thrunt.me Applied Cybernetics Group

About

thrunt.me is an Applied Cybernetics Group project

Independent security research. Local pipeline. Primary sources, credited per entry.

Applied Cybernetics Group (ACG) is an independent security-research practice. ThreatPipeline, the engine behind thrunt.me, runs locally — no managed pipeline, no third-party data broker. Every signal published here was fetched from a primary source we credit on the sources page.

What is published

One brief per day, dateline-led, with sections corresponding to the day's signal: material breach disclosures (SEC 8-K Item 1.05), federal patching priority (CISA KEV with EPSS context), exploit-probability movers, emerging critical CVEs, supply-chain advisories (GitHub Security Advisories), ransomware activity (ransomware.live), IOC volume (abuse.ch URLhaus), and cross-references when an entity named in one feed appears in another inside the same window. When a section has no signal, the section is still rendered with an explicit "none in this window" note. Calibration matters as much as signal.

Permanent corpus pages live at /corpus/sec-8k/ and /corpus/kev/. Each entry has its own dated page that links back to the originating brief and to the upstream source.

Methodology

Collection
Per-feed fetchers run daily with per-feed isolation. A failure in one feed does not block another. Source attribution and license are tracked for every entry.
Storage
A single local SQLite database. Single-writer process model. The site reads a build-time JSON snapshot, not a live database connection.
Correlation
Cross-reference is heuristic — vendor-name token matches between SEC filers and KEV vendor strings, EPSS-percentile sorting of the KEV catalog, MITRE ATT&CK technique mapping via CWE/CAPEC. We label heuristic links as such; verify before action.
Publication
Briefs are drafted by the composer, reviewed before publication, and only then flipped to published: true. The first thirty days run review-then-publish; a clean track record then graduates the pipeline to auto-publish.
Failure modes
When a feed has not succeeded in 48 hours, the next brief renders a "stale feeds" notice at the top. Outages are visible, not hidden.

What is not published

No tracker scripts. No analytics. No third-party fonts. No comments. No newsletter signup. No paywall. The build details belong in the methodology, not the brand.

Follow

The brief feed is at /feed.xml. The corpus updates whenever a brief publishes; subscribe to the RSS and the corpus pages link out from there. Direct contact channels will be announced when they're appropriate; until then, the site is read-only and the source links per entry are the canonical primary references.