Tag: open-source
-
Hottest cybersecurity open-source tools of the month: March 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/hottest-cybersecurity-open-source-tools-of-the-month-march-2026/
-
ShipSec Studio brings open-source workflow orchestration to security operations
Security teams have long relied on a mix of shell scripts, cron jobs, and loosely connected tools to chain reconnaissance and vulnerability scanning work together. ShipSec … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/shipsec-studio-security-workflow-automation-platform/
-
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-infinity-stealer-malware-grabs-macos-data-via-clickfix-lures/
-
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windowscredentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
-
CISA Flags Critical Flaw in Grassroots DICOM Imaging Library
Researcher: If Exploited, Bug Could Crash Hospital Medical Imaging Systems. The Cybersecurity Infrastructure and Security Agency is warning of a high severity in Grassroots DICOM, an open-source library commonly used for medical imaging products, that if exploited could allow an attacker to send a specially crafted file resulting in a denial-of-service situation. First seen on…
-
CISA Adds Critical Aquasecurity Trivy Scanner Vulnerability to KEV Catalog
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, malicious, open-source, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targets continuous integration and continuous deployment (CI/CD) environments. Because Trivy is a widely adopted open-source vulnerability scanner used natively within…
-
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history.Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large Language Models (LLMs). LangGraph is built on the foundations of First seen on thehackernews.com Jump to…
-
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windowscredentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
-
Silicon Valley’s two biggest dramas have intersected: LiteLLM and Delve
LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/26/delve-did-the-security-compliance-on-litellm-an-ai-project-hit-by-malware/
-
Delve did the security compliance on LiteLLM, an AI project hit by malware
LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/25/delve-did-the-security-compliance-on-litellm-an-ai-project-hit-by-malware/
-
PolyShell attacks target 56% of all vulnerable Magento stores
Attacks leveraging the ‘PolyShell’ vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/polyshell-attacks-target-56-percent-of-all-vulnerable-magento-stores/
-
Supply chain attack hits widely-used AI package, risks impacting thousands of companies
The incident highlights growing concerns over the security of the open-source software supply chain, where widely-used tools maintained by small teams can provide a gateway into thousands of organizations if compromised. First seen on therecord.media Jump to article: therecord.media/supply-chain-attack-hits-widely-used-ai-package
-
NetRise Launches Provenance to Map Who Is Behind Open Source Components and How Risk Spreads
NetRise launched NetRise Provenance on March 24 at RSAC 2026, a new product that adds contributor-level visibility to software supply chain analysis. Where most supply chain tools stop at identifying components and vulnerabilities, Provenance goes a layer deeper: mapping which humans and organizations are behind the open source packages inside enterprise software and connected devices,..…
-
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
Tags: access, breach, business, ceo, control, credentials, extortion, github, incident response, Internet, malicious, mandiant, open-source, saas, software, supply-chain, theft, updateA pattern of persistent access: This is the second compromise affecting the Trivy ecosystem within roughly a month. Socket identified compromised Aqua Trivy VS Code extension releases on OpenVSX in late February, and now trivy-action, Trivy’s official GitHub Action for running scans in CI/CD workflows, has been abused through manipulated version tags to distribute malicious…
-
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
Tags: access, advisory, api, attack, cloud, container, credentials, data, exploit, extortion, github, group, infrastructure, malicious, malware, open-source, pypi, supply-chain, tactics, tool, vulnerabilityAn expanding supply-chain campaign: The LiteLLM incident has been confirmed to be a part of the rapidly unfolding TeamPCP supply chain campaign that first compromised Trivy.Trivy, developed by Aqua Security, is a widely used open-source vulnerability scanner designed to identify security issues in container images, file systems, and infrastructure-as-code (IaC) configurations. The ongoing attack, attributed…
-
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/teampcp-supply-chain-attacks/
-
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/teampcp-supply-chain-attacks/
-
GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise
A critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnerability stems from hardcoded default credentials that remain active unless manually altered by an administrator. Harbor functions as an open-source, OCI-compliant registry project designed to store, sign, and manage container images. Because it plays a…
-
F5″¯NGINX Plus Open”‘Source Flaw Lets Attackers Execute Code via MP4 File
F5 has disclosed a high-severity vulnerability (CVE-2026-32647) in the NGINX ngx_http_mp4_module that allows attackers execute arbitrary code or cause a denial-of-service (DoS) using crafted MP4 files. This flaw impacts NGINX Plus and NGINX Open Source deployments where the MP4 streaming module is explicitly enabled in the server configuration. Vulnerability Details The security flaw, tracked as CVE-2026-32647, is…
-
Open Source mit professioneller Unterstützung – Keycloak: mächtig, aber auch mächtig komplex
Tags: open-sourceFirst seen on security-insider.de Jump to article: www.security-insider.de/keycloak-open-source-iam-komplex-betrieb-a-eaffad3552779d880227512fb4658682/
-
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious code into versions 1.82.7 and 1.82.8. This devastating supply chain attack directly follows the group’s…
-
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious code into versions 1.82.7 and 1.82.8. This devastating supply chain attack directly follows the group’s…
-
Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity
Tags: attack, cyber, github, malicious, open-source, risk, software, supply-chain, threat, vulnerabilityA sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silently exfiltrate sensitive credentials. While Aqua’s commercial products remain completely unaffected, the incident highlights the severe risks of using mutable version tags in deployment automation. The attack…
-
ProjectDiscovery Launches Neo, an Autonomous Pentesting Platform, at RSAC 2026
ProjectDiscovery launched Neo commercially at RSAC 2026, bringing an autonomous penetration testing platform to market after winning the RSAC Innovation Sandbox in 2025. Neo performs end-to-end penetration tests, validates findings against live applications, and delivers what the company calls pentester-grade evidence. The platform is built by the team behind Nuclei, the open source vulnerability scanner..…
-
Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack
Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims. First seen on cyberscoop.com Jump to article: cyberscoop.com/trivy-supply-chain-attack-aqua-downstream-extortion-fallout/
-
Self-propagating malware poisons open source software and wipes Iran-based machines
Development houses: It’s time to check your networks for infections. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/03/self-propagating-malware-poisons-open-source-software-and-wipes-iran-based-machines/
-
Why CISOs should embrace AI honeypots
Tags: access, ai, api, attack, breach, business, ciso, credentials, cyberattack, cybercrime, cybersecurity, data, defense, detection, exploit, hacker, LLM, mitigation, open-source, RedTeam, risk, service, threat, tool, vulnerabilityWhy CISOs should consider honeypots: Another player in the AI honeypot space is Deutsche Telekom (DT). The firm is both a user and purveyor of AI-powered honeypots through its free, open-source platform ‘T-Pot.’ The most obvious advantage to their use, explains Marco Ochse, DT’s lead for threat analytics and mitigation, lies in how little these…
-
Wenn KI auf Kubernetes trifft: Sysdig feiert 10 Jahre Falco
Diese Jubiläumsankündigung zeigt vor allem eines: Open Source lebt von Engagement und von Unternehmen, die bereit sind, Verantwortung für die Technologien zu übernehmen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-ki-auf-kubernetes-trifft-sysdig-feiert-10-jahre-falco/a44262/