About Quickfire Cyber Bulletin
What is this?
Quickfire Cyber Bulletin is a free, open-source daily cybersecurity briefing system that collects public vulnerability feeds, security advisories, and cybersecurity news, then turns them into a prioritised, source-linked briefing for small-business sysadmins and technical generalists.
Core promise: Less cyber noise. More clear daily priorities.
Disclaimer
Quickfire Cyber Bulletin is an informational briefing system built from public sources. It is not a vulnerability scanner, penetration testing tool, security audit, or replacement for professional cybersecurity advice.
All data is sourced from publicly available feeds. Risk scores are deterministic signals to aid prioritisation — they are not authoritative verdicts. Always consult vendor advisories and qualified security professionals before taking action.
Who is it for?
- Solo sysadmins managing a small business
- IT generalists who also handle security
- Small organisations without a dedicated security team
- Technical professionals who want a clear daily summary
Data sources
| Source | What it provides | Update frequency |
|---|---|---|
| CISA KEV | Confirmed actively exploited vulnerabilities | Ongoing (usually weekly) |
| NVD CVE API | CVE details, CVSS scores, affected products | Continuous |
| FIRST EPSS | Exploit prediction probability scores | Daily |
| GitHub Security Advisories | Package-level security advisories | Continuous |
| Selected cybersecurity RSS feeds | Security news and analysis | Daily |
What the risk scores mean
Scores are calculated deterministically from public signals. No AI guessing.
| Signal | Weight | Reason |
|---|---|---|
| CISA KEV listing | 40 pts | Confirmed active exploitation is the strongest practical signal |
| EPSS score | up to 30 pts | Probability of exploitation in next 30 days |
| CVSS base score | up to 20 pts | Technical severity from vendor/NVD assessment |
| Recency | up to 5 pts | Recently published vulnerabilities often need faster action |
| SMB product relevance | 5 pts | Whether the affected product is common in small-business environments |
Maximum score: 100. Scores are a triage aid — not a definitive risk assessment.
AI use
When AI is enabled (optional), a small local language model generates plain-language summaries and "why it matters" text. AI runs only in scheduled batch jobs — never live per visitor request.
AI output must:
- Summarise only from the provided source text
- Remain source-linked
- Not invent facts or claim exploitation without source confirmation
- Not provide exploit instructions or offensive security guidance
AI does not determine risk scores. Scoring is always deterministic.
Open source
This project is free and open source. View the source on GitHub.