As long as the CVE remains the main index of known vulnerabilities, teams of security analysts and engineers will develop processes to track updates. They will not only track changes, but also enrich database with additional data to help them prioritise fixes accurately.
IoC
Back in 2020, when X was still called Twitter, I created a simple Telegram bot that analysed Twitter feeds and identified interesting ideas related to vulnerability detection. Every day, it analysed all the posts with the #bugbountytips hashtag from the previous 24 hours, selected the posts with the highest reach based on the number of likes and retweets, and published them to the feed.
Since then, Twitter has shut down its API and rebranded as X and implemented anti-scraping measures to block content harvesting. However, the number of valuable ideas and the size of security community on the platform have not decreased.
With a bit of vibe-coding, the bot can be brought back to life:
- The bot uses Playwright to collect and analyse content on X with the hashtags #bugbountytips, #bugbountytip, #bugbounty, #pentest and #redteam that have received a certain number of likes within 24 hours.
- The bot transmits these posts for analysis to the DeepSeek-V3 model, which parses each post and prepares an expert commentary.
- It publishes the result in the @bhhub Telegram channel at 13:37 (UTC+0).
Link in comments. If you have any ideas for hashtags or sources to add for monitoring, please share them in the comments or via DM.
Medical data is slowly but surely migrating from paper mediums to the digital infrastructure of medical institutions. Today, the data is “scattered” across databases, portals, medical equipment, etc. In some cases, the security of the network infrastructure of such organizations is neglected, and resources that process medical information are accessible from outside sources.
Медицинские данные медленно, но уверенно мигрируют с бумажных носителей в «цифровую» инфраструктуру медицинских учреждений. Сегодня они «разбросаны» по базам данных, порталам, медицинскому оборудованию и т.п. При этом в некоторых случаях безопасность сетевой инфраструктуры таких организаций остается без внимания, а ресурсы, обрабатывающие медицинскую информацию, доступны извне.
Как показали многочисленные исследования, “умные” дома, “умные” автомобили и “умные” города, не только приносят несомненную пользу человеку в быту, но и зачастую создают угрозу его безопасности. Речь не только об утечке персональных данных – достаточно представить, что в какой-то момент “умный” холодильник под воздействием третьей силы начнет воспринимать просроченные продукты как свежие. Или вот еще один, более печальный сценарий: на высокой скорости система “умного” автомобиля неожиданно для хозяина поворачивает руль вправо…