Threat Surface Pulse
Real-time snapshots from CISA KEV and other signals. Highlights exposed risk and trending CVEs.
- Recent KEV additions
- Exec-ready talking points
VMware Tanzu
When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
WebRTC
WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.
Grafana Labs
Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
Delta Electronics
Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.
Apple
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
AI/ML Signal Tracker
Tracks model releases, repos, and outages; summarizes impact for platform roadmaps.
- Top moving repos
- Signal strength
mikehubers/Awesome-AI-For-Security
🛡️ Discover essential tools and resources that leverage AI for enhancing cybersecurity, focusing on modern technologies and their applications in security operations.
RepiFahmiSidiq/Onchain-Security-Suite
🛡️ Strengthen Web3 security with our AI-driven token auditor and reputation engine, ensuring safer transactions and reliable smart contracts.
hmshujaatzaheer/federated-scion-security-framework
Formally Verified Federated Learning Framework for Privacy-Preserving Anomaly Detection in Path-Aware Networks (PhD Research)
Mohamed-Tamer-Nassr/Network-Security-Model
A machine-learning–based phishing detection system that analyzes URL and network features to identify malicious sites, built with Python, FastAPI, Scikit-Learn, MongoDB, and Docker.
XSource-Sec/awesome-ai-security
A curated list of AI security resources, tools, research papers, and more
MUKUL-TIWARI/CyberShield-Security-Suite
AI-powered phishing, email, and vishing detection system.