Infosec.Pub

France 24: France's CNIL fines Google €325M for placing tracking cookies and ads in Gmail without users' consent; Google says it is reviewing the decision  —  France's data protection authority on Wednesday issued record fines against search giant Google and fast-fashion platform Shein for failing to respect the law on internet cookies.

The FBI warned today that cybercriminals are impersonating its Internet Crime Complaint Center (IC3) website in what the law enforcement agency described as "possible malicious activity." [...]

A vulnerability in Electron applications allows attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack.

Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities

We’re delighted to announce the release of Vulnerability-Lookup 2.16.0 — packed with exciting new features!

What's New

Backend

• Introduced source-scoped kvrocks counters and source-scoped sorted indexes for vulnerability advisories by state (published, updated, reserved). (#211, PR #215)
  Examples of newly available queries:

  • GET published:count:github:2025-09
  • ZREVRANGE index:csaf_certbund:published 0 9 WITHSCORES
  • ZREVRANGE vendors:ranking:2025-08 0 9 WITHSCORES

• Added feeders for CERT-FR Avis and CERT-FR Alerte. (b99291f)

API

The Stats API endpoint now delivers statistics on CVE publications, with filters available by source, date, and advisory state. These new endpoints leverage the new indexes provided by the kvrocks backend. The result can be returned as JSON (default) or Markdown table. (0d153ed)

Frontend

• Added a new public statistics page displaying various insights on CVE publications. This new page features several interactive charts powered by the new Stats API endpoints. (0d153ed, c842876)

• Added XSLT support for various RSS/Atom feeds. The XSLT is injected immediately after feed generation, before delivery to the user. (241c6ca)

Migration Notes

• To reset the indexes, you can execute bin/index_vulnerabilities.py which is using various reindexing utilities. This will delete indexes and counters! Alternatively, you can rerun the appropriate feeder with the --reimport parameter.

Changes

• Improved search page: (82b9f95, f9f5c58)

  • Filtering on sources, vendors, and products.
  • Sorting based on advisory state (reserved, published, updated) and order (ascending/descending).
  • Displaying all vulnerabilities related to a vendor with pagination (without specifying a product).

• Improved recent page: vulnerabilities from multiple sources can now be sorted by publication or update date. (df1e472c)

• Improved admin dashboard for user management. (#221)

• Improved Vulnerability API endpoint: The GET List endpoint now provides more advanced filtering by source and advisory state. (0d153ed)

• Various improvements related to the vulnerability description pages.

Fixes

• NDJSON data dumps: fixed an issue where dumps did not actually contain newlines. (#218)
• Prevent reimport of already ingested vulnerabilities from flaky CSAF sources. (#1848619)

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.16.0

🙏 A big thank you to all contributors and testers!

Feedback and Support

If you find any issues or have suggestions, please open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
We appreciate your feedback!

Follow Us on Fediverse/Mastodon

Stay updated on security advisories in real-time by following us on Mastodon:
https://social.circl.lu/@vulnerability_lookup/

George Orwell might’ve predicted the surveillance state, but it’s still surprising how many entities took 1984 as a how-to manual instead of a cautionary tale. [Benn Jordan] decided to take …read more