cybersecurity

For the last two years, technologists have ominously predicted that AI coding agents will be responsible for a deluge of security vulnerabilities. They were right! Just, not for the reasons they thought.

Within the next few months, coding agents will drastically alter both the practice and the economics of exploit development. Frontier model improvement won’t be a slow burn, but rather a step function. Substantial amounts of high-impact vulnerability research (maybe even most of it) will happen simply by pointing an agent at a source tree and typing “find me zero days”.

I think this outcome is locked in. That we’re starting to see its first clear indications. And that it will profoundly alter information security, and the Internet itself.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

The SafeDep blog reports that compromised versions of the telnyx package have been found in the PyPI repository:

Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 million downloads per month (~30,000/day), making this a high-impact supply chain compromise. The payload downloads a second-stage binary hidden inside WAV audio files from a remote server, then either drops a persistent executable on Windows or harvests credentials on Linux/macOS.

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Just released #BurpAnonymizer, a Burp Suite extension that redacts PII, credentials, tokens and other sensitive data from HTTP requests/responses.

With one click, safely share requests and responses in reports, presentations, team reviews, or AI workflows, without exposing secrets and minimizing manual redactions.

🔗 Explore it here: https://github.com/sv1sjp/BurpAnonymizer

#CyberSecurity #BurpSuite #AppSec #Privacy #SecurityTools #web PortSwigger

cross-posted from: https://infosec.pub/post/43738524

Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he's been dismissed, ignored, and banned from Rust security channels.…

Le Monde revealed that France’s aircraft carrier Charles de Gaulle was tracked in real time through an officer’s activity on the Strava app. A sailor unknowingly shared running data from the ship, exposing its location in the Mediterranean. The French sailor’s public Strava profile, set as “public,” revealed the near real-time location of the aircraft carrier in the Mediterranean, near Cyprus and Turkey.

It is our honour to announce the release of Vulnerability-Lookup 4.2.0!

This version brings a large number of new CSAF-based vulnerability advisory sources, improvements to the web interface, and several bug fixes.

What's New

New CSAF-based sources

As the number of GNA keeps growing and the interest around the GCVE-EU initiative increases, these UI improvements and filtering capabilities are becoming essential to efficiently explore the various available sources.

Below is the list of CSAF-based sources available by default. You can enable or disable each feeder via the config/modules.cfg configuration file. The display in the web interface is also configurable through the config/website.py configuration file.

• ABB
• ads-tec Industrial IT GmbH
• AUMA Riester GmbH & Co. KG
• Beckhoff Automation GmbH & Co. KG
• Bender GmbH & Co. KG
• Carlo Gavazzi Automation
• CERT-Bund
• CERT@VDE
• CISA
• Cisco
• CODESYS GmbH
• Endress+Hauser AG
• Festo SE & Co. KG
• Frauscher Sensortechnik GmbH
• Helmholz GmbH & Co. KG
• HIMA Paul Hildebrandt GmbH
• ifm electronic GmbH
• Janitza electronics GmbH
• Lenze SE
• MB connect line GmbH
• Mettler-Toledo GmbH
• Microsoft
• Miele & Cie KG
• Murrelektronik GmbH
• NCSC-NL
• Nozomi Networks
• Open-Xchange
• OpenSuse
• Pepperl+Fuchs SE
• Phoenix Contact GmbH & Co. KG
• Pilz GmbH & Co. KG
• Red Hat
• Sauter AG
• Schneider Electric
• Sick
• Siemens
• SMA Solar Technology AG
• Suse
• SWARCO TRAFFIC SYSTEMS GmbH
• Trumpf SE + Co. KG
• VARTA Storage GmbH
• WAGO GmbH & Co. KG
• Weidmueller Interface GmbH & Co. KG
• Welotec GmbH
• Wiesemann & Theis GmbH

Improvements

• Enriched CSAF view
  The generic CSAF view now includes severity, vulnerabilities, references, and acknowledgments.
  d528da8

• Enriched OSV view
  Added severity and references to the generic OSV view.
  65de73e

• Date published in CVE records
  If known, the datePublic field of CVE records is now displayed.
  861a082

• Boost recent sightings enabled by default
  The boost recent sightings switch is now checked by default.
  4eed4c4

• New source argument for the full-text indexer
  Added a source argument to the indexer for more targeted indexing.
  d4e6e1f

• Less verbose indexing
  Reduced the verbosity of the full-text search indexing process.
  a563dff

• Configuration improvements
  Reorganized the default SOURCES_TO_SHOW config variable and updated the sample website.py configuration with examples for the new configuration options.
  f699400, 6e8fb6c

• Documentation updates
  Various improvements to the documentation, including GCVE publication as a GNA and Known Exploited Vulnerabilities Catalogs.
  58a4d83, 143f5f5, 1f6d6d3, 52c774f

• Updated Python dependencies
  6e30dc2

Fixes

• Fixed incorrect vulnerability ID passed in various Jinja macros. cf1b209
• Fixed the default product option so the form correctly re-submits its value when changing sort/order controls. 7373f8f
• Suppressed spurious config warnings for disabled features. c82e911
• Fixed a variable shadowing issue in parse_vuln_payload() where the local source variable was overriding the function parameter. cb03721

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.2.0

🙏 Thank you to all contributors and testers!

Special thanks to Raphaël Vinot for adding the new sources.

Feedback and Support

If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
Your feedback is always appreciated!

Follow Us on Fediverse/Mastodon

You can follow us on Mastodon and get real-time information about security advisories:
https://social.circl.lu/@vulnerability_lookup/