Tag: open-source
-
Product showcase: NetGuard open-source firewall for Android
NetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/08/product-showcase-netguard-open-source-firewall-android/
-
One keypress is all it takes to compromise four AI coding tools
Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/07/trustfall-ai-coding-cli-vulnerability-research/
-
UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools
A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDraft and CloudSorcerer with aggressive network reconnaissance and credential theft. Researchers assess with high confidence…
-
Open-source MCP server monitoring for Python apps
Pythonic Model Context Protocol servers handle tool calls, session events, module imports, and subprocess activity. BlueRock has released MCP Python Hooks, an open source … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/07/bluerock-mcp-python-hooks-mcp-server-monitoring/
-
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems.vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent…
-
AIMap: Open-source tool finds and tests exposed AI endpoints
Public-facing Ollama servers, MCP endpoints, and inference proxies have multiplied across the internet over the past year, often deployed without authentication or rate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/aimap-ai-attack-surface-discovery/
-
Zero-Auth Vulnerability Enables Cross-Tenant Access at DoD Contractor
A severe authorization vulnerability was recently discovered in Schemata, an AI-powered virtual training platform serving the United States Department of Defense. Security researcher Alex Schapiro, utilizing the open-source AI hacking agent Strix, identified a critical lack of API authorization. Backed by Andreessen Horowitz, Schemata holds active government contracts to provide immersive 3D simulations for various…
-
AWS open sources Trusted Remote Execution to control what AI agents touch
Production scripts that read a log file generally hold the same permissions as scripts that delete one. The execution context decides what gets touched, and that gap widens … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/aws-trusted-remote-execution-rex/
-
The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-miss/
-
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don’t Check.
Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-dont-check/
-
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Tags: attack, cve, exploit, flaw, injection, open-source, remote-code-execution, threat, vulnerabilityThreat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck.The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution.”MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code…
-
Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk
Tags: cyber, exploit, Internet, open-source, remote-code-execution, risk, software, threat, vulnerabilityQualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industrial Internet of Things devices without requiring user interaction. The semiconductor giant is strongly urging original equipment manufacturers to deploy…
-
How Mythos Signals Cybersecurity Disruption
Tags: access, ai, attack, banking, browser, business, cybersecurity, data, exploit, finance, government, hacker, healthcare, infrastructure, microsoft, open-source, risk, software, technology, tool, update, vulnerability, zero-dayWhat is Mythos Mythos is Anthropic’s latest AI model, and it is stirring up a tornado of concern in cybersecurity circles. Even before its release, Mythos discovered thousands of new sensitive vulnerabilities in commercial and open-source software, including all major operating systems and web browsers. One was in existence for over 27 years without the industry…
-
âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches.While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and…
-
Cisco Launches AI Provenance Tool to Strengthen Security and Compliance
Artificial intelligence models are integrated into countless enterprise applications, but knowing exactly where these models come from remains a major security hurdle. Cisco recently launched the Model Provenance Kit, an open-source tool for tracing the exact lineage of AI models. This release aims to bring transparency to complex AI supply chains and help organizations meet…
-
How CISOs should utilize data security posture management to inform risk
Tags: access, ai, automation, business, ciso, compliance, control, cyber, data, detection, finance, iam, incident response, monitoring, open-source, remote-code-execution, risk, service, siem, software, tool, update, vulnerabilityApplying the principles at any maturity level: Whether you’re working with a full DSPM platform, a lightweight open-source scanner or even manual data inventories, CISOs can use this thinking to apply quantification (or at least an order of magnitude) to risk decisions. For example, you may have a written policy in place that a database…
-
Pipelock: Open-source AI agent firewall
AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/pipelock-open-source-ai-agent-firewall/
-
Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security
Cisco’s open-source Model Provenance Kit helps organizations verify AI model origins, trace lineage, and reduce AI supply chain security risks. The post Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-model-provenance-kit-ai-supply-chain-security/
-
Open-source privacy proxy masks PII before prompts reach external AI services
Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/01/open-source-pii-privacy-proxy/
-
Socket Buys Secure Annex to Expand Supply-Chain Visibility
Combined Platform Spans Dependencies, Extensions, Developer Tools. Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/socket-buys-secure-annex-to-expand-supply-chain-visibility-a-31562
-
Cisco releases open-source toolkit for verifying AI model lineage
Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/cisco-ai-model-provenance-kit/
-
Cisco releases open-source toolkit for verifying AI model lineage
Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/cisco-ai-model-provenance-kit/
-
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators
Tags: access, ai, cisa, communications, control, data-breach, detection, firewall, guide, infrastructure, network, open-source, siem, tactics, tool, vpn, zero-trustWhat it means for security teams: The publication closes a gap that CISA’s Zero Trust Maturity Model 2.0 acknowledged, having stated it did not address challenges specific to operational technology. It follows February’s Barriers to Secure OT Communications and earlier CISA warnings that exposed VPNs, firewalls, and legacy edge devices remain the dominant entry points…
-
Qinglong Task Scheduler RCE Flaws Exploited in the Wild
Tags: authentication, cyber, exploit, flaw, hacker, malware, open-source, rce, remote-code-execution, vulnerabilityHackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vulnerable servers. Qinglong is a self-hosted task management platform used by developers to automate background tasks using Python, JavaScript, Shell, and TypeScript scripts. With…
-
Warp open sources its AI terminal client
Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/warp-open-source-client/
-
Warp open sources its AI terminal client
Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/warp-open-source-client/
-
Warp open sources its AI terminal client
Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/warp-open-source-client/
-
Warp open sources its AI terminal client
Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/warp-open-source-client/
-
Warp open sources its AI terminal client
Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/warp-open-source-client/