| Website | Schmiedecker.net |
Get to know the minds behind this year's CTF competition as our new organizers #BenevolentBureauofBirds guest on the #CTFRadiooo podcast. Backstory, process and some peeks into the coming contest.
It's beginning to feel a lot like #defcon đ¶
cpe-guesser 2.0 released - Multi-Source CPE Imports, Better Ranking, and Greater Autonomy Beyond NVD
Version 2.0 brings major improvements to CPE import, ranking, and CVE v5 data handling. This release focuses on better import performance, broader format support, improved search relevance, and more robust indexing for vendor and product matching.
A notable change in this release is that cpe-guesser is no longer limited to NVD as its only practical CPE source. In addition to the NVD feeds, it can also leverage the Vulnerability-Lookup dump available at https://vulnerability.circl.lu/dumps/ , providing additional CPE sources and more autonomy from the previously NVD-only source model.
This release lays an important foundation for improving the GCVE ecosystem, especially by strengthening vendor and product references through better CPE source diversity, indexing, and matching capabilities. If you have ideas for further improvements, additional data sources, or better ways to refine vendor and product identification, we would be very happy to hear your feedback.
https://www.vulnerability-lookup.org/2026/03/22/cpe-guesser-2.0-released/
https://github.com/vulnerability-lookup/cpe-guesser
#gcve #cve #opensource #cpe #vulnerability #vulnerabilitymanagement
Was haben wir in ForDaySec gemacht? Drei Bereich in den nĂ€chsten drei Tagen im Ăberblick.
𧔠ForDaySec 1/3 â Bereich A: Komponenten. Was tun, wenn IoT-GerĂ€te keine Updates mehr bekommen, der Hersteller nicht reagiert, das GerĂ€t aber weiterlĂ€uft? Im Forschungsbereich A haben zwei Teams daran gearbeitet, solche GerĂ€te trotzdem abzusichern.
A popular open-source vulnerability scanner (Trivy) was compromised last week in a supply chain attack
https://www.aikido.dev/blog/teampcp-deploys-worm-npm-trivy-compromise
https://github.com/aquasecurity/trivy/discussions/10425
https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise
https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release
https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack
Open Source Security Advisory What Happened On March 19, 2026, a threat actor used compromised credentials to publish malicious releases of Trivy version 0.69.4, along with trivy-action and setup-trivy. While this activity initially appeared to be an isolated event, it was the result of a broader, multi-stage supply chain attack that began weeks earlier. Attack âŠ
gcve-eu-kev updated â a CISA KEV and ENISA CNW/EUVD to GCVE BCP-07 converter.
It now also includes a generic RSS/Atom exporter for any GCVE KEV BCP-07 feed.
#cybersecurity #gcve #kev #cve #vulnerability #vulnerabilitymanagement
đ https://github.com/gcve-eu/gcve-eu-kev
đ https://gcve.eu/bcp/gcve-bcp-07/
RE: https://mastodon.social/@nixCraft/116261526543583522
Does that mean one could get a gun both faster & easier, with less obstacles in some US states, then to sideload an app?
Are LLMs a technology I currently support for #DigitalForensics? No.
Do LLMs have issues with hallucinations and pattern matching errors? Yes.
Can LLMs provide value? Yes.
Will LLMs become unavoidable due to tool availability and market requests? Absolutely.
What does this mean to us? We have to become experts with deep skills. If the machine lies to you and you don't know how to find out, what do you think will happen?
We need to become experts over expert systems. Be ready for everything.
CVE-2026-20963 Sharepoint Insecure Deserialization 8.8/10
Weekend soon. Where @watchTowr blog? Need lolz. I can has?
DEF CON
Alexandre Dulaunoy
Dominik Herrmann
Catalin Cimpanu
Chris Heilmann
Alexis Brignoni 
Dr. Christopher Kunz