Finding CVEs that technically "don't exist" yet. 🕵️‍♂️

Ghost CVEs are live. A "Ghost CVE" is a vulnerability identifier that’s already popped up in the wild—think GitHub commits or security advisories—but is still listed as RESERVED or NOT_FOUND in official registries like NVD or MITRE.

It catches the threats that are already out there, even if the paperwork says they aren't. 📝💨

Admittedly, there are a lot more sources to add—this was just a quick weekend POV—but I plan on extending it soon.

Check out the latest ghost report here: https://github.com/RogoLabs/GhostCVEs/blob/main/reports/ghost_report.md

#InfoSec #ThreatIntel #OpenSource #GhostCVEs

Proofpoint threat researchers have designed an open-source tool—named PDF Object Hashing—to track and detect the unique characteristics of PDFs used by threat actors... similar to a digital fingerprint. 🫆

We use this tool internally to help track multiple threat actors with high confidence, improving attribution in many cases.

The tool has been released in the Proofpoint Emerging Threats public #GitHub for other defenders to leverage.

Learn more about it here: https://www.proofpoint.com/us/blog/threat-insight/proofpoint-releases-innovative-detections-threat-hunting-pdf-object-hashing

#PDF #threatdetection #cyberthreat