VULNR: Vulnerabilities Revealed, Security Strengthened

VULNЯ or VULNR is a premium Telegram bot powered by Perplexity Sonar Pro API, delivering vulnerability alerts, practical tips, and cybersecurity awareness to security professionals or organizations.

Comment 4

Inspiration

What inspired me to create VULNR was a decade-long challenge in my cybersecurity career: every day, I had to manually sift through countless fragmented sources just to stay updated on new vulnerabilities. This process was time-consuming, overwhelming, and left too much room for missing critical threats that could impact my clients or organization. I realized that not only was I feeling this pain, but so were many other cybersecurity professionals who needed timely, actionable intelligence to protect their systems.

Seeing how vulnerability-both the technical kind and the human willingness to acknowledge gaps-can drive growth and innovation, I wanted to create a solution that would empower security teams, not exhaust them. VULNR was born from my desire to transform this daily struggle into a streamlined, reliable pulse on cyber threats, giving back precious time and peace of mind to those who defend our digital world.

What it does

VULNR delivers daily, Perplexity Sonar Pro powered updates on newly discovered cybersecurity vulnerabilities. It uses advanced AI research to scan trusted sources across the internet in real time, summarize the most critical vulnerabilities (including CVEs, severity, affected systems, and mitigation steps), and distributes this intelligence directly from "vulnr_bot" (a Telegram bot). VULNR saves security professionals hours of manual research, ensures they never miss urgent threats, and provides actionable, source-backed insights to strengthen their cyber defense every day

How we built it

VULNR combines advanced AI research with automation to deliver daily, actionable cybersecurity vulnerability updates-saving professionals hours of manual work and helping them stay ahead of threats.

1. Identifying the Problem
After years of manually searching for daily cybersecurity vulnerabilities, I knew professionals needed a faster, more reliable way to get critical information.

2. Choosing the Right Tools
I selected Perplexity’s Sonar Pro API, an advanced AI research tool, to automatically scan trusted cybersecurity sources and summarize the most important new vulnerabilities each day.

3. Automating the Process
I designed a system that runs every hour (configurable), asking Perplexity Sonar Pro to gather and analyze the latest vulnerability information (like CVE IDs, severity scores, affected systems, and fixes). This ensures the data is always up-to-date and accurate.

4. Curating and Formatting
The information is carefully formatted into clear, concise updates-making it easy for subscribers to quickly understand the risks and recommended actions. Telegram Bot system has limitation of message length (4096 characters per message); VULNR able to smartly split long article into several messages.

5. Delivering to Subscribers
I set up a Telegram bot, where these daily summaries are automatically posted. Subscribers receive timely, actionable alerts right on their phones, without having to search for the information themselves. As cheap as a Dollar per month for VULNR premium users to unlock all features.

6. Continuous Improvement
Based on feedback from users and changes in the cybersecurity landscape, I regularly update and improve VULNR’s research process, data sources, and delivery methods to ensure the service remains valuable and trustworthy.

Challenges we ran into

Here are the main challenges we ran into during VULNR’s development:

  • Overwhelming Volume of Vulnerabilities: Each day, hundreds of new vulnerabilities are published. Filtering out noise and surfacing only the most critical, actionable threats was a constant challenge
  • Information Overload vs. Actionable Intelligence: Many sources deliver raw data or unprioritized alerts, which can overwhelm users and make it hard to focus on what truly matters. We had to design smart filtering and summarization to deliver concise, relevant updates
  • Keeping Up with Real-Time Changes: New vulnerabilities can appear at any moment. Ensuring our system continuously monitors and updates, rather than relying on periodic scans, required robust automation and scheduling
  • Automation & Integration: Building seamless automation-from AI research to Telegram delivery-meant overcoming technical hurdles and ensuring reliability, especially as manual processes are slow and error-prone
  • Resource Constraints: Like many cybersecurity teams, we had to balance limited time and resources, making it essential to prioritize the most impactful features and automate wherever possible
  • Cross-Team Communication: Aligning priorities and ensuring smooth collaboration (between development, security, and operations) was vital to avoid gaps in coverage and delays in delivering alerts
  • Maintaining Data Quality: Ensuring the accuracy, clarity, and trustworthiness of every alert was a top priority, requiring ongoing validation and refinement of our data sources and AI prompts

These challenges shaped VULNR into a focused, reliable daily resource that truly helps cybersecurity professionals cut through the noise and act quickly on what matters most.

Accomplishments that we're proud of

Here are some accomplishments we’re proud of from developing VULNR:

  • Transforming Manual Work into Automation: We turned hours of daily, manual vulnerability research into an automated, reliable process-freeing up valuable time for cybersecurity professionals and ensuring they never miss critical threats
  • Delivering Actionable, Curated Intelligence: VULNR doesn’t just send raw data; it provides clear, prioritized, and actionable vulnerability alerts, including context, severity, and mitigation steps, making it easy for users to act quickly and confidently
  • Rapid Time-to-Alert: Our system consistently delivers vulnerability updates within minutes to subscribers-much faster than traditional manual research or public feeds
  • Building Trust and Community: We’ve grown a loyal subscriber base that relies on VULNR as their daily pulse on cyber threats, with strong engagement and positive feedback from security professionals
  • Staying Ahead with Innovation: By leveraging advanced AI research tools and continuously refining our process, we’ve created a service that adapts to the fast-changing cybersecurity landscape and sets a new standard for timely, trustworthy vulnerability intelligence

These achievements reflect our commitment to making cybersecurity intelligence more accessible, actionable, and effective for everyone who needs it.

What we learned

Here’s what we learned from developing VULNR:

  • Proactive, Not Reactive, Is Essential: The cybersecurity landscape changes rapidly. We learned that waiting for incidents to happen is not enough; continuous, proactive monitoring and timely vulnerability intelligence are crucial for effective defense
  • Automation Saves Time, But Human Insight Matters: While AI and automation dramatically improved our speed and coverage, we found that human expertise is still needed to interpret findings, prioritize risks, and provide actionable context for users
  • Clarity Cuts Through the Noise: With hundreds of vulnerabilities disclosed daily, clear communication and smart filtering are vital. We learned to focus on delivering concise, relevant, and actionable information-helping users avoid information overload and act quickly
  • Transparency and Trust Build Adoption: Users want to understand where information comes from and how it’s assessed. Providing clear sources, transparent criteria, and explainable AI outputs increased trust and engagement with our service
  • Collaboration and Feedback Drive Improvement: Regular feedback from our community and collaboration with other security professionals helped us refine our process, improve accuracy, and adapt to emerging threats and user needs
  • Resilience and Continuous Improvement Are Key: Cybersecurity is never “set and forget.” We learned to treat VULNR as an evolving service, always updating our sources, methods, and response strategies to stay ahead of new threats and challenges

These lessons have shaped VULNR into a more effective, trusted, and user-focused tool for the cybersecurity community.

What's next for VULNR

Looking ahead, VULNR is focused on evolving with the rapidly changing cybersecurity landscape and the lessons learned from recent high-impact incidents like MOVEit and Log4j. Our next steps include:

  • Faster, More Actionable Alerts: We aim to further reduce the time between vulnerability disclosure and alert delivery, ensuring our users are among the first to know about critical threats. This is crucial as attackers are exploiting new vulnerabilities faster than ever before, often within days or even hours of disclosure
  • Expanded Coverage and Context: We plan to broaden our monitoring to include not just software CVEs, but also configuration weaknesses, supply chain exposures, and identity-related vulnerabilities-reflecting the industry’s shift from pure threat management to holistic exposure management
  • Validation and Remediation Guidance: Beyond just reporting vulnerabilities, we’ll incorporate practical validation steps and tailored mitigation advice, helping organizations not only patch but also verify that threats are fully addressed
  • Community and Collaboration: Inspired by the growing transparency and information sharing in the security community, we’re building features to let subscribers share insights, scripts, and remediation techniques-helping everyone respond faster and more effectively
  • Regulatory Readiness: As new regulations require organizations to track and report vulnerability management metrics, VULNR will provide tools and dashboards to help our users stay compliant and demonstrate their security posture to stakeholders

By focusing on speed, context, validation, and community, VULNR will continue to be the daily pulse for cybersecurity professionals-helping them stay ahead of threats, reduce risk, and respond with confidence in a world where vulnerability management is more critical than ever.

Built With

Share this project:

Updates

posted an update

  • The application is still under active development and not yet fully complete
  • Core features are being implemented, but some key functionalities are still in progress
  • The demo video has not been recorded yet
  • Integration with the Perplexity Sonar Pro API is ongoing and being refined
  • Telegram channel automation is partially working but needs further testing
  • Submission materials (readme, screenshots, and pitch) are being prepared

Log in or sign up for Devpost to join the conversation.