.

F3 is a curated knowledge base of tactics and techniques used by financial fraud actors, helping analysts […]

[Original post on infosec.exchange]

GCVE federated model

The GCVE.eu initiative will take part in hackathon.lu (14–15 April, Luxembourg), alongside core developers of GCVE-related projects. See you there to build, experiment, and collaborate!

#gcve #cve #opensource #openstandard #hackathon

🔗 https://hackathon.lu

@gcve
@circl

Drones/UAV encoded in MISP.

Have You Ever Thought About Drones in MISP?

To better support the documentation and analysis of drone-related incidents, several new resources have been integrated into MISP.

#drone #drones #intelligence #misp #opensource #uavs #uav

@misp

🔗 […]

[Original post on infosec.exchange]

This is basically like Mastodon for vulnerability records, except data actually propagates across the whole network instead of staying siloed. Federated vulnerability intelligence, along with legacy CVEs, all map into a shared global index with no single point of failure.

Have You Ever Thought About Drones in MISP? MISP Threat Intelligence & Sharing

Have You Ever Thought About Drones in MISP?

To better support the documentation and analysis of drone-related incidents, several new resources have been integrated into MISP.

#drone #drones #intelligence #misp #opensource #uavs #uav

www.misp-project.org/2026/03/10/h...

Call for papers is now open for hack.lu 2026 (the 20th edition!) Time to submit a talk, training or workshop to hack.lu

Call for papers is now open for hack.lu 2026 (the 20th edition!)

#hacklu #conference #cybersecurity #luxembourg #europe

2026.hack.lu/blog/hack.lu...

Acknowledging Reality in Vulnerability Disclosure.

Every few years, vulnerability disclosure is declared settled. We are told that the ecosystem has matured, that coordinated disclosure is the answer, and that whatever remains outside this model is either irresponsible, obsolete, or simply […]

EU Launches GCVE to Track Vulnerabilities Without Relying on US Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

#Europe launches GCVE to track security vulnerabilities without relying on the US, creating a new independent platform for reporting security flaws in software.

Read: hackread.com/eu-launches-...

#CyberSecurity #InfoSec #Vulnerabilities #EU #GCVE

GitHub - adulau/the-art-of-pivoting: The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World - adulau/the-art-of-pivoting

The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World

#cybersecurity #cti #threatintelligence #osint #pivoting #threatintel

🔗 Source github.com/adulau/the-a...
🔗 PDF raw.githubusercontent.com/adulau/the-a...

GCVE-BCP-02 - Practical Guide to Vulnerability Handling and Disclosure.

version 1.3 published

gcve.eu/bcp/gcve-bcp...

#cve #gcve #cvd #vulnerabilitymanagement

We’ve published new research from the EU co-funded project NGSOTI: “Learning from large-scale IPv4 blackhole: Behavioral analysis of SNMP traffic”.

Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]

Updated MISP galaxy with more than 480+ UAVs/.

One entry of an UAV in the MISP galaxy.

The MISP Galaxy now includes an updated knowledge base of UAVs and drones covering both civilian and military models.

It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]

[Original post on infosec.exchange]

We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent @uybhys.bsky.social

#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity #gcve

🔗 www.vulnerability-lookup.org/2025/11/08/u...

Gestion des vulnérabilités par @adulau.bsky.social et C.Bonhomme du #CIRCL🇱🇺 à #UYBHYS2025, agrègent et corrèlent 27 sources 🇺🇸 🇨🇳 🇪🇺...👍🏻
Prédiction par IA de la sévérité à partir des descriptions textes 🤩
#GCVE permet à chacun de publier des vulnérabilités gcve.eu
www.vulnerability-lookup.org

What might one pay for this amount of excellence? Google suggests to me that $136,365.99 will get you ONE ENTIRE YEAR of the ability to use the product.

🚀 Kunai pushes further integration with MISP!

This week, we've made significant progress in bridging Kunai with @misp to enhance threat intelligence sharing. Our focus has been on developing kunai-to-misp, a new tool available at […]

[Original post on infosec.exchange]

During the hackathon.lu, we thought about making large datasets available locally to enable participants to conduct experiments or develop new open-source security tools.

A full Common Crawl dataset will be accessible, along with extensive passive DNS dumps.

If you think of a large open […]

Sonicwall (SonicOS) vulnerabilities.

SonicOS SSLVPN Authentication Bypass Vulnerability. CVE-2024-53704 sounds not very good but the others seem quite critical too.

Bundle created in @vulnerability_lookup from a imgur reference.

🔗 […]

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

vulnerability.circl.lu/cve/CVE-2023...

#vulnerability #fortinet #cybersecurity

Improving Cybersecurity Impact Taxonomies Personal webpage of Alexandre Dulaunoy - from information security to open source and art

New blog post: Improving Cybersecurity Taxonomies Describing Impact and Cyber Harms Against Organizations

I’ve introduced a new MISP taxonomy & shared insights into the critical role of impact description in information sharing.

#CyberSecurity #MISP #taxonomies #taxonomy

foo.be/2024/12/Impr...

cve-2024-53054 withdrawn from NVD but published in GHSA.

Ever wondered what happens to rejected CVEs that still appear in other sources? Tools like vulnerability-lookup highlight these cases...

#vulnerability #cve #cybersecurity #opensource #opendata #linuxkernel

🔗 vulnerability.circl.lu/vuln/cve-202...

I'm more using the #fediverse infosec.exchange/@adulau and paperbay.org/@a