🇫🇷 The French government is sending a message about digital independence by ditching Microsoft Teams and Zoom for its own platform, Visio. This move is not about a lack of features but a calculated push for digital sovereignty. By 2027, every government department in France will communicate via this sovereign stack, ensuring that sensitive data remains subject to European law. The shift addresses a growing concern that relying on foreign cloud giants creates a strategic vulnerability. France is opting for an open-source architecture built on Django and React, hosted on the domestic Outscale cloud. This infrastructure removes the risk of external service disruptions while fostering a local tech ecosystem.

🧠 The Visio platform integrates with Tchap, a secure messaging app based on the Matrix protocol.
⚡ French startup Pyannote provides the AI backbone for meeting transcripts and speaker identification.
🎓 The administration expects to save millions in annual licensing fees by using in-house software.
🔍 Data remains strictly within French jurisdiction to bypass foreign data access laws.

itsfoss.com/news/france-ditche…
#France #TechHistory #DigitalSovereignty #OpenSource #security #privacy #cloud #infosec #cybersecurity #FOSS

Shadow Campaigns: Modern State-Sponsored Cyber Espionage

The search results reveal an intensifying landscape of state-sponsored cyber espionage campaigns in 2024-2026, with three major threat actors emerging:

North Korea's Lazarus Group

Between January-July 2025, Lazarus Group deployed 234 malicious packages across npm and PyPI repositories, targeting developers through compromised open source software¹. Their "BeaverTail" malware used sophisticated multi-stage loading techniques to steal credentials and maintain persistent access.

Earth Freybug APT

Operating as an offshoot of APT41, Earth Freybug conducts espionage against government agencies, defense contractors, and critical infrastructure². Their "Shadowhammer" malware specifically targets software supply chains, using stealth techniques to remain undetected within compromised systems.

Russia's GRU Campaign

Russia's military intelligence (GRU) nearly tripled its sabotage and subversion attacks in Europe between 2023-2024³. Their operations targeted:
- Transportation (27% of attacks)
- Government facilities (27%)
- Critical infrastructure (21%)
- Industrial targets (21%)

The GRU campaign uses multiple attack vectors including explosives (35%), physical tools like anchors to cut undersea cables (27%), and electronic attacks (15%)³.

1. Sonatype - Global Espionage: Lazarus Group Targets OSS Ecosystems ↩︎
2. Cyber Centaurs - Shadow Ops – Unveiling the Stealth Tactics of Earth Freybug ↩︎
3. CSIS - Russia's Shadow War Against the West ↩︎ ↩︎

We are glad to announce Vulnerability-Lookup 3.0.0. Our second release of 2026 is a major milestone, featuring GCVE-BCP-07 support.
Now, every Vulnerability-Lookup instance can publish its own KEV catalog while integrating KEV feeds from CISA and ENISA.

Let’s take a look at all the notable changes.

What's New

GCVE-BCP-07: Known Exploited Vulnerabilities (KEV) Catalogs Integration

This release implements support for GCVE-BCP-07, enabling seamless integration with multiple Known Exploited Vulnerabilities (KEV) catalogs from different Global Numbering Authorities (GNAs).
PR #310

Out of the box, any Vulnerability-Lookup instance can publish its own GCVE-BCP-07–compliant KEV catalog and consume KEV catalogs from ENISA and CISA.
Conversion and synchronization are performed using the following tool:
github.com/gcve-eu/gcve-eu-kev

A huge thank you to CISA and ENISA for their continuous work and for making KEV data available. Their catalogs are key building blocks for effective vulnerability prioritization, and it’s great to see them fit naturally into a GCVE-aligned workflow.

New and updated tools

• CISA KEV and ENISA CNW EUVD to GCVE-BCP-07 Converter: github.com/gcve-eu/gcve-eu-kev

  $ gcve-from-cisa --push
  $ gcve-from-enisa --push

• BCP Validator: github.com/gcve-eu/bcp-validat…

  $ python gcve_bcp05_validate.py --url https://vulnerability.circl.lu/api/vulnerability?source=gna-1
  OK: https://vulnerability.circl.lu/api/vulnerability/recent?source=gna-1

• GCVE Python client: github.com/gcve-eu/gcve

  $ gcve references --list
  {
  "kev": [
      {
      "uuid": "405284c2-e461-4670-8979-7fd2c9755a60",
      "short_name": "CISA KEV",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
      "automation_url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
      "description": "For the benefit of the cybersecurity community and network defenders\u2014and to help every organization better manage vulnerabilities and keep pace with threat activity\u2014CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework."
      },
      {
      "uuid": "1a89b78e-f703-45f3-bb86-59eb712668bd",
      "short_name": "CIRCL",
      "gcve_gna_id": 1,
      "description": "CIRCL provides a known-exploited vulnerability and supporting the different status_reason described in GCVE BCP-07."
      },
      {
      "uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd",
      "short_name": "EUVD KEV",
      "gcve_gna_id": 2,
      "automation_url": "https://github.com/enisaeu/CNW/raw/refs/heads/main/kev.csv",
      "description": "ENISA via the CSIRTs network provides list of known-exploited seen in the CSIRTs network."
      }
  ]
  }

New Vulnerability Sources

• new: [feeders] OSV importer for Drupal security advisories. Imports vulnerabilities from the Drupal security team's OSV feed.
  14177ab
• new: [feeders] OSV importer for CleanStart security advisories. Imports vulnerabilities from CleanStart's OSV feed.
  14177ab
• new: [feeders] Bitnami Vulnerability Database importer. Imports vulnerabilities from Bitnami's OSV-formatted vulnerability database, covering their application catalog.
  165e99d

Changes

• chg: [gcve] Updated GCVE Python client with improved type hints and bug fixes.
  78dbfc1
  5ddf74d
• chg: [gcve] KEV catalog menu now handles production instances that have their own GNA ID. When a local instance (e.g., CIRCL - GNA-1) exists in the GCVE KEV catalog list, it's marked as local without creating duplicates.
  2bba2d8
• chg: [api] Extended x_gcve injection to all vulnerability list endpoints: VulnerabilitiesList, Recent, Last, and LastLegacy. This ensures consistent GCVE integration across all API endpoints.
  227da00
• Various graphical improvements.

Fixes

• fix: [gcve] Resolved circular import in gcve_utils module.
  e7aa364
• 'Ghost CVEs' toggle is wonky
  #303
• Fix CVSS 4.0 parsing crash in web filters
  #304
• Fix blacklist bypass vulnerability in username validation
  #314
• Support YYYYMMDD date format in API since parameter
  #315

Changelog

For the full list of changes, check the GitHub release:
v3.0.0 Release Notes

Thank you to all our contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, please open a ticket on our GitHub repository:
GitHub Issues

Follow Us on the Fediverse

Stay updated on security advisories in real-time by following us on Mastodon:
@vulnerability_lookup

We’re delighted to announce the release of Vulnerability-Lookup 2.21.0.

This release brings several important improvements focused on search, data ingestion, and usability.

What's New

Product-level indexing & search API

Making it easier to explore vulnerabilities from a product-centric angle, without specifying a vendor name.
(f906064)

New CSAF feeder for Schneider Electric

We have recently added a new CSAF feed for Schneider Electric.
(e43fa03)

More flexible user registration configuration

New options to customize signup/about pages and restrict accepted email domains.
(3855838,
bfc82cf)

Improved notifications & UI refinements

Clearer emails, better metadata, and cleaner templates.

Ghost CVE

We now use the term Ghost CVE to refer to vulnerabilities observed in the wild via sightings
that do not yet have a public CVE record.

Changes

A number of fixes and technical improvements are also included.

• chg: [notifications] Added the publication date in email notifications and
  a special icon for new vulnerabilities. Closes #299.
  64bc631
• chg: [dependencies] Updated Python and dev/docs dependencies.
  510233c
  b08c381
• chg: [config] Updated default value for ACCEPTED_DOMAINS_FOR_REGISTRATION.
  6563f8a
• chg: [templates] Simplified titles for vuln and sightings pages; added
  Open Graph meta tag.
  19c9a69
  27eb6bf
• chg: [documentation] Updated installation instructions.
  152212d

Fixes

• fix: [api] Preserve typing for flask-restx decorators (mypy).
  f5f31c5
• fix(cvss): Safely handle CVSS 4.0 vectors in Jinja filters. Closes #305.
  5a303bb
• fix: [templates] Fix Bootstrap switch click handling (moved popover to
  help icon). Closes #303.
  19a8c54
• fix: [bin] Corrected the script name for the CSAF Schneider Electric importer.
  1386a76
• fix: [templates] Fixed an issue with batch deletion of users.
  839345b
• fix: [templates] Fixed a tag id in vulnerability_templates.html.
  bc0d329

Changelog

For the full list of changes, check the GitHub release:
v2.21.0 Release Notes

Thank you to all our contributors and testers!

The new contributor of this release is Thai Nguyen.

Feedback and Support

If you encounter any issues or have suggestions, please open a ticket on our GitHub repository:
GitHub Issues

Follow Us on the Fediverse

Stay updated on security advisories in real-time by following us on Mastodon:
@vulnerability_lookup