So check it out. KEV data is now available on GitHub, in the proper cisagov organization. I know other people mirror KEV for their projects, but who can say if they're fiddling with it along the way? With

GitHub

GitHub - cisagov/kev-data: Mirror of cisa.gov/kev data files

Mirror of cisa.gov/kev data files. Contribute to cisagov/kev-data development by creating an account on GitHub.

, you can rest assured that it's the Real and True mirror of KEV.

Cybersecurity and Infrastructure Security Agency CISA

Known Exploited Vulnerabilities Catalog | CISA

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace w...

is still the actual authoritative source, but this GitHub mirror is a pretty close second. I posted about this on [LinkedIn](

GitHub · Change is constant. GitHub keeps you ahead. | Tod Beardsley | 11 comments

Hey so this is fun: We

) since that's what people do with work stuff, apparently.

98 KEVs to go until KEV #1337 Hopefully it'll be a good one.

Near as I can tell, the activity around the #Struts2 bug, CVE-2024-53677, is just ham-handed runs of some generalized PoC, and nobody's actually exploiting this yet (since exploitation would be very application/path specific). Most of the news last week was all "exploitation happening, patch and rewrite everything now!" but not seeing any reports of successful (or even possibly successful) this morning. Tell me I'm wrong! (The PoC identified by SANS at https://isc.sans.edu/diary/31520 isn't specific to some particular application -- it's on the user to define upload_endpoint and assumes no auth or session or anything.)

I’m not pirating movies, I’m just training my model.