Tag: open-source

Zero-Click RCE in Claude Desktop: CVSS-Score von 10/10

Feb 12, 2026 9:58 AM

Tags: bug, cvss, open-source, rce, remote-code-execution, vulnerability

Diesmal gibt es eine Sicherheitslücke in Agenten, und zwar nicht in irgendeinem experimentellen Open-Source-Projekt, sondern in Claude Desktop. Die Sicherheitsfirma LayerX hat eine kritische Zero-Click RCE (Remote Code Execution) Schwachstelle in Claude Desktop Extensions (DXT) entdeckt, die über 10.000 aktive Nutzende betrifft und mit einem CVSS-Score von 10/10 bewertet wurde [1]. Das mag auf den……
What CISOs need to know about the OpenClaw security nightmare

Feb 12, 2026 8:58 AM

Tags: access, ai, api, attack, authentication, china, ciso, computer, control, corporate, credentials, email, endpoint, exploit, firewall, gartner, google, injection, mfa, microsoft, monitoring, network, open-source, openai, radius, risk, skills, startup, supply-chain, tool, vulnerability

OpenClaw exposes enterprise security gaps: The first big lesson of this whole OpenClaw situation is that enterprises need to do more to get their security fundamentals in place. Because if there are any gaps, anywhere at all, they will now be found and exploited at an unprecedented pace. In the case of OpenClaw, that means…
OpenClaw Scanner: Open-source tool detects autonomous AI agents

Feb 12, 2026 7:58 AM

Tags: ai, corporate, open-source, tool

A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate environments. The OpenClaw Scanner identifies … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/openclaw-scanner-open-source-tool-detects-autonomous-ai-agents/
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Companies are using ‘Summarize with AI’ to manipulate enterprise chatbots

Feb 12, 2026 1:58 AM

Tags: ai, cybercrime, microsoft, open-source, service, technology, tool

Pushing falsehoods: A factor driving the recent popularity of recommendation poisoning appears to be the availability of open-source tools that make it easy to hide this function behind website Summarize buttons.This raises the uncomfortable possibility that poisoned buttons aren’t being added as an afterthought by SEO developers who get carried away. More likely, the intention…
Proactive strategies for cyber resilience with Wazuh

Feb 11, 2026 7:58 PM

Tags: cyber, detection, edr, open-source, resilience, siem, strategy, threat

Cyber resilience means anticipating threats, detecting them early, and recovering fast when incidents occur. Wazuh shows how its open source SIEM and XDR unify visibility, detection, and automated response to strengthen proactive defense. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/proactive-strategies-for-cyber-resilience-with-wazuh/
Claude Opus 4.6 Exposes Hundreds of Open-Source Vulnerabilities

Feb 9, 2026 4:14 PM

Tags: flaw, open-source, vulnerability

Anthropic says Claude Opus 4.6 identified over 500 previously unknown high-severity flaws in widely used open-source libraries. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/claude-opus-4-6-exposes-hundreds-of-open-source-vulnerabilities/
UAE’s TII challenges big tech dominance with open source Falcon AI models

Feb 9, 2026 3:14 PM

Tags: ai, open-source, strategy, technology

Through its Falcon models and an open, efficiency-driven research strategy, the Technology Innovation Institute is positioning the UAE as a producer of foundational AI, not merely a consumer of global platforms First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638759/UAEs-TII-challenges-big-tech-dominance-with-open-source-Falcon-AI-models
Software developers: Prime cyber targets and a rising risk vector for CISOs

Feb 9, 2026 9:14 AM

Tags: access, ai, api, application-security, attack, automation, backdoor, breach, ceo, ciso, cloud, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, exploit, flaw, Hardware, identity, infrastructure, intelligence, Internet, jobs, leak, least-privilege, LLM, malicious, malware, marketplace, north-korea, open-source, phishing, programming, resilience, risk, saas, scam, service, social-engineering, software, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability

Credential theft and environment compromise: Attackers aren’t just looking for flaws in code “, they’re looking for access to software development environments.Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.”Improperly stored access credentials are low-hanging fruit for even the most amateur…
Allama: Open-source AI security automation

Feb 9, 2026 8:14 AM

Tags: ai, automation, detection, open-source, threat

Allama is an open-source security automation platform that lets teams build visual workflows for threat detection and response. It includes integrations with 80+ types of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/allama-open-source-ai-security-automation-platform/
New “Crypto Scanner” Tool Helps Developers Identify Quantum Risks Before Q-Day

Feb 9, 2026 7:13 AM

Tags: computer, cyber, encryption, infrastructure, open-source, risk, tool, vulnerability

With the >>Q-Day<< horizon the point when quantum computers will be capable of breaking standard encryption projected for roughly 2033, the race to secure digital infrastructure is accelerating. To aid in this transition, Quantum Shield Labs has released Crypto Scanner, a new open-source CLI tool designed to inventory and analyse cryptographic vulnerabilities in codebases before they…
New tool blocks imposter attacks disguised as safe commands

Feb 8, 2026 5:14 PM

Tags: attack, open-source, tool

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-commands/
Claude Opus 4.6: KI findet über 500 Zero-Day-Lücken in Open-Source-Software

Feb 8, 2026 2:14 PM

Tags: ai, open-source, software, zero-day

Anthropics neues Sprachmodell Claude Opus 4.6 hat in internen Tests Hunderte bislang unbekannte Sicherheitslücken aufgespürt – ohne spezielles Training. First seen on golem.de Jump to article: www.golem.de/news/claude-opus-4-6-ki-findet-ueber-500-zero-day-luecken-in-open-source-software-2602-205139.html
Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast

Feb 8, 2026 11:14 AM

Tags: attack, awareness, open-source, supply-chain, threat, update, WeeklyReview

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational awareness platform … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/08/week-in-review-notepad-supply-chain-attack-details-and-targets-patch-tuesday-forecast/
Bug Hunting With LLMs: Expert Tool Seeks More ‘True’ Flaws

Feb 6, 2026 9:14 PM

Tags: flaw, LLM, open-source, tool, vulnerability

Open Source ‘Vulnhalla’ Promises ‘Up to 96% Reduction in False Positives’. Using large language models to automatically identify only real code vulnerabilities – not false positives – remains a holy grail. Eschewing a moonshot approach, a tool called Vulnhalla helps senior researchers use guided questioning with LLMs to more rapidly triage actual vulnerabilities. First seen…
Microsoft Unveils LiteBox, a Rust-Based Approach to Secure Sandboxing

Feb 6, 2026 6:14 PM

Tags: computing, container, microsoft, open-source, rust, software

Microsoft has released LiteBox, an experimental open-source library OS designed to sandbox applications while reducing their exposure to host systems. Written in Rust and published under the MIT license, LiteBox reflects the company’s efforts to upgrade software security as confidential computing gains adoption. LiteBox takes a different path from traditional virtualization or container technologies. Rather..…
Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful

Feb 6, 2026 3:14 PM

Tags: cisa, cybersecurity, data, exploit, framework, kev, open-source, tool, vulnerability

A disconnect exists between the organization’s cybersecurity needs and lists like CISA’s KEV Catalog. KEV Collider combines data from multiple open source vulnerability frameworks to help security teams quickly assess which are important, based on their priorities. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-tool-triage-exploited-vulnerabilities-make-kev-catalog-more-useful
Claude Opus 4.6 Launches Enhanced Security Capabilities to Validate 500+ Critical Vulnerabilities

Feb 6, 2026 2:14 PM

Tags: cyber, cybersecurity, open-source, vulnerability

Anthropic has released Claude Opus 4.6, marking a significant leap in the defensive application of artificial intelligence. Released yesterday, the model has already identified and validated over 500 high-severity >>zero-day<< vulnerabilities in open-source software. This development signals a major shift in cybersecurity, moving beyond traditional brute-force testing to intelligent, reason-based analysis that mimics human security…
Digitale Souveränität: Wie Deutschland sich von US-Software löst

Feb 6, 2026 1:14 PM

Tags: cloud, germany, open-source, software

Nach Rekordbeteiligung an der EU-Konsultation treibt der Bund Open Source und souveräne Clouds voran – der Weg ist lang. First seen on golem.de Jump to article: www.golem.de/news/digitale-souveraenitaet-wie-deutschland-sich-von-us-software-loest-2602-205092.html
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Feb 6, 2026 8:14 AM

Tags: ai, flaw, intelligence, open-source, skills

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF.Claude Opus 4.6, which was launched on Thursday, comes with improved coding skills, including code review and debugging capabilities, along First seen…
OpenClaw AI Agent Sparks Global Security Alarm

Feb 5, 2026 9:56 PM

Tags: ai, data, hacker, malicious, open-source, service, skills, theft, tool

Open-Source Tool Security ‘Dumpster Fire,’ Experts Warn. An open-source AI assistant that exploded in popularity over the past month is exposing users to data theft, malicious code and runaway costs. Users can add functions called skills that connect assistants with different services – and hackers have been quick to add malicious examples. First seen on…
Microsoft develops a new scanner to detect hidden backdoors in LLMs

Feb 5, 2026 12:14 PM

Tags: ai, backdoor, ceo, computing, detection, edr, hacker, LLM, microsoft, open-source, software, supply-chain, virus

Effectiveness of the scanner: Microsoft said the scanner does not require retraining models or prior knowledge of backdoor behavior and operates using forward passes only, avoiding gradient calculations or backpropagation to keep computing costs low.The company also said it works with most causal, GPT-style language models and can be used across a wide range of…
Microsoft launches LiteBox, a security-focused open-source library OS

Feb 5, 2026 11:14 AM

Tags: microsoft, open-source

Microsoft has released LiteBox, a project intended to function as a security-focused library OS that can serve as a secure kernel for protecting a guest kernel using … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/microsoft-litebox-security-focused-open-source-library-os/
Software supply chain risks join the OWASP top 10 list, access control still on top

Feb 5, 2026 9:13 AM

Tags: access, ai, attack, authentication, backdoor, backup, breach, cloud, computer, control, credentials, cybersecurity, data, data-breach, defense, encryption, flaw, governance, identity, injection, LLM, login, malicious, mfa, open-source, password, risk, software, sql, supply-chain, threat, unauthorized, update, vulnerability

1 Broken access control When applications fail to properly enforce restrictions on what authenticated users are allowed to do, allowing attackers to access unauthorized functionality or data. For example, an attacker might manipulate an URL parameter to access another user’s account information or escalate their privileges from a regular user to an administrator. This item…
Critical n8n flaws disclosed along with public exploits

Feb 4, 2026 11:14 PM

Tags: automation, control, exploit, flaw, open-source, vulnerability

Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Feb 4, 2026 9:13 AM

Tags: malicious, microsoft, open-source, supply-chain

The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats.The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don’t end up getting…
Global Threat Map: Open-source real-time situational awareness platform

Feb 4, 2026 8:13 AM

Tags: awareness, cyber, data, open-source, threat

Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/04/global-threat-map-open-source-osint/