Key Points
Welcome to Issue #2 of The Vulnerabulletin - our monthly newsletter filled to the brim with industry news, cybersec research from our in-house experts and the latest news from Intruder!
This month we look at the security risks of AI vibe coding… our Head of Security Dan Andrew explores what happened when a vibe-coded honeypot vuln almost made it past us. We show off our vulnerability intelligence platform cvemon (yes it’s as cool as it sounds) and founder Chris is back at it again, sharing the story of his (and Intruder’s) humble beginnings on Code Story’s latest episode. Finally we round things off with the industry headlines and Intruder news we can’t stop talking about.
We accidentally vibe-coded a vulnerability 👀
Vibe coding is a great productivity tool, until your AI helper vibes a vulnerability.
We learned that the hard way when our vibe-coded honeypot - built to help us write more robust vulnerability checks - introduced one of its own. The irony wasn’t lost on us...
Read our Head of Security's breakdown of what happened and the steps organizations can take to mitigate vibe coding risks in The New Stack.
Doomscrolling on X is not a security strategy 👾
We created a free vulnerability intelligence platform to monitor sources like X for trending CVEs to help you understand which ones are worth your time.
We called it cvemon and just like Intruder has Greg, cvemon has Shelly - a friendly ambassador who snacks on /etc/passwd files and hunts vulnerabilities so you don’t have to.
cvemon cuts through the noise, tracks CVE hype and helps you focus on what matters when things get loud. Level up how you monitor for new vulns.
More Intruder lore 🎧
All caught up on your fave podcast episodes? Might we suggest adding the dulcet tones of Intruder Founder & CEO Chris Wallis to your regular rotation. Earlier this month Chris talked all things sports, farms and ethical hacking with the Code Story team and what can we say, it’s a blast. Listen now or save it as a nice reward for future you.
The Vulnerabulletin Board 📌
What our security team has been reading this month...
📖 Oracle’s flawed guidance (Dark Reading) - Intruder’s Head of Security investigates how conflicting deployment advice left some Oracle customers exposed
🚫 Secret Desires’ cloud containers leak (404 Media) - a disturbing insight into the world of nonconsensual AI-generated adult material
🕵️ AI-orchestrated cyber espionage (Anthropic) - how one team disrupted the first large-scale cyberattack executed with minimal human intervention
What's new in Intruder 💡
🤖 GregAI gets an upgrade - our AI security analyst copilot can now manage your targets and tags, start scans and snooze issues
🔍 Improved subdomain discovery - as Shadow IT silently expands attack surfaces, we've integrated with the world's largest domain database to make unmonitored assets easier to find
🎬 Intruder’s brand video - move aside Stranger Things, our new brand video has more 80’s nostalgia than Kate Bush’s leg warmers
