Tag: open-source
-
Open-source software: A first attempt at organization after CRA
by
in SecurityNewsThe open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary softwar… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/05/open-source-cra/
-
EDRsandblast Exploited: How Attackers are Weaponizing Open-Source Code
by
in SecurityNewsUnit 42 researchers recently uncovered the toolkit of an extortionist during an investigation where a threat actor attempted to evade endpoint detecti… First seen on securityonline.info Jump to article: securityonline.info/edrsandblast-exploited-how-attackers-are-weaponizing-open-source-code/
-
Whispr: Open-source multi-vault secret injection tool
by
in SecurityNewsWhispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly in… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/04/whispr-open-source-multi-vault-secret-injection-tool/
-
AI Bug Bounty Program Yields 34 Flaws In Open Source Tools
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36535/AI-Bug-Bounty-Program-Yields-34-Flaws-In-Open-Source-Tools.html
-
OpenPaX: Open-source kernel patch that mitigates memory safety errors
by
in SecurityNewsOpenPaX is an open-source kernel patch that mitigates common memory safety errors, re-hardening systems against application-level memory safety attack… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/01/openpax-open-source-kernel-patch/
-
Open Source LLM Tool Sniffs Out Python Zero-Days
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/open-source-llm-tool-finds-python-zero-days
-
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
by
in SecurityNewsRussian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver Dark… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/gophish-framework-used-in-phishing.html
-
Tool-Tipp 34 Keycloak – Zentrale Verwaltung von Identitäten und Rollen mit Open Source
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/keycloak-open-source-iam-verwaltung-a-8d59caf4f95508e43263040e71a36c91/
-
Open-Source AI, ML Tools Plagued With Vulnerabilities
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/open-source-ai-ml-tools-plagued-with-vulnerabilities
-
AI bug bounty program yields 34 flaws in open-source tools
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/ai-bug-bounty-program-yields-34-flaws-in-open-source-tools
-
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
by
in SecurityNewsUnknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a … First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html
-
North Korean Cyber Espionage Group Tenacious Pungsan Compromises Open-Source Repositories with Backdoored npm Packages
by
in SecurityNewsIn a recent report, the Datadog Security Research Team exposed the latest nefarious activities of the Tenacious Pungsan group, a North Korean cyber-es… First seen on securityonline.info Jump to article: securityonline.info/north-korean-cyber-espionage-group-tenacious-pungsan-compromises-open-source-repositories-with-backdoored-npm-packages/
-
AWS CDK Vulnerabilities Let Takeover S3 Bucket
by
in SecurityNewsA significant security vulnerability was uncovered in the AWS Cloud Development Kit (CDK), an open-source framework widely used by developers to defin… First seen on gbhackers.com Jump to article: gbhackers.com/aws-cdk-vulnerabilities/
-
Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
by
in SecurityNewsThreat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions an… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/hackers-abuse-edrsilencer-tool-to.html
-
ONCD releases request for information: Open-source software security
by
in SecurityNewsOpen-source software is a collective partnership across the development community that requires both private and public buy-in. However, securing open… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/oncd-releases-request-for-information-open-source-software/
-
Unterstützung bei globalen Open-Source-Regularien – Eclipse Foundation gründet Open Regulatory Compliance Working Group
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/open-regulatory-compliance-working-group-eclipse-foundation-a-83ef950496a450b16449ae38c65b0255/
-
San Francisco billboards call out tech firms for not paying for open source
by
in SecurityNews
Tags: open-sourceFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/25/open_source_funding_ads/
-
LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/llmjacking-opensource-surge-2024/
-
Argus: Open-source information gathering toolkit
by
in SecurityNews
Tags: open-sourceArgus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of po… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/23/argus-open-source-information-gathering-toolkit/
-
New Scoring System Helps Secure the Open Source AI Model Supply Chain
by
in SecurityNewsAI models from Hugging Face can contain similar hidden problems to OSS downloads from repositories such as GitHub. The post New Scoring System Helps S… First seen on securityweek.com Jump to article: www.securityweek.com/new-scoring-system-helps-secure-the-open-source-ai-model-supply-chain/
-
Open Source Software unbestreitbare Vorteile sowie Risiken
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/open-source-software-unbestreitbar-vorteile-risiken
-
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
by
in SecurityNewsCybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart P… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html
-
New AI Tool To Discover 0-Days At Large Scale With A Click Of A Button
by
in SecurityNewsVulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI proje… First seen on gbhackers.com Jump to article: gbhackers.com/ai-0-day-discovery-tool/
-
Socket Raises $40 Million for Supply Chain Security Tech
by
in SecurityNewsSocket has raised $40 million in a Series B funding round to work on open source software supply chain security technology. The post Socket Raises $40… First seen on securityweek.com Jump to article: www.securityweek.com/socket-raises-40-million-for-supply-chain-security-tech/
-
Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign
by
in SecurityNewsHackers exploited a now-patched Roundcube flaw in a phishing attack to steal user credentials from the open-source webmail software. Researchers from … First seen on securityaffairs.com Jump to article: securityaffairs.com/170055/hacking/roundcube-flaw-exploited-in-phishing-attack.html
-
Talos discovers denialservice vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC
by
in SecurityNewsFirst seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/talos-discovers-denial-of-service-vulnerability-in-microsoft-audio-bus-potential-remote-code-execution-in-popular-open-source-plc/
-
Aranya: Open-source toolkit to accelerate secure by design concepts
by
in SecurityNewsSpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the compa… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/21/aranya-open-source-toolkit-secure-by-design/
-
Socket Accelerates Open-Source Security With $40M Series B
by
in SecurityNewsSocket Plans to Triple Headcount After Big Growth, Deliver Open-Source Tools Faster. A $40 million Series B investment will support Socket in rapidly … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/socket-accelerates-open-source-security-40m-series-b-a-26576
-
GhostStrike: Open-source tool for ethical hacking
by
in SecurityNewsGhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniqu… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/17/ghoststrike-open-source-tool-ethical-hacking/