Sightings

The Shadowserver Foundation Honeypot Feed is now integrated as a source of sightings in Vulnerability-Lookup

#Sightings#Honeypot#Shadowserver

We are glad to announce the immediate availability of vulnerability-related observations from The Shadowserver Foundation within Vulnerability-Lookup. This milestone wouldn’t have been possible without Piotr Kijewski. We developed a new sighting client, ShadowSight. This new client gathers vulnerability-related data directly from The Shadowserver Foundation, then reports the collected data to the Vulnerability-Lookup API as sightings. ShadowSight leverages insights on common vulnerabilities and exploited vulnerabilities from Shadowserver’s honeypot source. The source code of ShadowSight is available:

Read more →

January 22, 2025

Expanding Sources of Security Advisories and Sightings in Vulnerability-Lookup

#Sightings#CSAF#FKIE#Microsoft#Mastodon#Bluesky

Security Advisories We’ve recently added new correlating sources for Security Advisories: Microsoft CSAF Security Advisories: https://vulnerability.circl.lu/recent#csaf_microsoft We’ve also added a new source from Fraunhofer FKIE, which provides a community reconstruction of the legacy JSON NVD Data Feeds (at the end it’s more information). This is accessible at: https://vulnerability.circl.lu/recent#fkie_nvd One of the core strengths of Vulnerability-Lookup is its ability to correlate these new sources with existing ones. For example, you can view how vulnerabilities like CVE-2025-21385 appear across multiple sources:

Read more →

January 16, 2025

Monitoring Gists

#Sightings#Gist#GitHub

We’re expanding our coverage to include GitHub Gists as a valuable source of vulnerability sightings! Why Gists? Gists frequently contain sensitive leaked information, such as email address lists, passwords, API keys, SSH private keys, logs, zero-day exploits, or proof-of-concept (PoC) scripts for vulnerabilities. As part of the Vulnerability-Lookup project, we are now actively monitoring their creation in order to generate sightings related to vulnerabilities in our database.

Read more →

January 7, 2025