Tootfinder

We had the pleasure of presenting at FIRST.org 2025, showcasing the Vulnerability-Lookup and GCVE.eu initiatives.
Slides are now available.
#cybersecurity #vulnerability #cve

Evaluating Learned Indexes in LSM-tree Systems: Benchmarks,Insights and Design Choices
Junfeng Liu, Jiarui Ye, Mengshi Chen, Meng Li, Siqiang Luo
https://arxiv.org/abs/2506.08671 …

Evaluating Learned Indexes in LSM-tree Systems: Benchmarks,Insights and Design Choices
LSM-tree-based data stores are widely used in industry due to their exceptional performance. However, as data volumes grow, efficiently querying large-scale databases becomes increasingly challenging. To address this, recent studies attempted to integrate learned indexes into LSM-trees to enhance lookup performance, which has demonstrated promising improvements. Despite this, only a limited range of learned index types has been considered, and the strengths and weaknesses of different learned i…

License plate reader company Flock has stopped US agencies from accessing cameras in CA, IL, and VA after reports of lookups related to ICE and an abortion case (404 Media)
https://www.404media.co/flock-removes-state…

Flock Removes States From National Lookup Tool After ICE and Abortion Searches Revealed
Following 404 Media’s reporting and in light of new legislation, automatic license plate reader (ALPR) company Flock has stopped agencies reaching into cameras in California, Illinois, and Virginia.

Who is right with this sudo vulnerability? The CVSS reported or the VLAI severity model?
#sudo #vulnerability #vulnerabilitymanagement

"Flock's automatic license plate reader (ALPR) cameras are in more than 5,000 communities around the U.S. Local police are doing lookups in the nationwide system for ICE."
https://www.404media.co/ice-taps-into-nationwide-ai-enabled-camera-n…

ICE Taps into Nationwide AI-Enabled Camera Network, Data Shows
Flock's automatic license plate reader (ALPR) cameras are in more than 5,000 communities around the U.S. Local police are doing lookups in the nationwide system for ICE.

VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification.
This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling faster and more consistent triage ahead of manual CVSS scoring. The model and dataset are open-source and integrated…

VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification
This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling faster and more consistent triage ahead of manual CVSS scoring. The model and dataset are open-source and integrated into the Vulnerability-Lookup service.

"Flock's automatic license plate reader (ALPR) cameras are in more than 5,000 communities around the U.S. Local police are doing lookups in the nationwide system for ICE."
https://www.404media.co/ice-taps-into-nationwide-ai-enabled-camera-n…

ICE Taps into Nationwide AI-Enabled Camera Network, Data Shows
Flock's automatic license plate reader (ALPR) cameras are in more than 5,000 communities around the U.S. Local police are doing lookups in the nationwide system for ICE.

The Python-based data-exfiltration utility used by the Cl0p ransomware group (commonly distributed as part of the toolset during the 2023 – 2024 MoveIt campaigns) constructs operating-system commands by directly concatenating attacker-supplied strings without input sanitization. An authenticated endpoint on the Cl0p operators’ staging/collection host passes file-or directory-names received from compromised machines straight into a shell-escape sequence. No official patch or cooperation from …

Curious about the Chinese vulnerability database? It's now included on https://vulnerability-lookup.org!
Big thanks to @… for the aw…

Many are complaining about CISA removing the RSS feed for KEV. Just a reminder: we expose a lot of the API via RSS and Atom in vulnerability-lookup. KEV is included.
🔗 https://www.vulnerability-lookup.org/user-manual/feed-syndication/