Threat Surface Pulse
Real-time snapshots from CISA KEV and other signals. Highlights exposed risk and trending CVEs.
- Recent KEV additions
- Exec-ready talking points
F5
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.
Roundcube
Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.
Cisco
Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.
Citrix
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Cisco
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.
AI/ML Signal Tracker
Tracks model releases, repos, and outages; summarizes impact for platform roadmaps.
- Top moving repos
- Signal strength
RepiFahmiSidiq/Onchain-Security-Suite
🛡️ Strengthen Web3 security with our AI-driven token auditor and reputation engine, ensuring safer transactions and reliable smart contracts.
mikehubers/Awesome-AI-For-Security
🛡️ Discover essential tools and resources that leverage AI for enhancing cybersecurity, focusing on modern technologies and their applications in security operations.
MUKUL-TIWARI/CyberShield-Security-Suite
AI-powered phishing, email, and vishing detection system.
zimingttkx/Network-Security-Based-On-ML
🛡️ 基于机器学习的网络安全威胁检测系统 | 完整的端到端ML项目,包含数据处理、模型训练、Web界面和API服务 | 适合初学者学习的实战项目 | Python + FastAPI + Scikit-learn + XGBoost
Western-OC2-Lab/AutoML-and-Adversarial-Attack-Defense-for-Zero-Touch-Network-Security
This repository includes code for the AutoML-based IDS and adversarial attack defense case studies presented in the paper "Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis" published in IEEE Transactions on Network and Service Management.
prashantshukla01/Network_Security
This project aims to detect malicious network activity using Machine Learning-based Intrusion Detection. It focuses on analyzing network traffic data to classify whether behavior is normal or attack-related, helping organizations strengthen their cybersecurity posture.