Tag: open-source
-
Wenn die Software-Lieferkette ins Visier gerät
Digitale Bedrohungen nehmen weltweit kontinuierlich zu. Meldungen über Malware, Ransomware oder DDoS-Attacken gehören bereits zum Alltag. Und auch Angriffe auf Software Supply Chains gibt es immer öfter. Die Täter nehmen dabei gern Marktplätze ins Visier, auf denen Entwickler fertige Software-Bausteine bzw. -Pakete tauschen. Was ist also beim Schwachstellenmanagement zu beachten? Welche Rolle spielt Open Source?…
-
Maltrail: Open-source malicious traffic detection system
Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
-
Maltrail: Open-source malicious traffic detection system
Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
-
Maltrail: Open-source malicious traffic detection system
Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
-
Discord Weaponized as C2 Server Across Popular Open-Source Package Repositories
Malicious packages on popular registries are abusing Discord webhooks to exfiltrate sensitive files and host telemetry, bypassing traditional C2 infrastructure and blending into legitimate HTTPS traffic. Discord webhooks are simple HTTPS URLs that accept POST requests; they require no credentials beyond possession of the URL, and traffic appears as innocent JSON over port 443. Socket’s…
-
Malicious NPM Packages Used in Sophisticated Developer Cyberattack
In October 2025, security researchers uncovered an unprecedented phishing campaign that weaponizes the npm ecosystem”, not by infecting developers during package installation, but by abusing the unpkg.com CDN as a disposable hosting platform for malicious JavaScript. By seeding over 175 throwaway npm packages, attackers have turned a trusted open source delivery network into a large-scale…
-
Malicious NPM Packages Used in Sophisticated Developer Cyberattack
In October 2025, security researchers uncovered an unprecedented phishing campaign that weaponizes the npm ecosystem”, not by infecting developers during package installation, but by abusing the unpkg.com CDN as a disposable hosting platform for malicious JavaScript. By seeding over 175 throwaway npm packages, attackers have turned a trusted open source delivery network into a large-scale…
-
Free Open-Source Software for Modern Identity and Access Management
Explore free and open-source software options for modern Identity and Access Management (IAM). Enhance security and streamline user access with these powerful tools. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/free-open-source-software-for-modern-identity-and-access-management/
-
Threat Actors Exploit Discord Webhooks for C2 via npm, PyPI, and Ruby Packages
Threat actors are increasingly abusing Discord webhooks as covert command-and-control (C2) channels inside open-source packages, enabling stealthy exfiltration of secrets, host telemetry, and developer environment data without standing up bespoke infrastructure. Socket’s Threat Research Team has documented active abuse across npm, PyPI, and RubyGems, where hard-coded Discord webhook URLs act as write-only sinks to siphon…
-
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware.The threat actor’s use of the security utility was documented by Sophos last month. It’s assessed that the…
-
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware.The threat actor’s use of the security utility was documented by Sophos last month. It’s assessed that the…
-
Intel’s open source future in question as exec says he’s done carrying the competition
Tags: open-sourceKevork Kechichian says x86 giant’s contributions should benefit Intel first First seen on theregister.com Jump to article: www.theregister.com/2025/10/09/intel_open_source_commitment/
-
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads.According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It’s assessed that the malware is being propagated through First…
-
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads.According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It’s assessed that the malware is being propagated through First…
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, monitoring, open-source, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Grafana flaw, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. Grafana is an open-source platform for monitoring and observability. This flaw is a directory traversal vulnerability affecting versions…
-
Nagios: Open-source monitoring solution
Nagios is an open-source monitoring solution, now included as part of the robust Nagios Core Services Platform (CSP). It delivers end-to-end visibility across the entire IT … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/10/nagios-open-source-monitoring-solution/
-
Legit tools, illicit uses: Velociraptor, Nezha turned against victims
Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/09/velociraptor-nezha-attackers-misuse/
-
Threat Actors Exploit DFIR Tool Velociraptor in Ransomware Attacks
Tags: access, attack, cisco, cyber, exploit, incident response, open-source, ransomware, software, threat, toolCisco Talos has confirmed that ransomware operators are now leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool, to gain stealthy, persistent access and deploy multiple ransomware variants against enterprise environments. This marks the first definitive linkage between Velociraptor and ransomware operations, underscoring a shift in how threat actors incorporate legitimate security software…
-
Velociraptor leveraged in ransomware attacks
Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to threat actor Storm-2603, based on overlapping tools First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/
-
Velociraptor leveraged in ransomware attacks
Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to threat actor Storm-2603, based on overlapping tools First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/
-
IT Aktuelle Ransomware-Bedrohung ‘Yurei” ist ein Open-Source-Projekt
First seen on security-insider.de Jump to article: www.security-insider.de/aktuelle-ransomware-bedrohung-yurei-ist-ein-open-source-projekt-a-eaebffe977f73819da9c0911db446738/
-
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets.The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log…
-
China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-actors-nezha-open-source-tool
-
China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-actors-nezha-open-source-tool
-
China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-actors-nezha-open-source-tool
-
Open-source monitor turns into an off-the-shelf attack beacon
Tags: api, apt, attack, china, control, hacker, malware, monitoring, open-source, powershell, ransomware, rat, RedTeam, russia, software, threat, tool, windowsRiding Nezha to Ghost RAT: With the web shell in place, the attackers used AntSword to download two components: “live.exe” (the Nezha agent) and a “config.yml” that pointed to the attacker-controlled domain. The Nezha agent connected back to a management server whose dashboard was running in Russian, presumably to throw off attribution.Once Nezha was active,…
-
Autonomous AI hacking and the future of cybersecurity
Tags: ai, cyber, cyberattack, cybersecurity, defense, framework, hacking, offense, open-source, programming, reverse-engineering, risk, risk-management, saas, software, tool, update, vulnerabilityThe AI-assisted evolution of cyberdefense: AI technologies can benefit defenders as well. We don’t know how the different technologies of cyber-offense and cyber-defense will be amenable to AI enhancement, but we can extrapolate a possible series of overlapping developments.Phrase One: The Transformation of the Vulnerability Researcher. AI-based hacking benefits defenders as well as attackers. In…
-
Autonomous AI hacking and the future of cybersecurity
Tags: ai, cyber, cyberattack, cybersecurity, defense, framework, hacking, offense, open-source, programming, reverse-engineering, risk, risk-management, saas, software, tool, update, vulnerabilityThe AI-assisted evolution of cyberdefense: AI technologies can benefit defenders as well. We don’t know how the different technologies of cyber-offense and cyber-defense will be amenable to AI enhancement, but we can extrapolate a possible series of overlapping developments.Phrase One: The Transformation of the Vulnerability Researcher. AI-based hacking benefits defenders as well as attackers. In…