🎙️ runZero Hour Recap: CVE chaos, MCPs, and the fight for better vulnerability data! In Episode 19, @todb sat down with @rk and Jerry Gamblin to dissect the state of vulnerability data along with some other hot topics:

👉 Model Context Protocols (MCPs) as APIs for APIs

👉 The human-in-the-loop gap in LLM security tooling

👉 Why CVE inflation is real — and dangerous

👉 What’s missing from CVE publishing workflows

👉 Rapid response rundown on Roundcube, ScreenConnect, and ASUS routers

🧠 Read the recap and watch the full episode here:
https://www.runzero.com/blog/runzero-hour-19-recap/

To clarify, I tagged @hdm because his excellent product, @runZeroInc has started cataloging and enumerating things like KVM switches.

I am not being paid for this endorsement... But my sisters in Christ, you can't remediate assets you don't see. A tool like runZero is really great at asset discovery and classification. Give the Community Edition a spin if you wanna play with it!

https://www.runzero.com/platform/community-edition/

🎙️ Just dropped! Our own @hdm joins the amazingly entertaining and talented crew on Paul's Security Weekly to discuss finding all the things and why vulnerability management is dead as we know it.

Tune in for hot takes on why we need better ways to find and manage risky things, spicy opinions on AI in security, fun methods for fingerprinting devices, external scanning strategies, and way more.

Plus, hear how the PSW crew uses runZero's free Community Edition to track down random devices everywhere, and how you can now use runZero to discover devices using default credentials (eek!).

Shout out to @paulasadoorian, Mandy Logan, @haxorthematrix, @joshuamarpet, Lee Neely, @sambowne and Bill Swearingen for an awesome episode!

📺 Watch the full show (#880) here or stream it on your favorite service:
https://www.runzero.com/resources/is-vuln-management-dead-psw-880/

👉 Get the much discussed Community Edition here: https://www.runzero.com/platform/community-edition/

💡 Learn more about our new Nuclei integration and finding default creds here: https://www.runzero.com/blog/integrating-nuclei/

@BSidesLV thanks for the shout out! We're looking forward to seeing everyone in Las Vegas! Plus don't miss @hdm's talk "Turbo Tactical Exploitation: 22 Tips for Tricky Targets" on Monday, Aug 4th at 11am!

https://bsideslv.org/talks#HKSUYW

Thank you @runZeroInc or being a gold sponsor ⭐️ Come check out their table August 4th - 6th!

Interested in learning more about their company?

Visit https://www.runzero.com/about/careers/

🎙️ What happens when you mix CVEs with LLMs, MCP, and a little ingenuity?

Find out today at 1 PM ET/10 AM PT as Jerry Gamblin (Principal Engineer, Cisco TDR) joins @todb and @rk on runZero Hour.

On tap today:
🧠 Jerry’s new MCP server and how it helps you understand vulnerabilities faster
🔍 Trends and changes in the vulnerability landscape
🚨 June’s Rapid Response roundup
🛠 What’s new in the runZero Platform

📺 Tune in for some awesome tech TV:
https://www.youtube.com/watch?v=CjKNPi1FZNA

📌 Subscribe to the series: https://www.runzero.com/research/runzero-hour/

🎙 LLMs, MCP, & the Future of Vulnerability Intelligence: Jerry Gamblin, Principal Engineer at Cisco Threat Detection & Response, joins runZero Hour for a deep dive into today’s vulnerability landscape — from CVE trends and statistics to the launch of his new MCP (Model Context Protocol) server, which uses LLMs to summarize CVEs with more context and clarity.

Tune in as Jerry, @todb and @rk unpack:

👉 What’s changing in the CVE ecosystem and what that means for defenders
👉 How Jerry’s MCP server can help you understand vulnerabilities faster
👉 Key takeaways from our Rapid Response roundup, including our take on what should be at the top of your hot list

This Wednesday, June 18 at 1pm ET / 10am PT. Don't miss it!

📺 Register now: https://www.runzero.com/research/runzero-hour/

Exciting news for open source + vuln nerds alike: runZero now speaks Nuclei!

We 🩵 open source and are beyond excited to announce that we have added initial support for ProjectDiscovery’s open source Nuclei scanner — kicking off with safe, targeted checks for default and weak web credentials across IT, OT, IoT, and cloud environments.

Check out today's post from @todb to see how we:

✅ Curated ~180 safe, non-disruptive templates
✅ Only run checks when services are positively fingerprinted
✅ Keep scans fast, polite, and precise — even in fragile ICS environments

This is just the beginning. More protocols, smarter checks, and community collaboration ahead!

👉 Check it out: https://www.runzero.com/blog/integrating-nuclei/

🎙️ Just dropped: From Vulnerability to Visibility

In this new podcast, @todb shares how runZero takes an attacker’s-eye view of your IT, OT & IoT environments — treating them like a black box to uncover hidden risks.

🎧 Full episode here: https://www.runzero.com/resources/from-vulnerability-to-visibility/

Recorded live at #Infosec2025 with @ITSPmagazine

🏆 Big news: runZero is a 2025 Rising in Cyber winner! It's an honor to be acknowledged by CISOs who are in the trenches every day and know that we are having a meaningful impact for defenders. Thank you @notablecap and NYSE for this awesome recognition.

https://www.runzero.com/newsroom/rising-in-cyber-2025/

runZero is headed to InfoSec Europe! London will never be the same. Join us for:

☕ Free coffee
🧊 Cool Yeti gear
🔍 Instant visibility into IT, OT, IoT, mobile, & cloud
🌐 Total attack surface management
🛠️ No agents. No authentication. No gaps.

Come see us in Stand D108!

🔴 We’re going live at 1pm ET today! Join vulnerability expert Jay Jacobs, along with @todb and @rk for a special episode of runZero Hour. We’re debating all things CVSS, EPSS, and SSVC — where these scoring systems excel, where they falter, and how to use those insights for more strategic triage.

📺 Stream on YouTube:
https://www.youtube.com/watch?v=348LcypOPI0

🎥 Register to watch via Zoom: https://www.runzero.com/research/runzero-hour/

🎙️ We have an awesome runZero Hour teed up for you this week! Tune in LIVE as we welcome special guest Jay Jacobs on Wednesday, May 21st @ 1PM ET.

Jay joins @todb and @rk to debate the findings in our new research report: Divining Risk: Deciphering Signals From Vulnerability Scores. They'll be unpacking what CVSS, EPSS, and SSVC really measure, what they get right, where they fall short, and how defenders can turn that insight into smarter prioritization.

If you're looking for a spicy debate on vulnerability scoring methodologies, this session is right up your alley!

📺 Register for the webcast:
https://www.runzero.com/research/runzero-hour/
📘 Read the report: https://www.runzero.com/resources/deciphering-signals-from-vulnerability-scores/

It's almost time! @todb takes the stage at 11:30 ET at NorthSec to dissect the three most-used vulnerability scoring systems — CVSS, EPSS & SSVC. He'll be unpacking what they reveal, where they mislead, and how to read between the scores.

Tune in here for the live stream:

https://www.youtube.com/watch?v=9IT659uUXfs

What do ghosts, squids, and scoring systems have in common? Find out at 9:15 ET! Join us live at NorthSec or tune in virtually on YouTube for @hdm's keynote: A Pirate’s Guide to Snake Oil and Security.

HD will take you on a voyage through the crowded world of vulnerability management. From clashing tribes to competing frameworks, HD will examine how defenders can navigate vendor claims and hype to uncover what actually works.

https://www.youtube.com/watch?v=J4rGZBxUzYo

⚡ New Research Report⚡ Divining risk isn’t just for mystics. Defenders do it every day — reading signals, spotting patterns, and deciding what really matters. In our latest report, @todb breaks down the three scoring systems at the core of modern triage: CVSS, EPSS, and SSVC.

What’s inside:

👉 A breakdown of CVSS, EPSS, and SSVC — how they work, where they mislead, and what signals are actually useful

👉 Data-backed insights from analyzing 270,000+ CVEs, including the biggest EPSS score movers and what they reveal

👉 Practical guidance on combining scores with PoCs, asset context, and data to triage smarter

This isn’t a teardown. It’s a practical guide for interpreting risk through a sharper, more intuitive lens.

Read it here and tell us what you think: https://www.runzero.com/resources/deciphering-signals-from-vulnerability-scores/

Protocol-port mismatches are everywhere. We’ve seen SSH on 443, RDP on 8080, and legacy services running on ports no one’s watching. These aren’t one-off anomalies. They’re common misconfigs hiding in plain sight — and exactly the kinds of risky things traditional scanners miss.

Our latest blog post shares real examples from the field and how teams are using runZero to uncover risky services before they become entry points for attackers.

👉 Read more: https://www.runzero.com/blog/risky-protocols-unexpected-places/

🚨 Today on Storm⚡ Watch:
2025’s Top Cyber Threats EXPOSED: 0-Day Attacks, Chinese Hackers & Enterprise Breaches

https://www.youtube.com/watch?v=D-zZ5AlrzD0

@greynoise @runZeroInc @censys @vulncheck

🎥 Live from #RSAC, @hdm and Jeff Man are tackling the death and rebirth of vulnerability management at 2:10pm PT. Tune in for a spirited debate about the current state of vulnerability management, what’s required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems.

https://www.scworld.com/rsac

🐉 The @bsidessf fun continues! Join us today as @rk presents "There and Back Again: Discovering OT Devices Across Protocol Gateways." We'll be exploring the security implications of IT/OT convergence, with deep dives into OT protocols and device discovery — even behind legacy protocol gateways. We'll be in Theater 9 at 3pm!

Aren't here in person? No need for FOMO. Streaming version of Rob's and @hdm's talks will be available soon!