Posts
Malware Campaigns & Threat Actors
An interactive, data-driven catalogue of the software supply-chain malware campaigns Vulnetix tracks and the threat actors behind them. Choose any campaign for an impact-and-mitigations teardown, or any actor for a motivations-tools-tradecraft profile, with live indicators of compromise from the Vulnetix VDB. Where our data is partial we show the IOCs and say so.
malware campaignthreat actorsupply chain attackIOCindicators of compromisethreat intelligence
Atomic Arch, and other tracked Malware campaigns
Our threat intelligence on the supply-chain malware campaigns Vulnetix investigates. Starting wiht Atomic Arch (hijacked AUR maintainer accounts), and others like TeamPCP / Miasma (PyPI) that we have some insights to share. Threat-actor accounts, recovered emails, file hashes, C2 domains and IPs, and .onion endpoints, grouped by campaign.
malware campaignsupply chain attackthreat actorIOCindicators of compromiseAUR
Announcing the Vulnetix Vendor Patching Archives
Twelve vendor-specific patching-guidance archives are now live on Vulnetix, Microsoft Patch Tuesday, Red Hat RHSA, Google / Chrome (incl. Project Zero), Apple, Canonical / Ubuntu, Alpine (with Chainguard + Wolfi + Red Hat hardened-registry variants), SUSE (incl. Rancher portfolio), AWS (Amazon Linux + AWS SDK), Cloudflare, Cisco PSIRT, Broadcom / VMware (incl. Bitnami + Tanzu), and Alibaba Cloud. Each archive ships month-by-month coverage, downloadable CSAF / VEX where the vendor provides it, and live KEV / EPSS / PoC-maturity enrichment from the Vulnetix VDB.
Vulnetix vendor archivesvendor patchingPatch TuesdayRHSAUSNALAS
Google / Chrome Security Advisory Archive
Every Google-attributable CVE across five programmes, GCVE (Google's CNA), Google Cloud Security Bulletins (incl. Chrome stable channel + Android Security Bulletin redistributions), Project Zero in-the-wild tracker, and the ~20 Google-maintained open-source projects (Chromium, Android/AOSP, ChromeOS, Go, Kubernetes, TensorFlow, Angular, Bazel, gRPC, Protocol Buffers, gVisor, Flutter, Dart, Firebase, Skia, Tink, V8, Material, ORTools, Polymer, Istio, googleapis SDKs). Month by month, enriched with live KEV / EPSS / PoC maturity from the Vulnetix VDB.
GoogleChromeChromiumAndroidAOSPChromeOS
Apple Security Advisory Archive
Every Apple-vendor CVE across macOS, iOS, iPadOS, tvOS, watchOS, visionOS, Safari (WebKit), Xcode, iCloud for Windows, iTunes, Apple TV, HomePod, AirTag, and the broader Apple portfolio, month by month, enriched with live KEV / EPSS / PoC maturity from the Vulnetix VDB.
ApplemacOSiOSiPadOStvOSwatchOS
Canonical / Ubuntu Security Advisory Archive
Every Ubuntu Security Notice (USN-NNNN-N) across all supported LTS releases, plus Livepatch, Snap store advisories, and the broader Canonical portfolio (MAAS, Juju, Multipass, microK8s, LXD, Incus, Charmed Kubernetes). Month by month, enriched with live KEV / EPSS / PoC maturity from the Vulnetix VDB.
CanonicalUbuntuUSNUbuntu Security NoticesUbuntu LTSLivepatch
Alpine Linux Security Advisory Archive
Every Alpine Linux security advisory across all supported releases (Alpine 3.18, 3.19, 3.20, 3.21, edge), aports source packages from the Alpine secdb feed plus the same package as it ships in the Docker Hub Official Alpine image, Chainguard hardened images, Wolfi undistro, and the Red Hat hardened registry. Same upstream package, different vulnerability footprint per registry. Month by month, enriched with live KEV / EPSS / PoC maturity from the Vulnetix VDB.
Alpine LinuxAlpine secdbaportsalpine:3.18alpine:3.19alpine:3.20
SUSE Security Advisory Archive
Every SUSE security advisory, SUSE-SU-* errata for SUSE Linux Enterprise Server and SUSE Manager, openSUSE-SU-* errata for Leap and Tumbleweed, plus Rancher-portfolio CVEs across K3s, RKE2, NeuVector, Harvester, and Longhorn. Month by month, enriched with live KEV / EPSS / PoC maturity from the Vulnetix VDB.
SUSESLESSUSE Linux EnterpriseopenSUSEopenSUSE LeapopenSUSE Tumbleweed
Cloudflare Security Advisory Archive
Every Cloudflare security advisory, CNA GHSA entries from the cloudflare/advisories repo, blog disclosures from blog.cloudflare.com/tag/cve, and changelog notices from developers.cloudflare.com/changelog, covering Workers, Pages, R2, D1, Access, Tunnel, WAF, DNS, Magic Transit, and the rest of the portfolio. Month by month, enriched with live KEV / EPSS / PoC maturity from the Vulnetix VDB.
CloudflareCloudflare CNAcloudflare/advisoriesGHSACloudflare WorkersCloudflare Pages
Alibaba Security Advisory Archive
Every Alibaba Cloud Linux 2 security advisory (ALINUX2-SA-*) and every CVE naming Alibaba or Aliyun as the affected vendor across the Aliyun product portfolio (ECS, OSS, RDS, SLB, PolarDB, Lindorm, MaxCompute, DataWorks) plus Dragonwell JDK, month by month, enriched with live KEV / EPSS / PoC maturity from the Vulnetix VDB.
AlibabaAlibaba CloudAliyunALINUXALINUX2-SAAlibaba Cloud Linux 2
Cisco Security Advisory Archive
Every Cisco PSIRT security advisory (cisco-sa-*) and every CVE naming Cisco as the affected vendor across IOS, IOS-XE, NX-OS, ASA, Firepower, Meraki, Webex, AnyConnect, Catalyst, Nexus, and acquired products (Duo, AppDynamics, ThousandEyes), month by month, enriched with live KEV / EPSS / PoC maturity from the Vulnetix VDB.
CiscoPSIRTcisco-saCisco IOSIOS-XENX-OS
AWS Security Advisory Archive
Every Amazon Linux ALAS advisory (AL1, AL2, AL2023), every AWS Security Bulletin for cloud services (EC2, S3, IAM, EKS, ECS, Lambda, RDS), and every CVE in the official AWS SDKs (Java, Go, JavaScript, Python, CDK), month by month, enriched with live KEV / EPSS / PoC maturity from the Vulnetix VDB.
AWSAmazon LinuxALASAL1AL2AL2023
Broadcom Security Advisory Archive
Every Broadcom security advisory across the VMware, Bitnami, Cloud Foundry, and Tanzu portfolios, month by month, with VMSA-coded VMware bulletins, Bitnami packaged-software CVEs, BOSH stemcell + Cloud Foundry buildpack enrichment, downloadable CSAF where available, and live exploit intelligence from the Vulnetix VDB.
BroadcomVMwareVMSAVMware Security AdvisoryvCentervSphere
Red Hat Security Advisory Archive
Every Red Hat Security Advisory (RHSA), month by month, with downloadable CSAF documents, full CVE coverage, affected products, and live exploit intelligence from the Vulnetix VDB. Navigate the full RHSA history or deep-link to any month.
RHSARed Hat Security AdvisoryRed Hat Enterprise LinuxRHELerrataCSAF
Just Patch It
The decline of the CVE program, NVD obsolescence, the CISA ADP downgrade, and GCVE's federated takeover, visualised. Why "just patch" is the security industry's alternator joke.
CVE programNVDNISTCISAVulnrichmentADP
Reachability is Live: Find the Code That Actually Matters
Announcing reachability for the Vulnetix Code Scanner, precise per-CVE detection patterns, evaluated locally against your source across 17 languages, no source upload. Cuts the SCA queue by 60–90% on mature codebases, ships audit-grade evidence for VEX, and gives security vendors a defensible reachability story without rebuilding the database.
reachabilitycode scannerSCAvulnerability prioritisationVEXsemantic reachability
Vulnetix KEV: Evidence the Authority Lists Haven't Reached Yet
A live analysis of Vulnetix KEV, an independent, evidence-driven catalogue of CVEs with corroborated exploitation signals that aren't (yet) on CISA, ENISA, or VulnCheck KEV. Qualifying-signal breakdowns, added-over-time pace, vendor concentration, ransomware overlap, and a searchable table of every entry.
Vulnetix KEVknown exploited vulnerabilitiesCISA KEVENISAVulnCheck KEVexploitation evidence
Exploit Intelligence Signals
A seven-tier view of how the world's exploit data actually stacks up, from social mentions to KEV listings to EPSS predictions. Live counts from the Vulnetix VDB, honestly sourced.
exploit intelligenceCVEKEVEPSSCESSCoalition ESS
Patch Tuesday Archive
Every Microsoft Patch Tuesday release, CVE-by-CVE, with downloadable CSAF + VEX documents and live exploit intelligence from the Vulnetix VDB. Navigate the full history or deep-link to any month.
Patch TuesdayMSRCMicrosoft Security Response CenterCVECSAFVEX
Matching Cloud Vulnerabilities
How Vulnetix correlates cloud-provider advisories to your running workloads using the IETF CRIT specification, deterministic matching across AWS, GCP, and Azure.
cloud vulnerabilitiesCVE matchingIETF CRITcloud securityAWS advisoriesGCP advisories
Vulnerabilities Confirmed Discovered by AI
A living tracker of every CVE and equivalent ID confirmed discovered by an AI system, from Big Sleep's SQLite stack underflow to Project Glasswing's 50+ entries. Includes the models-vs-harness distinction, a leaderboard across AI orgs, live exploitation intelligence from the Vulnetix VDB, and a maintainer's honest accounting of the AI-bug-report slop problem.
AI security researchCVEvulnerability discoveryBig SleepProject GlasswingMythos
Bypassing the Need for Scanners
Traditional vulnerability scanners fire after the code is already written, committed, and pushed. The feedback loop is architecturally broken. Here's why AI coding agents make the old model obsolete.
AI coding agentsvulnerability scannersshift-leftpre-commit securitySCASAST
Vendor Disclosure Trends
Monthly and yearly vendor disclosure counts, broken down by CVE, GHSA, and everything else. Live data from the Vulnetix VDB, sourced from 160+ authorities. An honest look at who's actually writing the world's advisories.
CVE trendsGHSAvulnerability disclosurevendor advisoriesCNAvulnerability database
SBOM: Source of Truth for Software Supply Chain Security
Why every software team needs an SBOM. From incident response to regulatory compliance, and the 11 hidden problems with vendor SBOM generators that Vulnetix solves.
SBOMsoftware bill of materialsCycloneDXSPDXsupply chain securityvulnerability management
Topics
0day in the wildADPagent harnessAI assistantsAI coding agentsAI security researchAirPodsAirTagAISLEAL1AL2AL2023ALASAlibabaAlibaba ACKAlibaba CloudAlibaba Cloud Linux 2ALINUXALINUX2-SAAliyunAliyun ECSAliyun OSSAliyun RDSAliyun SLBAlpinealpine edgeAlpine LinuxAlpine secdbalpine:3.18alpine:3.19alpine:3.20alpine:3.21Amazon LinuxAndroidAngularAnyConnectAOSPapkaportsAppDynamicsAppleApple security releaseApple TVAria AutomationASAAtomic Archattacker emailattacker handleAURautonomous vulnerability discoveryAWSAWS advisoriesAWS CDKAWS SDKAWS security bulletinsaws-sdk-goaws-sdk-javaaws-sdk-jsAzure advisoriesbase imageBazelBig SleepBitnamiBitnami Helm chartBOSHboto3Broadcombug bountyC2CanonicalCatalystCESSChainguardChainguard imagesCharmed KubernetesChromeChromeOSChromiumCIRCLCISACISA KEVCiscoCisco IOSCisco PSIRTcisco-saClaudeCloud Foundrycloud securitycloud vulnerabilitiesCloudflareCloudflare AccessCloudflare CNACloudflare D1Cloudflare DNSCloudflare PagesCloudflare R2Cloudflare TunnelCloudflare WAFCloudflare Workerscloudflare/advisoriescloudflaredCNACoalition ESScode scannerCodeQL comparisonCompute Enginecontainer registryCPECrowdSecCSAFCVECVE matchingCVE programCVE trendsCycloneDXDartDataWorksdependency confusiondeveloper workflowdistrolessDocker Hub AlpineDragonwellDuo SecurityEC2ECSEKSENISAEO 14028EOLEPSSerrataESXiEU CRAexploit intelligenceexploitability indexexploitation evidenceexploitation maturityExploitDBFirebaseFirepowerFlutterFMCFXOSGCPGCP advisoriesGCVEGHSAGKEGogolangGoogleGoogle CloudgoogleapisgRPCgVisorHarvesterHomePodHT201222IAMiCloudIETF CRITincident responseIncusindicators of compromiseintent-to-useIOCiOSIOS-XEiPadOSIstioiTunesJBossJujuK3sk8sKB articleskernel CVEKEVknown exploited vulnerabilitiesKubernetesLambdaLindormLivepatchLonghornLXDMAASmacOSMagic TransitMagic WANmalicious packagemalware campaignMaterial DesignMaxComputeMerakiMetasploitMiasmamicroK8sMicrosoftMicrosoft Security Response CenterMicrosoft vulnerabilitiesMiniflareMISPmonthly archiveMSRCMultipassmuslMythosNeuVectorNexusNISTnpmNucleiNuGetNVDNVD alternativeNX-OSo3OpenShiftOpenSourceMalwareopenSUSEopenSUSE LeapopenSUSE TumbleweedopenSUSE-SUOR-ToolsOSS-FuzzOSVpackage firewallpackage updatesPackagistpatch availabilityPatch TuesdayPix AIPix AI assistantPolarDBPolymerpre-commit securityProject GlasswingProject ZeroProtocol BuffersprovenancePSIRTpurlPyPIRancherransomwareRDSreachabilityRed HatRed Hat Enterprise LinuxRed Hat hardened registryRed Hat Security AdvisoryRHELRHSARKE2RubyGemsS3SafariSASTSBOMSCASecurity Copilotsecurity erratasemantic reachabilityShadowservershift-leftsigned SBOMSkiaSLESSLSASnap storeSnapcraftSnortSnort rulesSnyk SAST comparisonsoftware bill of materialsSPDXsupply chain attacksupply chain securitySUSESUSE Linux EnterpriseSUSE ManagerSUSE-SUTanzuTeamPCPTensorFlowThousandEyesthreat actorthreat intelligenceTinktvOStyposquatUbuntuUbuntu LTSUbuntu ProUbuntu Security NoticesUSNV8vCenterVDBvendor advisoriesvendor patchingVEXvisionOSVMSAVMwareVMware Security AdvisoryvSphereVulnCheckVulnCheck KEVvulnerability advisoriesvulnerability correlationvulnerability databasevulnerability disclosurevulnerability discoveryvulnerability managementvulnerability prioritisationvulnerability scannersVulnetix KEVVulnetix VDBVulnetix vendor archivesVulnrichmentWARPwatchOSWebexWebKitWindows patchesWolfiWranglerXcodezero-day