Spyke

Replies

Comment on

Newspipe 12.1.0 released

Reply in thread

I started this project in January 2010, and I have been maintaining it ever since. Only recently did I use Claude Code with Opus to make some improvements to the layout (mainly the third column and the new scrolling system) and the README. I'll continue to use Claude Code to help me with UI and also maintain the translations.

Comment on

Looking for Lemmy accounts about software vulnerabilities, CVEs, etc.

Reply in thread

hello,

Thank you very much for your reply and the information. I'll have a look at your links.

Actually, I am simply looking for various information about vulnerabilities. The goal is not to find announcements of vulnerabilities. This is part of the "Vulnerability Lookup" project: https://vulnerability.circl.lu/ where we gather "sightings": https://vulnerability.circl.lu/sightings

A sighting can have various sources such as: GitHub Gist, Pastebin, Fediverse, Telegram channels, etc. So yes... here my questions is about sightings from the Fediverse. For now I am happy with this simple tool to monitor the Fediverse: https://github.com/CIRCL/FediVuln

It is able to find status related to security vulnerabilities and generate sightings in our "Vulnerability Lookup" project. That's it ;-)

thank you !

Comment on

Vulnerability Report - September 2025

Reply in thread

Considering vendor ranking. I see this quite often. Recently during Vuln4Cast conference. I think we will try some CNA ranking as well. Just to see. Or make a CNA classification. For example some CNAs often publish advisories related to Wordpress vulnerabilities that are barely maintained. I would like to be able to make stats including or excluding various CNAs, vendors, etc. We need first to handle couple of new indexes in our system for this.

Comment on

Vulnerability Report - September 2025

Reply in thread

Most of the time, yes. It has a relation with the impact. I’m referring to activity on social networks such as Mastodon and Bluesky, but also to other sources like Nuclei templates, Metasploit modules, and the Shadowserver Honeypot dataset. We rely on different types of sightings. It’s not just about “mentions.” The sightings used in the reports are from different sources: https://www.vulnerability-lookup.org/tools/#sightings

Regarding social network mentions, especially on platforms like Bluesky, I was quite skeptical at first since there’s a lot of noise. Lot of people are simply ranting. I changed my mind on this. Honestly, most of the time when we observe a spike in activity shortly after — or even before — the publication of an advisory, it turns out to be a severe vulnerability. Or something we have to look at.

We discussed this topic in our paper presented in Berlin: https://www.vulnerability-lookup.org/events/#first-cyber-threat-intelligence-conference , and more recently, we explored its connection with forecasting and automated classification techniques in our paper “VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification.”

You reached the end