Tag: open-source
-
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
<div cla Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won’t simply use automation, but also abuse victims’ AI tools: First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sandworm_mode-the-rise-of-adaptive-supply-chain-worms/
-
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
<div cla Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won’t simply use automation, but also abuse victims’ AI tools: First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sandworm_mode-the-rise-of-adaptive-supply-chain-worms-2/
-
North Korean Hackers Target Developers Through npm Packages
Open-source ecosystems power modern software development. Millions of developers rely on public repositories to accelerate innovation and reduce development time. That trust, however, is increasingly being weaponized. New reporting from The Hacker News reveals that North Korean threat actors have published 26 malicious packages to the npm registry in an attempt to compromise developer environments…
-
NDSS 2025 SHAFT: Secure, Handy, Accurate And Fast Transformer Inference
Authors, Creators & Presenters: (All Via The Chinese University of Hong Kong) Andes Y. L. Kei, Sherman S. M. Chow PAPER SHAFT: Secure, Handy, Accurate and Fast Transformer Inference Adoption of transformer-based machine learning models is growing, raising concerns about sensitive data exposure. Nonetheless, current secure inference solutions incur substantial overhead due to their extensive…
-
BlacksmithAI: Open-source AI-powered penetration testing framework
BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. A multi-agent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/02/blacksmithai-open-source-ai-powered-penetration-testing-framework/
-
CVE-2025-64328 exploitation impacts 900 Sangoma FreePBX instances
About 900 Sangoma FreePBX systems were infected with web shells after attackers exploited a command injection flaw. Hundreds of Sangoma FreePBX instances are still infected with web shells following attacks that began in December 2025. Sangoma FreePBX is an open-source, web-based platform for managing Asterisk-powered VoIP phone systems. Maintained by Sangoma Technologies, it allows businesses…
-
NDSS 2025 Enhancing Security In Third-Party Library Reuse
Tags: conference, detection, Internet, network, open-source, programming, software, tool, update, vulnerabilitySession 14A: Software Security: Applications & Policies Authors, Creators & Presenters: Shangzhi Xu (The University of New South Wales), Jialiang Dong (The University of New South Wales), Weiting Cai (Delft University of Technology), Juanru Li (Feiyu Tech), Arash Shaghaghi (The University of New South Wales), Nan Sun (The University of New South Wales), Siqi Ma…
-
IronCurtain: An open-source, safeguard layer for autonomous AI assistants
Veteran security engineer Niels Provos is working on a new technical approach designed to stop autonomous AI agents from taking actions you haven’t specifically authorized. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/ironcurtain-open-source-ai-agent-security/
-
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer Environments
Malicious actors are abusing Go’s open-source ecosystem by deploying a backdoored crypto module that steals passwords and installs a Rekoobe Linux backdoor on developer and CI environments. The package imitates Go’s trusted cryptography library to turn ordinary password prompts into a full compromise chain quietly. On pkg.go.dev it appears as a normal cryptography library with…
-
Log4j am Limit: KI-Schrott lähmt Open-Source-Projekt
Massig KI-generierte Bug-Reports bremsen die Entwicklung von Open-Source-Tools wie Log4j. Ein Entwickler schlägt Alarm und will Lösungen sehen. First seen on golem.de Jump to article: www.golem.de/news/log4j-am-limit-ki-schrott-laehmt-open-source-projekt-2602-205903.html
-
OpenClaw Vulnerability Exposes How an Open-Source AI Agent Can Be Hijacked
When the open-source AI agent for OpenClaw burst onto the scene, it did so with astonishing speed. In just five days, the project surpassed 100,000 stars on GitHub, becoming one of the fastest-growing open-source AI tools in history. Developers quickly embraced it as a personal assistant that could run locally, plug into calendars and messaging platforms, execute…
-
OpenClaw Insights: A CISO’s Guide to Safe Autonomous Agents FireTail Blog
Tags: access, ai, api, breach, ciso, compliance, control, data, data-breach, detection, endpoint, finance, firewall, framework, governance, guide, LLM, network, open-source, risk, risk-management, software, strategy, technology, tool, vulnerabilityFeb 27, 2026 – Alan Fagan – The “OpenClaw” crisis has board members asking, “Could this happen to us?” The answer isn’t to ban AI agents. It’s to govern them. By now, the dust is settling on the OpenClaw (aka MoltBot) incident. The technical post-mortems (including our own) have been written, the exposed ports have…
-
This AI Agent Is Designed to Not Go Rogue
The new open source project IronCurtain uses a unique method to secure and constrain AI assistant agents before they flip your digital life upside down. First seen on wired.com Jump to article: www.wired.com/story/ironcurtain-ai-agent-security/
-
ServiceNow AVR + Contrast Security: Better together
<div cla Struggling with application vulnerability management? Managing remediation of application vulnerabilities to limit risk can be challenging. Organizations may have hundreds or thousands of applications to secure with thousands of interlocking components, such as third-party libraries and open-source code. This distributed architecture expands the attack surface, making it hard to monitor and secure. On…
-
AI-Driven Development Fuels Surge in Open Source Vulnerabilities, Black Duck Finds
A sharp rise in AI-assisted software development is driving unprecedented increases in open source security and licensing risk, according to new research from Black Duck. The company’s 2026 Open Source Security and Risk Analysis (OSSRA) report reveals that vulnerabilities in commercial software codebases have more than doubled year-on-year, highlighting growing concerns that organisations are producing…
-
Open-source security debt grows across commercial software
Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/open-source-vulnerability-surge-risk-analysis/
-
VirtualBox – 7 Zero-Day-Schwachstellen in Open-Source-Lösung von Oracle
First seen on security-insider.de Jump to article: www.security-insider.de/oracle-virtualbox-zero-day-sicherheitsluecken-a-eb3c07e756b4939344dad321a4eec6a5/
-
Hottest cybersecurity open-source tools of the month: February 2026
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Pompelmi: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/hottest-cybersecurity-open-source-tools-of-the-month-february-2026/
-
The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web
OpenClaw has sparked heavy Telegram and dark web chatter, but Flare’s data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills marketplace, yet limited signs of large-scale criminal operationalization. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-openclaw-hype-analysis-of-chatter-from-open-source-deep-and-dark-web/
-
Digitale Infrastruktur-Souveränität – Europäische und moderne Open Source IT-Lösungen
First seen on security-insider.de Jump to article: www.security-insider.de/europaeische-und-moderne-open-source-it-loesungen-a-c8e26b4dbe0134834d7b4b3bc08d3d76/
-
Microsoft adds domain libraries and Copilot integration to the quantum development kit
The Microsoft Quantum Development Kit (QDK) is an open-source toolkit that runs on laptops and in common development environments. It includes code, simulators, libraries, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/microsoft-quantum-development-kit-qdk/
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Anthropic’s Claude Code Security rollout is an industry wakeup call
Anchors security posture to the model: However, those assurances didn’t make all concerns evaporate. “The moment those vibe coders plug a foundation model into their CI pipeline, their entire security posture is no longer anchored only to the company’s code,” I-Gentic AI CEO Zahra Timsah pointed out.”It is anchored to the current behavior of that model.…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
Jenkins Vulnerabilities Exposes Build Environments to XSS Attacks
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18, 2026, two vulnerabilities were detailed in the core Jenkins software. The most significant issue is a stored cross-site scripting (XSS) vulnerability that could allow attackers to inject malicious scripts into…
-
Coroot: Open-source observability and APM tool
Coroot is an open-source observability and application performance monitoring tool. The core software, published in Go and accompanied by companion repositories such as … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/coroot-open-source-observability-apm-tool/