Tag: open-source
-
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF.Claude Opus 4.6, which was launched on Thursday, comes with improved coding skills, including code review and debugging capabilities, along First seen…
-
OpenClaw AI Agent Sparks Global Security Alarm
Open-Source Tool Security ‘Dumpster Fire,’ Experts Warn. An open-source AI assistant that exploded in popularity over the past month is exposing users to data theft, malicious code and runaway costs. Users can add functions called skills that connect assistants with different services – and hackers have been quick to add malicious examples. First seen on…
-
Microsoft develops a new scanner to detect hidden backdoors in LLMs
Effectiveness of the scanner: Microsoft said the scanner does not require retraining models or prior knowledge of backdoor behavior and operates using forward passes only, avoiding gradient calculations or backpropagation to keep computing costs low.The company also said it works with most causal, GPT-style language models and can be used across a wide range of…
-
Microsoft launches LiteBox, a security-focused open-source library OS
Microsoft has released LiteBox, a project intended to function as a security-focused library OS that can serve as a secure kernel for protecting a guest kernel using … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/microsoft-litebox-security-focused-open-source-library-os/
-
Critical n8n flaws disclosed along with public exploits
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/
-
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats.The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don’t end up getting…
-
Global Threat Map: Open-source real-time situational awareness platform
Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/04/global-threat-map-open-source-osint/
-
Critical Django Flaw Allows DoS and SQL Injection Attacks
The Django Software Foundation has issued emergency security patches addressing six critical vulnerabilities affecting multiple versions of the popular Python web framework. Released on February 3, 2026, the updates fix severe flaws that could enable attackers to execute SQL injection attacks, cause denial-of-service conditions, and enumerate user accounts.”‹ Django is a widely used open-source Python…
-
Sicherheitsexperten warnen: Open-Source-KI könnte zu gravierendem Security-Problem werden
First seen on t3n.de Jump to article: t3n.de/news/sicherheitsexperten-warnen-open-source-ki-gravierendes-security-problem-1727710/
-
The ‘Invisible Risk’: 1.5 Million Unmonitored AI Agents Threaten Corporate Security
A massive >>invisible workforce<< of autonomous digital workers has arrived in the corporate world, but new research suggests it may be operating largely out of control. Large enterprises across the U.S. and UK have already deployed 3 million AI agents, according to a study released by Gravitee, an open-source leader in API and agentic management……
-
Compromise of Notepad++ Equals Software Supply Chain Fallout
Tags: attack, backdoor, china, exploit, group, infrastructure, open-source, software, supply-chain, vulnerability, windowsHacked Infrastructure Delivered Chinese Nation-State Group’s Backdoor, Experts Warn. The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors. First seen on…
-
ChatGPT hat die Welt verändert, OpenClaw krempelt sie um
Zurzeit überschlagen sich die Einschätzungen und News zum neuen KI-Agenten OpenClaw/Moltbot. Nash Borges, Vice President of Engineering and Data Science bei Sophos hat sich den Bot näher angesehen und hat eine dedizierte Meinung zum neuen KI-Supertool: Wer hätte gedacht, dass wir nur ein Open-Source-Projekt vom bedeutendsten Paradigmenwechsel in der künstlichen Intelligenz (KI) seit ChatGPT entfernt…
-
Sandisk brings SPRandom to open source for large SSD testing
Tags: open-sourceEnterprise storage environments already run long qualification cycles as solid-state drive capacities rise and validation teams try to mirror production workloads. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/sprandom-open-source-ssd-testing/
-
Open-Source-Alternative zu WSUS für Windows, Linux und macOS – Nach dem WSUS-Ende wird OPSI zur kostenlosen Alternative
First seen on security-insider.de Jump to article: www.security-insider.de/opsi-wsus-alternative-open-source-a-d6d2a3f7544135385bfbec3a62fe7bae/
-
Apache Syncope Vulnerability Allows Attackers to Hijack Active User Sessions
Apache Syncope, a popular open-source identity and access management platform, has disclosed a critical XML External Entity (XXE) vulnerability in its Console component. The vulnerability, tracked as CVE-2026-23795, allows authenticated administrators to execute XXE attacks and extract sensitive data from affected systems. Security researchers Follycat and Y0n3er discovered the flaw, which affects multiple versions of…
-
Open-source attacks move through normal development workflows
Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/
-
APT28 Leverages CVE-2026-21509 in Operation Neusploit
IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
-
Product showcase: 2FAS Auth Free, open-source 2FA for iOS
Online accounts usually rely on a password, but passwords alone can be weak if they’re reused, easily guessed, or stolen. Two-factor authentication (2FA) adds a second layer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/product-showcase-2fas-auth-free-open-source-2fa-ios/
-
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.The development comes shortly First seen…
-
Over 21,000 OpenClaw AI Instances Leak Personal Configuration Data
The open-source AI assistant OpenClaw experienced explosive growth, expanding from approximately 1,000 active instances to over 21,000 in just seven days. Created by Austrian developer Peter Steinberger, the personal AI assistant integrates with email, calendars, smart-home systems, and food-delivery services, enabling it to perform actions far beyond those of traditional chatbots. The project’s rapid evolution…
-
Fosdem 2026: Wo das Herz der freien Welt schlägt
Tags: open-sourceDie Open-Source-Konferenz der Superlative wird politischer. Denn: Wenn die Demokratie verschwinde, verschwinde auch Open Source. First seen on golem.de Jump to article: www.golem.de/news/fosdem-2026-wo-das-herz-der-freien-welt-schlaegt-2602-204902.html
-
AutoPentestX Introduced as Automated Penetration Testing Toolkit for Linux Systems
AutoPentestX, an open-source automated penetration testing framework designed to streamline vulnerability assessment and security testing workflows on Linux systems. The toolkit consolidates multiple security testing capabilities into a unified platform for ethical hacking and security auditing operations. Developed by security researcher Gowtham-Darkseid, AutoPentestX automates the execution of common penetration testing procedures through modular architecture and…
-
When responsible disclosure becomes unpaid labor
Tags: ai, bug-bounty, ciso, cloud, compliance, control, credentials, cve, cvss, cybersecurity, data, email, exploit, finance, flaw, governance, healthcare, incident response, infrastructure, jobs, open-source, ransom, risk, security-incident, service, software, threat, tool, update, vulnerability, warfaresupposed to function and how it increasingly does in practice. Enter the gray zone of ethical disclosure: The result is a growing gray zone between ethical research and adversarial pressure. Based on years of reporting on disclosure disputes, that gray zone tends to emerge through a small set of recurring failure modes.Silent treatment and severity…
-
Open-source AI pentesting tools are getting uncomfortably good
AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/open-source-ai-pentesting-tools-test/
-
Pompelmi: Open-source secure file upload scanning for Node.js
Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/pompelmi-open-source-secure-file-upload-scanning-node-js/
-
The Great Shift: Cybersecurity Predictions for 2026 and the New Era of Threat Intelligence
<div cla As we look back on 2025, AI and open source have fundamentally changed how software is built. Generative AI, automated pipelines, and ubiquitous open source have dramatically increased developer velocity and expanded what teams can deliver, while shifting risk into the everyday decisions developers make as code is written, generated, and assembled. First…
-
Startup Amutable plotting Linux security overhaul to counter hacking threats
Tags: attack, backdoor, ceo, cloud, computer, computing, container, cve, cybercrime, data, exploit, fortinet, hacking, infrastructure, kubernetes, linux, microsoft, open-source, skills, software, startup, supply-chain, technology, threat, tool, training, vpn, vulnerabilitysystemd, he has alongside him two other ex-Microsoft employees, Chris Kühl as CEO, and Christian Brauner as CTO.A clue to Amutable’s plans lies in the announcement’s emphasis on some of its founders’ backgrounds in Kubernetes, runc, LXC, Incus, and containerd, all connected in different ways to the Linux container stack. Computing is full of security…
-
OpenClaw AI Runs Wild in Business Environments
The popular open source AI assistant (aka ClawdBot, MoltBot) has taken off, raising security concerns over its privileged, autonomous control within users’ computers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/openclaw-ai-runs-wild-business-environments