cR0w12h ago

https://nvd.nist.gov/vuln/detail/CVE-2026-10864

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause the underlying query to fall back to returning unintended model fields. For the New Users widget, this could allow a non-site-admin user to obtain user e-mail addresses even when user e-mail disclosure was disabled by configuration. For the New Organisations widget, crafted field selection could similarly result in unintended organisation fields being included in the dashboard response. The issue was caused by applying field filtering and redaction in a way that could leave the selected field list empty. The patch ensures that the allowed field list is built safely, that restricted fields such as user e-mail addresses are removed before user-supplied field selection is processed, and that an empty field selection falls back only to the permitted default fields. Impact: An authenticated low-privileged user with access to the affected dashboard widgets may be able to disclose restricted user or organisation metadata, including user e-mail addresses depending on configuration.

Edit: More MISP advisories. The CVEs are new, at least. Not sure about the advisories.

#misp

NVD - CVE-2026-10864

Alexandre Dulaunoy1d ago

Not sure I’m allowed to leak this yet, but the new MISP dashboard is kind of crazy.

We didn’t just refresh the old one, we rewrote it completely, and it comes with a whole set of new features and capabilities that change the game quite a bit.

#misp #cti #dashboard #opensource

@misp

Alexandre DulaunoyMay 27

Yesterday, in our very warm office, an interesting discussion emerged: there was no dedicated taxonomy for evaluating Cyber Threat Intelligence (CTI) in MISP.

So, we created one called: cti-evaluation

πŸ”— https://www.misp-project.org/taxonomies.html#_cti_evaluation

My colleagues ThΓ©o Geffe and Christian Studer then took it one step further by implementing it in CTI-transmute.

From discussion to a first implementation and tests in less than 48 hours, not too bad! Feedback on the taxonomy is more than welcome. And you can already test it live on cti-transmute.org

πŸ”— https://cti-transmute.org/convert/detail/93

#cti #misp #cybersecurity #threatintelligence #opensource #threatintel

@misp
@circl

Alexandre DulaunoyMay 13

This release includes a major new feature: a graph visualisation for the MISP standard and STIX format, making it easier to explore, understand, and present CTI data structures directly from JSON.

CTI Transmute is an online service available at cti-transmute.org and also an open source project available on GitHub.

The FIRST CTI 2026 conference in Munich was a great source of feedback for this release. Many of the improvements and new features introduced in v1.2 came directly from discussions, demonstrations, and feedback gathered during the event. Thank you to everyone who tested, commented, challenged ideas, and shared practical use cases.

#cti #stix #misp #standard #interoperability #cybersecurity

πŸ”— Release notes CTI Transmute https://github.com/MISP/cti-transmute
πŸ”— Release notes misp-stix https://github.com/MISP/misp-stix/releases/tag/2026.5.13

IFIN - The Independent Federated Intelligence NetworkMay 12

Did you know we have a @misp feed? We do!

Discourse posts with valuable indicators are added to our feed, which is free for all.

https://misp.ifin.network/feed (/manifest.json for manual review)

#MISP #ThreatIntel #ThreatIntelligence #IFIN

Alexandre DulaunoyMay 10

The Synthetic Exercise World Format provides fictional countries, companies, sectors, and threat actors with structured metadata for neutral CTI examples, exercises, interoperability tests, and standards documentation without referencing real-world sensitive entities.

I just released version 1.0.

#cti #opensource #misp #cybersecurity #threatintelligence #threatintel

πŸ”— GitHub - https://github.com/MISP/Synthetic-Exercise-World-Format

Alexandre DulaunoyApr 27

Drone and UAV Forensic

This repository is designed to accelerate the forensic analysis of DIY FPV drones and to help automate technical reporting from seized or recovered artifacts.

The goal is pragmatic: extract useful evidence faster, normalize outputs, and produce data that can be reused in reports or shared into investigative platforms such as MISP.

πŸ”— https://github.com/CIRCL/Drone-Forensic

#drone #uav #opensource #dfir #threatintelligence #threatintel #misp #digitalforensics

@circl
@misp

GitHub - CIRCL/Drone-Forensic: Drone and UAV Digital Forensic

Drone and UAV Digital Forensic. Contribute to CIRCL/Drone-Forensic development by creating an account on GitHub.

GitHub
Alexandre DulaunoyApr 24

Some updates on the MISP Galaxy website:

https://www.misp-galaxy.org/mitre-fraud-framework/#

It now includes a matrix-like view of the galaxy for @misp

#misp #cti #threatintel #threatintelligence

BSidesLuxembourgApr 21

βš™οΈ Technical Spotlight: New Session at BSides Luxembourg 2026

π—Ÿπ—œπ—šπ—›π—§π—‘π—œπ—‘π—š π—§π—”π—Ÿπ—ž: π— π—œπ—¦π—£ π—ͺ𝗒π—₯π—žπ—•π—˜π—‘π—–π—›β€“ Luciano Righetti

Lightning Talk (5 minutes)

Catch a sharp 5-minute lightning talk introducing MISP Workbench, a lightweight platform designed to bring fast, actionable threat intelligence directly to the frontlines. Built for edge deployments and threat hunters, this tool focuses on speed, accessibility, and enabling defenders to operate effectively even in constrained environments.

This session highlights how MISP Workbench enhances threat intelligence workflows, making it easier to collect, process, and act on data anytime, anywhere. A practical glimpse into modern, field-ready tooling for security teams looking to stay agile and responsive.

Luciano Righetti is a software engineer with a strong passion for cybersecurity, formerly contributing as a MISP core developer at CIRCL. His work focuses on building practical tools that support threat intelligence operations and strengthen Luxembourg’s cybersecurity ecosystem.

πŸ“… Conference Dates: 6–8 May 2026 | 09:00–18:00
🎟️ Tickets: https://2026.bsides.lu/tickets/
πŸ“… Schedule: https://pretalx.com/bsidesluxembourg-2026/schedule/
πŸ“² Want to navigate the event easily? Check out the full schedule on Hacker Tracker:
https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #CyberSecurity #ThreatIntelligence #MISP #BlueTeam #OpenSource

Alexandre DulaunoyApr 11

Excited to share that the MITRE Fight Fraud Frameworkβ„’ (F3) is now included in the default MISP galaxy and available across all MISP instances.

F3 is a curated knowledge base of tactics and techniques used by financial fraud actors, helping analysts structure, share, and enrich fraud-related intelligence more effectively.

A great step forward for the MISP community and for teams tracking financial fraud.

πŸ”— https://github.com/MISP/misp-galaxy

@misp
@circl

#misp #financialfraud #threatintel #threatintelligence #opensource
#financial