Vulnerability Blog

Software Supply Chain and Geopolitics: KYM (Know your Maintainers)

DISCLAIMER: This post is not meant to be xenophobic or highlight individual maintainers as risky or dangerous, this article is meant to help open a dialogue to the possibility that the software you run in production today might be “blocked” tomorrow. I doubt the data from this post will be used as an enforcement mechanism,…
[MEDIUM] Jenkins Service Crash Vulnerability
2024 CVEs in Review

Now that 2024 has come to its conclusion, I’ve decided to kick off a post outlining some observations, trends, and insights for the CVEs published. As always more information is available in our Discord along side industry leading cybersecurity experts; including the data and SQL queries used, check it out here! In short, 2024 was…
Vulnerabilities (CVEs) Reserved per Year as a Proxy for US Economic Conditions and Outlook

While conducting my review of all CVEs published in 2024 (coming soon!) I noticed an interesting trend: years where CVEs fell compared to prior year correlated to poor economic conditions. in the US This article will attempt to describe the connection between the two data points. TL;DR — Corporate spending on Cybersecurity often is tied…
ChatGPT: The Security Researcher Sidekick

After some changes in my life; I took a few years away from hands on “hacktivity” to work on other parts of my life that needed some attention. Recently, I tossed around the idea of getting back into technical work, which is how this blog has come about. While getting back into the swing of…
[OSINT] Sherlock Project Username Finder Review, Deep Dive, and Improvements

Three days ago I came across an interesting post on Hacker News <here> discussing the Sherlock Project <here>. This project is a little over 6 years old and is still getting updates by the community. Likewise, this and similar projects (i.e Maigret) still make rounds online when they are posted. Because of that, I thought…
[WRONG] Failed Attempt to find vulnerabilities in Redline-RPM