VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software vulnerabilities.

A new component in the galaxy of tooling of vulnerability-lookup.

Thanks to @cedric who is becoming an orchestrator for many AI tools nowadays.

#cve #gcve #vulnerability #vulnerabilitymanagement #opensource #ai #mcp #vulnerabilitylookup

🔗 https://github.com/vulnerability-lookup/VulnMCP

cpe-guesser 2.0 released - Multi-Source CPE Imports, Better Ranking, and Greater Autonomy Beyond NVD

Version 2.0 brings major improvements to CPE import, ranking, and CVE v5 data handling. This release focuses on better import performance, broader format support, improved search relevance, and more robust indexing for vendor and product matching.

A notable change in this release is that cpe-guesser is no longer limited to NVD as its only practical CPE source. In addition to the NVD feeds, it can also leverage the Vulnerability-Lookup dump available at https://vulnerability.circl.lu/dumps/ , providing additional CPE sources and more autonomy from the previously NVD-only source model.

This release lays an important foundation for improving the GCVE ecosystem, especially by strengthening vendor and product references through better CPE source diversity, indexing, and matching capabilities. If you have ideas for further improvements, additional data sources, or better ways to refine vendor and product identification, we would be very happy to hear your feedback.

https://www.vulnerability-lookup.org/2026/03/22/cpe-guesser-2.0-released/

https://github.com/vulnerability-lookup/cpe-guesser

@circl
@gcve

#gcve #cve #opensource #cpe #vulnerability #vulnerabilitymanagement

1) A robot may not injure a human being or, through inaction, allow a human being to come to harm ... unless it makes a lot of money

2) A robot must obey the orders given it by human beings except where such orders would conflict with the First Law ... unless it makes a lot of money

3) A robot must protect its own existence as long as such protection does not conflict with the First or Second Law ... unless it makes a lot of money

"I'm concerned about LLM code in #curl and would like to suggest a code ban"

https://github.com/curl/curl/discussions/20972

We found the cyber Amish :

https://codeberg.org/small-hack/open-slopware

🤦🏼‍♂️

#ai #cyberamish #aislop #opensource

At the @cert_eu conference in 2025,
@cryptosec gave an insightful presentation filled with many humorous references.

One particularly interesting slide addressed bureaucracy in information security, why it exists and what it really represents.

Those four points alone could be the start of a book.

https://cryptosec.org/docs/CERT-EU-2025/IR-CERT-EU-2025-v3-CLEAR.pdf

#risk #cybersecurity #bureaucracy