Alexandre Dulaunoy13h ago

VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software vulnerabilities.

A new component in the galaxy of tooling of vulnerability-lookup.

Thanks to @cedric who is becoming an orchestrator for many AI tools nowadays.

#cve #gcve #vulnerability #vulnerabilitymanagement #opensource #ai #mcp #vulnerabilitylookup

πŸ”— https://github.com/vulnerability-lookup/VulnMCP

GitHub - vulnerability-lookup/VulnMCP: A modular MCP providing AI-driven vulnerability management skills, including severity classification and automated insights.

A modular MCP providing AI-driven vulnerability management skills, including severity classification and automated insights. - vulnerability-lookup/VulnMCP

GitHub
ICS Advisory Project15h ago

ICS[AP] Dashboards are updated with the 5 CISA Advisories released on 3/24/26:

Grassroots: 1 New
Pharos Controls: 1 New
Schneider Electric: 2 New
WHILL Inc.: 1 Update

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

ICS Advisory Project15h ago

ICS[AP] updated CISA ICS Advisories Master File for 3/24/26 & the following year's CSVs:

CISA_ICS_ADV_2026_3_24.csv
CISA_ICS_ADV_2025_3_24_26.csv

Available @ ICS[AP] GitHub:
https://github.com/icsadvprj/ICS-Advisory-Project/tree/main

#opensource
#vulnerabilitymanagement
#icssecurity

Yazoul - Cybersecurity Alerts20h ago

πŸ”΄ New security advisory:

CVE-2026-33502 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33502-wwbn-avideo-ssrf-vulnerability

#InfoSec #VulnerabilityManagement #CyberSec

Critical: WWBN AVideo SSRF Vulnerability (CVE-2026-33502) - Patch Now | Yazoul Security

Critical SSRF flaw in WWBN AVideo up to v26.0 allows unauthenticated attackers to probe internal networks and cloud metadata. CVSS 9.3. Immediate patching is required.

Yazoul Security
CVE Program21h ago
New on the CVE Blog:
β€œSupplier ADP Pilot” β€” CVE Program to Explore Benefits of Supporting VEX-like, Product Status Information in Upstream CVE Records

https://medium.com/@cve_program/supplier-adp-pilot-cve-program-to-explore-benefits-of-supporting-vex-like-product-status-852587bc9546

#cve #vulnerability #vulnerabilitymanagement #infosec #cybersecurity
CVE Program21h ago
Cribl is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities identified in Cribl products, and vulnerabilities discovered by, or reported to, Cribl that are not in another CNA’s scope

https://cve.org/Media/News/item/news/2026/03/24/Cribl-Added-as-CNA

#cve #cna #vulnerability #vulnerabilitymanagement #informationsecuroty #infosec #cybersecurity
Jerry Gamblin1d ago

The "Zero Day Clock" is a Masterclass in Bad Data Science.

I've heard this clock mentioned multiple times at #RSAC this week. It predicts an "exponential collapse" of the time-to-exploit (TTE) toward zero. It makes for a scary keynote slide, but the math is fundamentally broken.

The model suffers from:

Right-Censoring: It ignores that slow exploits for 2025 haven't happened yet, artificially forcing the "average" to zero.

Selection Bias: It only tracks the fastest 1.5% of vulnerabilities and ignores the "long tail."

Administrative Lag: It mistakes the growing NVD backlog for "attacker velocity."

We don’t need hyperbolic "scare-ware" statistics to justify our urgency. Defense is hard enough without distorting the data.

I’ve written a full technical audit on why this methodology fails a basic statistical peer review:

Technical Breakdown: https://gist.github.com/jgamblin/91f7843b62069616c951f32957c921cd

#RSAC #RSAC2026 #Infosec #CyberSecurity #DataScience #VulnerabilityManagement

A Critical Audit of the "Zero Day Clock" Methodology

A Critical Audit of the "Zero Day Clock" Methodology - zeroday.md

Gist
Yazoul - Cybersecurity Alerts1d ago

πŸ”΄ New security advisory:

CVE-2026-32968 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32968-com-mb24sysapi-module-rce-patch-immediately

#InfoSec #VulnerabilityManagement #CyberSec

Critical: com_mb24sysapi Module RCE (CVE-2026-32968) - Patch Immediately | Yazoul Security

Critical RCE vulnerability in the com_mb24sysapi module allows unauthenticated attackers to execute OS commands and fully compromise systems. CVSS 9.8. Apply patches now.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

πŸ”΄ New security advisory:

CVE-2026-3587 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-3587-linux-device-cli-escape-vulnerability

#InfoSec #VulnerabilityManagement #CyberSec

Critical: Linux Device CLI Escape Vulnerability (CVE-2026-3587) - Critical Root Access Flaw | Yazoul Security

Critical vulnerability in Linux-based devices allows unauthenticated attackers to escape the restricted CLI and gain full root access. CVSS 10.0. Immediate action required.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

πŸ”΄ New security advisory:

CVE-2026-3587 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-3587-linux-device-cli-escape-vulnerability

#InfoSec #VulnerabilityManagement #CyberSec

Critical: Linux Device CLI Escape Vulnerability (CVE-2026-3587) - Critical Root Access Flaw | Yazoul Security

Critical vulnerability in Linux-based devices allows unauthenticated attackers to escape the restricted CLI and gain full root access. CVSS 10.0. Immediate action required.

Yazoul Security