Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available.

The CPE mentioned is this obscure vulnerability description is "Cisco Secure Email".

CVE-2025-20393

#cve #vulnerabilitymanagement #cybersecurity #cisco #ciscosecureemail

🔗 https://vulnerability.circl.lu/vuln/CVE-2025-20393

@quinn Maybe Alex K. got the right substance if you are so tired 😇

French government always talks about technological sovereignty…

https://www.lemonde.fr/en/france/article/2025/12/15/us-tech-firm-palantir-extends-deal-with-french-intelligence-agency_6748523_7.html

#palantir #french #sovereignty

Why it matters to create and maintain open-source infrastructure for security monitoring including collection of forums and malicious communication channels.

This is a strong example (Google dark web report is discontinued) of the risks of relying solely on commercial vendors. If a capability does not align with their business interests or generate sufficient revenue, it can be discontinued at any time. Open-source infrastructure helps ensure continuity, transparency, and long-term access to critical monitoring capabilities that are essential for the security community.

If you want to run your own "darkweb" monitoring, we develop open source tooling supporting such monitoring

• https://www.ail-project.org/ @ail_project
• https://github.com/ail-project

#darkweb #opensource #osint #cybersecurity

🔗 https://support.google.com/websearch/answer/16767242?hl=en&ref_topic=7028834&co=GENIE.Platform%3DiOS

@hyc Sounds like a fair deal.

Something that’s been bothering me for years in the security world: why do researchers demand bug bounties for vulnerabilities in open source projects, when the very contributors maintaining and fixing those issues get nothing, just goodwill?

It feels deeply unfair. The burden falls on unpaid maintainers, yet bounty hunters get rewarded. If you want a paid bounty, maybe help fund the people who actually fix the mess too.

#opensource #security #bugbounty

As we approach the end of the year, we have a small gift for everyone.

We ran a series of Rust training sessions as an introduction to the Rust programming language, and we recorded them. The videos, along with the training materials, are now available online.

Thanks to Quentin Jerome and all the participants for their contributions.

📽️ https://www.youtube.com/playlist?list=PLhSWiKucshm5vWvFCqtJePVVYgIXH6_6y
🔗 https://github.com/ngsoti/rust-training

#rust #rusttraining #programming #cybersecurity #opensource #training

KPI - Key Pointless Indicator should be the proper definition.

#kpi #bureaucracy

MISP v2.5.30 and v2.5.29 released: Beta UI/UX Mode, New Workflow modules and Performance Enhancements

This release introduces a foundational beta UI/UX mode (which will be the foundation for the next versions, feedback is more than welcome), new workflow modules, improvements to the Event Index, and important security updates.

🔗 https://www.misp-project.org/2025/12/13/misp.2.5.29-2.5.30.released.html/

#cti #opensource #misp

@cosive
@circl
@cudeso

BRICKSTORM Backdoor

"The Cybersecurity and Infrastructure Security Agency (CISA) analyzed eight BRICKSTORM samples obtained from victim organizations. BRICKSTORM is a custom Executable and Linkable Format (ELF) Go-based backdoor. "

MISP standard and STIX files available at the following location:

🔗 https://cti-transmute.org/convert/detail/30

@misp
@cisacyber

#backdoor #cti #brickstorm #malware #threatintel #threatintelligence #cybersecurity

AIL v6.6 is a release with a strong focus on PDF ingestion (captured from social networks or other collection sources) and translation, crawler improvements, and operational enhancements across users, queues, and metadata handling.

This version significantly expands AIL’s document-processing and data-collection capabilities by introducing a hardened PDF ingestion pipeline where all PDFs are converted to PDF/A and stripped of embedded metadata before ingestion to remove malicious content.

It also allows users to browse content locally with Lacus and send captured pages directly to AIL as crawler data, along with associated browser cookies and local storage imported as a cookiejar for reuse by the crawler, while continuing to improve reliability, scalability, and analyst workflows.

https://www.ail-project.org/blog/2025/12/12/v6.6.released/

#cti #opensource #threatintelligence #ail #darkweb #cybersecurity #intelligence #osint

@circl
@terrtia

MISP v2.5.28 delivers critical security fixes, a major dashboard upgrade to Gridstack 12, and significant platform stability enhancements. This release includes extensive XSS vulnerability patching, refined tag filtering logic, and better support for meta Communities.

Don't forget to update.

#misp #cti #threatintelligence #opensource #cybersecurity

https://www.misp-project.org/2025/12/11/misp.2.5.28.released.html/

If you want a quick way to install misp-modules, the installation via ‘uv’ is super easy.

#misp #cti #opensource #threatintel

@misp

https://misp.github.io/misp-modules/install/

React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more. https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far
#React2Shell #Nextjs #GreyNoise #ThreatIntel

GCVE-BCP-02 Published - Version 1.3 (2025-12-09)

We’re pleased to announce the publication of GCVE-BCP-02 – Practical Guide to Vulnerability Handling and Disclosure, now available in its version 1.3.

This Best Current Practice document provides actionable guidance for organisations, researchers, and GCVE Numbering Authorities (GNAs) on managing and disclosing vulnerabilities effectively, both within the GCVE ecosystem and beyond.

🔗 Read it here: (HTML)

https://gcve.eu/bcp/gcve-bcp-02/

🔗 Read it here: (PDF)

https://gcve.eu/files/bcp/gcve-bcp-02.pdf

Thank you to everyone contributing to the improvement and adoption of vulnerability handling and disclosure practice!

@gcve@social.circl.lu
@gcve@discourse.ossbase.org
@circl
@vulnerability_lookup

A couple vulns in CIRCL.

https://vulnerability.circl.lu/vuln/gcve-1-2025-0034

https://vulnerability.circl.lu/vuln/gcve-1-2025-0035

@ploum

Cela fait des années que l’on devrait investir davantage de temps dans SearXNG (le fork de SearX) et créer des index distribués. Mais c’est lourd et coûteux.

Indexer un mois de Common Crawl (https://commoncrawl.org/

) nécessite une infrastructure conséquente pour une visibilité finalement assez limitée.

🔗 https://docs.searxng.org/

🔗 https://searx.space/

On a beaucoup de briques libres, ce qui est bien, mais la partie search engine reste un point faible.

@hrbrmstr

Quarto self-publishing is usually great and no need to host at an unstable third-party.

https://quarto.org/

We’ve updated the draft GCVE BCP-05 standard to introduce flexible record types, making it easier to extend, enrich, and structure security advisories.

Comments are more than welcome!

#gcve #cve #vulnerability #openstandard

@gcve
@circl

🔗 https://discourse.ossbase.org/t/gcve-bcp-05-drafting-best-practices-for-the-container-format-modified-cve-record-format/121/42?u=adulau