Tag: open-source
-
Open-source security debt grows across commercial software
Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/open-source-vulnerability-surge-risk-analysis/
-
VirtualBox – 7 Zero-Day-Schwachstellen in Open-Source-Lösung von Oracle
First seen on security-insider.de Jump to article: www.security-insider.de/oracle-virtualbox-zero-day-sicherheitsluecken-a-eb3c07e756b4939344dad321a4eec6a5/
-
Hottest cybersecurity open-source tools of the month: February 2026
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Pompelmi: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/hottest-cybersecurity-open-source-tools-of-the-month-february-2026/
-
The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web
OpenClaw has sparked heavy Telegram and dark web chatter, but Flare’s data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills marketplace, yet limited signs of large-scale criminal operationalization. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-openclaw-hype-analysis-of-chatter-from-open-source-deep-and-dark-web/
-
Digitale Infrastruktur-Souveränität – Europäische und moderne Open Source IT-Lösungen
First seen on security-insider.de Jump to article: www.security-insider.de/europaeische-und-moderne-open-source-it-loesungen-a-c8e26b4dbe0134834d7b4b3bc08d3d76/
-
Microsoft adds domain libraries and Copilot integration to the quantum development kit
The Microsoft Quantum Development Kit (QDK) is an open-source toolkit that runs on laptops and in common development environments. It includes code, simulators, libraries, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/microsoft-quantum-development-kit-qdk/
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Anthropic’s Claude Code Security rollout is an industry wakeup call
Anchors security posture to the model: However, those assurances didn’t make all concerns evaporate. “The moment those vibe coders plug a foundation model into their CI pipeline, their entire security posture is no longer anchored only to the company’s code,” I-Gentic AI CEO Zahra Timsah pointed out.”It is anchored to the current behavior of that model.…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
Jenkins Vulnerabilities Exposes Build Environments to XSS Attacks
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18, 2026, two vulnerabilities were detailed in the core Jenkins software. The most significant issue is a stored cross-site scripting (XSS) vulnerability that could allow attackers to inject malicious scripts into…
-
Coroot: Open-source observability and APM tool
Coroot is an open-source observability and application performance monitoring tool. The core software, published in Go and accompanied by companion repositories such as … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/coroot-open-source-observability-apm-tool/
-
NDSS 2025 The Midas Touch: Triggering The Capability Of LLMs For RM-API Misuse Detection
Session 13B: API Security Authors, Creators & Presenters: Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai…
-
Critical Jenkins Flaw Exposes Build Environments to XSS Attacks
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18, 2026, two vulnerabilities were detailed in the core Jenkins software. The most critical issue is a stored cross-site scripting (XSS) vulnerability that could allow attackers to inject malicious scripts into…
-
Critical Jenkins Flaw Exposes Build Environments to XSS Attacks
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18, 2026, two vulnerabilities were detailed in the core Jenkins software. The most critical issue is a stored cross-site scripting (XSS) vulnerability that could allow attackers to inject malicious scripts into…
-
Uptime Kuma: Open-source monitoring tool
Service availability monitoring remains a daily operational requirement across IT teams, SaaS providers, and internal infrastructure groups. Many environments rely on … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/20/uptime-kuma-open-source-monitoring-tool/
-
Disclosure: XWiki CSS Injection (CVE-2026-26000)
During independent security research, a CSS injection vulnerability (CVE-2026-26000) was identified in the XWiki platform. XWiki is an open-source enterprise wiki and collaboration platform commonly used for internal documentation and knowledge management. According to XWiki, the platform has over 8,000 active installations and is used by organisations such as Lenovo and Amazon, meaning vulnerabilities can”¦…
-
Disclosure: XWiki CSS Injection (CVE-2026-26000)
During independent security research, a CSS injection vulnerability (CVE-2026-26000) was identified in the XWiki platform. XWiki is an open-source enterprise wiki and collaboration platform commonly used for internal documentation and knowledge management. According to XWiki, the platform has over 8,000 active installations and is used by organisations such as Lenovo and Amazon, meaning vulnerabilities can”¦…
-
Open-source benchmark EVMbench tests how well AI agents handle smart contract exploits
Smart contract exploits continue to drain funds from blockchain projects, even as auditing tools and bug bounty programs grow. The problem is tied to how Ethereum Virtual … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/evmbench-open-source-benchmark-ai-agents/
-
OpenAI Launches EVMbench: A New Framework to Detect and Exploit Blockchain Vulnerabilities
Tags: ai, blockchain, crypto, cyber, exploit, framework, intelligence, open-source, openai, vulnerabilityOpenAI has collaborated with crypto investment firm Paradigm to release EVMbench, a new benchmark designed to evaluate how artificial intelligence agents interact with smart contract security. As smart contracts currently secure over $100 billion in open-source crypto assets, the ability of AI to successfully read, write, and audit code is becoming a critical component of…
-
OpenAI Launches EVMbench: A New Framework to Detect and Exploit Blockchain Vulnerabilities
Tags: ai, blockchain, crypto, cyber, exploit, framework, intelligence, open-source, openai, vulnerabilityOpenAI has collaborated with crypto investment firm Paradigm to release EVMbench, a new benchmark designed to evaluate how artificial intelligence agents interact with smart contract security. As smart contracts currently secure over $100 billion in open-source crypto assets, the ability of AI to successfully read, write, and audit code is becoming a critical component of…
-
OpenClaw AI Framework v2026.2.17 Adds Anthropic Model Support Amid Credential Theft Bug Concerns
OpenClaw, the open-source autonomous AI assistant that has gained widespread adoption in early 2026, released version v2026.2.17 on February 17, 2026, introducing support for Anthropic’s latest Claude Sonnet 4.6 model. The release comes amid growing security concerns after researchers documented the first in-the-wild credential theft targeting OpenClaw configuration files by infostealer malware. New Anthropic Model…
-
Everyone uses open source, but patching still moves too slowly
Enterprise security teams rely on open source across infrastructure, development pipelines, and production applications, even when they do not track it as a separate category … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/open-source-adoption-patching-challenges/
-
OpenClaw AI ‘Log Poisoning’ Flaw Enables Malicious Content Injection
A severe >>log poisoning<< vulnerability has been discovered in the popular OpenClaw AI assistant, potentially allowing attackers to manipulate the agent's behaviour through indirect prompt injection. OpenClaw, an open-source autonomous agent known for its deep system integrations and ability to manage complex tasks, has recently seen massive adoption. However, its ability to self-debug and read…
-
SecureClaw: Dual stack open-source security plugin and skill for OpenClaw
AI agent frameworks are being used to automate work that involves tools, files, and external services. That type of automation creates security questions around what an agent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/secureclaw-open-source-security-plugin-skill-openclaw/
-
Side-Channel Attacks Against LLMs
Tags: access, attack, chatgpt, credit-card, data, defense, exploit, LLM, monitoring, network, open-source, openai, phone, side-channelHere are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference”: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case)…
-
Malicious Fork of Legitimate Triton App Discovered on GitHub, Exposing New Malware Threat
Attackers have weaponized a malicious fork of the legitimate Triton macOS client for omg.lol, turning a trusted open-source project into a delivery channel for Windows malware hosted on GitHub. The campaign abuses GitHub’s forking model, misleading README content, and obscure asset paths to trick users into downloading a trojanized archive named Software_3.1.zip. The malicious actor…