AIL 6.2 released - Smarter Analysis, Search and Enhanced User Experience

We’re excited to release AIL Framework v6.2, a major update with new features and improved performance. This version makes analysis easier and the overall experience faster and more user-friendly.

Among the highlights are a fully revamped search engine powered by MeiliSearch, improved language detection for short text, local AI-driven image descriptions, and a yara-hunting editor tool.

🔗 https://www.ail-project.org/blog/2025/05/28/AIL-v6.2.released/

#darkweb #threatintelligence #threatintel #cti #opensource #osint

@adulau yes this focus on certification is a real issue of our industry in many aspects... I was also surprised when I saw a NIS2 lead implementer certification and then I realized it was a real PECB certification scheme, all of this while I) the only available Implementing Regulation focus on the digital infrastructure sector/digital service providers and ii) the directive has been transposed in approx only half of the EU countries...

Spotted yet another "NIS 2 certified" title on LinkedIn. Impressive, considering NIS 2 doesn't actually have a certification.

Are training agencies just inventing fantasy diplomas so people can avoid reading the actual NIS 2 directive?

Maybe we need a "Certified NIS 2 Reader" badge, read the document once, and you're more qualified than half the certifications out there.

#certification #nis2 #cybersecurity

The DWARF debug format is well-known for debugging executables,
but it is also an effective format for sharing reverse engineering information
across various tools, such as IDA, BinaryNinja, Ghidra, and Radare2.

In this blog post, I introduce a new high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.

https://lief.re/blog/2025-05-27-dwarf-editor/

(Bonus: The blog post includes a DWARF file detailing my reverse engineering work on DroidGuard)

CVE-2024-4367 (PDF.js) is gaining traction in some exploitation-focused Telegram channels...

https://vulnerability.circl.lu/cve/CVE-2024-4367

seen via @ail_project

#vulnerability #opensource #threatintelligence #cve #exploit

CVE-2024-4367 (PDF.js) is gaining traction in some exploitation-focused Telegram channels...

https://vulnerability.circl.lu/cve/CVE-2024-4367

seen via @ail_project

#vulnerability #opensource #threatintelligence #cve #exploit

How to Choose an Open Source Project for the Long Term

Many of us face the challenge of selecting open source projects for long-term use. This could involve choosing dependencies for your own open source project, or simply selecting software you plan to run and rely on over time.

📖 https://www.foo.be/2025/05/choose-an-open-source-project-for-the-long-term

#opensource #freesoftware #software #oss #floss #foss

@BenAveling I didn’t know that one. It’s the museum of horrors ;-) @mhoye

New version of Lookyloo and Lacus just fresh out of the oven!

These ones are mostly improving the support of proxies thanks to the great Wireproxy.

All the details are in the release notes:

https://github.com/Lookyloo/lookyloo/releases/tag/v1.30.0

The VLAI severity model is doing great with #Ivanti ;-)

#vulnerability #cybersecurity #opensource

The model is completely open source and available to facilitate the ranking or severity based on a description only.

🔗 https://vulnerability.circl.lu/vuln/cve-2025-4427#bundles

@jbm In my opinion, the CRA is more of an exception compared to the standard CVD process. It typically only addresses known exploited vulnerabilities, which usually end up being handled through a standard CVD process under NIS 2.

Did you know?
CIRCL's vulnerability-lookup is mentioned in the LF/OpenSSF CRA training. (screencap, top left)
https://vulnerability.circl.lu/
https://training.linuxfoundation.org/express-learning/understanding-the-eu-cyber-resilience-act-cra-lfel1001/
@adulau
#circl #vulnerability-lookup #cra

We implemented a major new feature in the AIL Project that addresses a long-standing issue related to the collection of images or screenshots that may be harmful to analysts (e.g., violent content, CSAM, etc.). The feature allows users to trigger the description of an image before actually viewing it.

The feature will be included in the upcoming release of AIL (version 6.2).

This work is co-funded in the AIPITCH project. We would like to thank Qwen for the open source Qwen2-VL vision-language models which provide an excellent basis for image detection and description while allowing local inferences.

@aipitch @circl @ail_project

#ai #cybersecurity #visual #darkweb #monitoring #threatintelligence #opensource

Watching Microsoft’s robots telling Microsoft’s other robots that they need to agree to Microsoft CLAs in between Microsoft’s developers begging Microsoft’s robots to actually understand the problems they’re trying to fix in Microsoft's platform code on Microsoft's version-control website is kind of amazing.

This is definitely the future Terry Gilliam promised us.

@mhoye CLAs are just tools invented by lawyers to exploit human contributions. Seeing a bot get blocked feels like a bit of karmic payback aimed at the legal team.

TR-94 - Ongoing Phishing Campaigns Targeting Microsoft 365 Tenants Lacking Multi-Factor Authentication

We observed more than 48 organisations in Luxembourg with M365 account compromised in the past 7 days starting from 21st May 2025.

🔗 https://www.circl.lu/pub/tr-94/

#cybersecurity #office365 #incident #phishing #luxembourg

✅ #MISP connector available in Cyberbro demo thanks to the @circl that allowed it!

#cti #threatintel #osint

🛠️ Cyberbro has now a #MISP connector!

Use your MISP events to check observables:

- last seen
- first seen
- top 5 latest MISP events
- Research link in MISP

#ioc #cti #threathunting

⬇️⬇️⬇️

https://github.com/stanfrbd/cyberbro/

Poke @misp @circl

The hack.lu 2025 Call for Papers closes in just 1 day! If you’ve been planning to submit a talk, workshop, or lightning talk — now’s the time to do it.

#conference #luxembourg #infosec #hacklu2025 #hacklu #cybersecurity

🔗 https://hack.lu/blog/hack.lu-2025-call-for-papers-one-day-left/