Tag: open-source
-
Critical Django Flaw Allows DoS and SQL Injection Attacks
The Django Software Foundation has issued emergency security patches addressing six critical vulnerabilities affecting multiple versions of the popular Python web framework. Released on February 3, 2026, the updates fix severe flaws that could enable attackers to execute SQL injection attacks, cause denial-of-service conditions, and enumerate user accounts.”‹ Django is a widely used open-source Python…
-
Sicherheitsexperten warnen: Open-Source-KI könnte zu gravierendem Security-Problem werden
First seen on t3n.de Jump to article: t3n.de/news/sicherheitsexperten-warnen-open-source-ki-gravierendes-security-problem-1727710/
-
The ‘Invisible Risk’: 1.5 Million Unmonitored AI Agents Threaten Corporate Security
A massive >>invisible workforce<< of autonomous digital workers has arrived in the corporate world, but new research suggests it may be operating largely out of control. Large enterprises across the U.S. and UK have already deployed 3 million AI agents, according to a study released by Gravitee, an open-source leader in API and agentic management……
-
Compromise of Notepad++ Equals Software Supply Chain Fallout
Tags: attack, backdoor, china, exploit, group, infrastructure, open-source, software, supply-chain, vulnerability, windowsHacked Infrastructure Delivered Chinese Nation-State Group’s Backdoor, Experts Warn. The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors. First seen on…
-
ChatGPT hat die Welt verändert, OpenClaw krempelt sie um
Zurzeit überschlagen sich die Einschätzungen und News zum neuen KI-Agenten OpenClaw/Moltbot. Nash Borges, Vice President of Engineering and Data Science bei Sophos hat sich den Bot näher angesehen und hat eine dedizierte Meinung zum neuen KI-Supertool: Wer hätte gedacht, dass wir nur ein Open-Source-Projekt vom bedeutendsten Paradigmenwechsel in der künstlichen Intelligenz (KI) seit ChatGPT entfernt…
-
Sandisk brings SPRandom to open source for large SSD testing
Tags: open-sourceEnterprise storage environments already run long qualification cycles as solid-state drive capacities rise and validation teams try to mirror production workloads. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/sprandom-open-source-ssd-testing/
-
Open-Source-Alternative zu WSUS für Windows, Linux und macOS – Nach dem WSUS-Ende wird OPSI zur kostenlosen Alternative
First seen on security-insider.de Jump to article: www.security-insider.de/opsi-wsus-alternative-open-source-a-d6d2a3f7544135385bfbec3a62fe7bae/
-
Apache Syncope Vulnerability Allows Attackers to Hijack Active User Sessions
Apache Syncope, a popular open-source identity and access management platform, has disclosed a critical XML External Entity (XXE) vulnerability in its Console component. The vulnerability, tracked as CVE-2026-23795, allows authenticated administrators to execute XXE attacks and extract sensitive data from affected systems. Security researchers Follycat and Y0n3er discovered the flaw, which affects multiple versions of…
-
APT28 Leverages CVE-2026-21509 in Operation Neusploit
IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
-
Open-source attacks move through normal development workflows
Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/
-
Product showcase: 2FAS Auth Free, open-source 2FA for iOS
Online accounts usually rely on a password, but passwords alone can be weak if they’re reused, easily guessed, or stolen. Two-factor authentication (2FA) adds a second layer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/product-showcase-2fas-auth-free-open-source-2fa-ios/
-
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.The development comes shortly First seen…
-
Over 21,000 OpenClaw AI Instances Leak Personal Configuration Data
The open-source AI assistant OpenClaw experienced explosive growth, expanding from approximately 1,000 active instances to over 21,000 in just seven days. Created by Austrian developer Peter Steinberger, the personal AI assistant integrates with email, calendars, smart-home systems, and food-delivery services, enabling it to perform actions far beyond those of traditional chatbots. The project’s rapid evolution…
-
Fosdem 2026: Wo das Herz der freien Welt schlägt
Tags: open-sourceDie Open-Source-Konferenz der Superlative wird politischer. Denn: Wenn die Demokratie verschwinde, verschwinde auch Open Source. First seen on golem.de Jump to article: www.golem.de/news/fosdem-2026-wo-das-herz-der-freien-welt-schlaegt-2602-204902.html
-
AutoPentestX Introduced as Automated Penetration Testing Toolkit for Linux Systems
AutoPentestX, an open-source automated penetration testing framework designed to streamline vulnerability assessment and security testing workflows on Linux systems. The toolkit consolidates multiple security testing capabilities into a unified platform for ethical hacking and security auditing operations. Developed by security researcher Gowtham-Darkseid, AutoPentestX automates the execution of common penetration testing procedures through modular architecture and…
-
When responsible disclosure becomes unpaid labor
Tags: ai, bug-bounty, ciso, cloud, compliance, control, credentials, cve, cvss, cybersecurity, data, email, exploit, finance, flaw, governance, healthcare, incident response, infrastructure, jobs, open-source, ransom, risk, security-incident, service, software, threat, tool, update, vulnerability, warfaresupposed to function and how it increasingly does in practice. Enter the gray zone of ethical disclosure: The result is a growing gray zone between ethical research and adversarial pressure. Based on years of reporting on disclosure disputes, that gray zone tends to emerge through a small set of recurring failure modes.Silent treatment and severity…
-
Open-source AI pentesting tools are getting uncomfortably good
AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/open-source-ai-pentesting-tools-test/
-
Pompelmi: Open-source secure file upload scanning for Node.js
Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/pompelmi-open-source-secure-file-upload-scanning-node-js/
-
The Great Shift: Cybersecurity Predictions for 2026 and the New Era of Threat Intelligence
<div cla As we look back on 2025, AI and open source have fundamentally changed how software is built. Generative AI, automated pipelines, and ubiquitous open source have dramatically increased developer velocity and expanded what teams can deliver, while shifting risk into the everyday decisions developers make as code is written, generated, and assembled. First…
-
Startup Amutable plotting Linux security overhaul to counter hacking threats
Tags: attack, backdoor, ceo, cloud, computer, computing, container, cve, cybercrime, data, exploit, fortinet, hacking, infrastructure, kubernetes, linux, microsoft, open-source, skills, software, startup, supply-chain, technology, threat, tool, training, vpn, vulnerabilitysystemd, he has alongside him two other ex-Microsoft employees, Chris Kühl as CEO, and Christian Brauner as CTO.A clue to Amutable’s plans lies in the announcement’s emphasis on some of its founders’ backgrounds in Kubernetes, runc, LXC, Incus, and containerd, all connected in different ways to the Linux container stack. Computing is full of security…
-
OpenClaw AI Runs Wild in Business Environments
The popular open source AI assistant (aka ClawdBot, MoltBot) has taken off, raising security concerns over its privileged, autonomous control within users’ computers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/openclaw-ai-runs-wild-business-environments
-
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities
Tags: ai, attack, best-practice, breach, cve, cyber, data, exploit, kali, linux, network, open-source, tool, update, vulnerabilityFrom an Anthropic blog post: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous…
-
Outtake Gets $40M to Grow Automated Threat Response
Agents Fuel Digital Risk Protection, Open-Source Intel Adoption in Regulated Spaces. Outtake will invest $40 million to grow its automated platform for digital risk protection and open-source threat intelligence. CEO Alex Dhillon says the New York-based startup’s agent-led model stands apart by replacing manual labor with scalable AI workflows. First seen on govinfosecurity.com Jump to…
-
Report: Open Source Malware Instances Increased 73% in 2025
ReversingLabs this week published a report that finds there was a 73% increase in the number of malicious open source packages discovered in 2025 compared with the previous year. More than 10,000 malicious open source packages were discovered, most of which involved node package managers (npms) that cybercriminals were using to compromise software supply chains……
-
Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast “unmanaged, publicly accessible layer of AI compute infrastructure” that spans 175,000 unique Ollama hosts across 130 countries.These systems, which span both cloud and residential networks across the world, operate outside the First seen…
-
BlackIce Introduced as Container-Based Red Teaming Toolkit for AI Security Testing
Databricks introduced BlackIce at CAMLIS Red 2025, an open-source containerized toolkit that consolidates 14 widely-used AI security tools into a single, reproducible environment. This innovation addresses critical pain points in AI red teaming by eliminating complex setup procedures and dependency conflicts that traditionally hinder security testing workflows. AI red teamers face four persistent obstacles that…
-
EU’s answer to CVE solves dependency issue, adds fragmentation risks
Tags: access, ai, china, cisco, cve, cyber, cybersecurity, data, dos, exploit, finance, governance, grc, infrastructure, intelligence, international, nvd, open-source, risk, service, software, threat, tool, vulnerability, vulnerability-managementCoordinated disclosure: Nik Kale, principal engineer and product architect at Cisco Systems, says GCVE’s main challenge comes from building a platform that the security community can rely on for coordinated disclosure and remediation.”Viability depends far more on governance than on the data itself,” Kale says. “That includes clear attribution rules, transparent CNA processes, predictable decision-making,…
-
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability. OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw. Cybersecurity firm Aisle discovered the twelve vulnerabilities. The addressed issues are mainly tied to memory safety, parsing robustness, and resource handling.…
-
Open-source malware zeroes in on developer environments
Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/report-open-source-malware-activity/