Collecting Cyber-News from over 60 sources

Tag: open-source

Malicious Fork of Legitimate Triton App Discovered on GitHub, Exposing New Malware Threat

Feb 17, 2026 9:58 AM

Tags: cyber, github, macOS, malicious, malware, open-source, threat, windows

Attackers have weaponized a malicious fork of the legitimate Triton macOS client for omg.lol, turning a trusted open-source project into a delivery channel for Windows malware hosted on GitHub. The campaign abuses GitHub’s forking model, misleading README content, and obscure asset paths to trick users into downloading a trojanized archive named Software_3.1.zip. The malicious actor…
Was CISOs über OpenClaw wissen sollten

Feb 16, 2026 9:58 PM

Tags: ai, api, authentication, browser, bug, chrome, ciso, cloud, crypto, cyberattack, ddos, DSGVO, firewall, gartner, github, intelligence, Internet, jobs, linkedin, LLM, malware, marketplace, mfa, open-source, risk, security-incident, skills, software, threat, tool, update, vulnerability

Lesen Sie, welches Sicherheitsrisiko die Verwendung von OpenClaw in Unternehmen mit sich bringt.Das neue Tool zur Orchestrierung persönlicher KI-Agenten namens OpenClaw früher Clawdbot, dann Moltbot genannt erfreut sich aktuell großer Beliebtheit. Die Open-Source-Software kann eigenständig und geräteübergreifend arbeiten, mit Online-Diensten interagieren und Workflows auslösen kein Wunder, dass das Github-Repo in den vergangenen Wochen Millionen von…
Open source maintainers being targeted by AI agent as part of ‘reputation farming’

Feb 16, 2026 8:58 PM

Tags: ai, open-source

This article originally appeared on InfoWorld. First seen on csoonline.com Jump to article: www.csoonline.com/article/4132870/open-source-maintainers-being-targeted-by-ai-agent-as-part-of-reputation-farming.html
OpenAI Snags OpenClaw Creator for Agent Push

Feb 16, 2026 6:58 PM

Tags: ai, hacker, intelligence, malicious, open-source, openai

Steinberger to Lead AI Giant’s Multi-Agent Development Team. Peter Steinberger is joining OpenAI to lead development of personal agents, culminating weeks of viral attention paid to his OpenClaw open-source artificial intelligence assistant project. Security experts dubbed it a dumpster fire after hackers were quick to add malicious functions. First seen on govinfosecurity.com Jump to article:…
In GitHub’s advisory pipeline, some advisories move faster than others

Feb 16, 2026 7:58 AM

Tags: advisory, github, open-source, vulnerability

GitHub Security Advisories are used to distribute vulnerability information in open-source projects and security tools. A new study finds that only a portion of those … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/github-security-advisorie-review-timelines-study/
MOS: Open-source modular OS for servers and homelabs

Feb 16, 2026 6:58 AM

Tags: control, open-source

A growing number of homelab builders and small server operators are testing an open source operating system that combines basic server management, storage control, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/mos-open-source-modular-os-servers-homelabs/
AI agent seemingly tries to shame open source developer for rejected pull request

Feb 13, 2026 9:58 PM

Tags: ai, open-source

Belligerent bot bullies maintainer in blog post to get its way First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/ai_bot_developer_rejected_pull_request/
Researchers unearth 30-year-old vulnerability in libpng library

Feb 13, 2026 7:58 PM

Tags: advisory, ai, cvss, exploit, flaw, network, open-source, ransomware, software, threat, tool, update, vulnerability, zero-day

png_set_quantize, which is used for reducing the number of colors in PNG images, and present in all versions of libpng prior to version 1.6.55.”When the function is called with no histogram and the number of colours in the palette is more than twice the maximum supported by the user’s display, certain palettes will cause the…
Brutus: Open-source credential testing tool for offensive security

Feb 13, 2026 11:58 AM

Tags: credentials, open-source, tool

Brutus is an open-source, multi-protocol credential testing tool written in pure Go. Designed to replace legacy tools that have long frustrated penetration testers with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/13/brutus-open-source-credential-testing-tool-offensive-security/
Keeper Commander Introduces SuperShell

Feb 12, 2026 4:58 PM

Tags: open-source, programming, software, tool

From today, Keeper Security’s SuperShell, a full-screen Terminal User Interface (TUI) for browsing and managing the Keeper Vault within Keeper Commander, is available to all customers and can be seamlessly integrated into Keeper Commander workflows. Keeper Commander is an open-source Command Line Interface (CLI), scripting tool and Software Development Kit (SDK) for interacting with Keeper.…
1Password open sources a benchmark to stop AI agents from leaking credentials

Feb 12, 2026 3:58 PM

Tags: access, ai, credentials, open-source, phishing

Research has shown that some AI models can identify phishing websites with near-perfect accuracy when asked. When those same models are used as autonomous agents with access … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/1password-security-comprehension-awareness-measure-scam-ai-benchmark/
OpenClaw Open Source AI Agent Application Attack Surface and Security Risk System Analysis

Feb 12, 2026 12:59 PM

Tags: ai, attack, cyber, network, open-source, risk, tool

Background In early 2026, OpenClaw (formerly known as Clawdbot and Moltbot), an open-source autonomous AI agent project, quickly attracted global attention. As an automated intelligent application running in the form of a chatbot, it allows users to input natural language commands through Web pages and IM tools (such as Telegram, Slack, Discord, etc.) to achieve…The…
OpenClaw Open Source AI Agent Application Attack Surface and Security Risk System Analysis

Feb 12, 2026 12:59 PM

Tags: ai, attack, cyber, network, open-source, risk, tool

Background In early 2026, OpenClaw (formerly known as Clawdbot and Moltbot), an open-source autonomous AI agent project, quickly attracted global attention. As an automated intelligent application running in the form of a chatbot, it allows users to input natural language commands through Web pages and IM tools (such as Telegram, Slack, Discord, etc.) to achieve…The…
OpenClaw Open Source AI Agent Application Attack Surface and Security Risk System Analysis

Feb 12, 2026 12:59 PM

Tags: ai, attack, cyber, network, open-source, risk, tool

Background In early 2026, OpenClaw (formerly known as Clawdbot and Moltbot), an open-source autonomous AI agent project, quickly attracted global attention. As an automated intelligent application running in the form of a chatbot, it allows users to input natural language commands through Web pages and IM tools (such as Telegram, Slack, Discord, etc.) to achieve…The…
Zero-Click RCE in Claude Desktop: CVSS-Score von 10/10

Feb 12, 2026 9:58 AM

Tags: bug, cvss, open-source, rce, remote-code-execution, vulnerability

Diesmal gibt es eine Sicherheitslücke in Agenten, und zwar nicht in irgendeinem experimentellen Open-Source-Projekt, sondern in Claude Desktop. Die Sicherheitsfirma LayerX hat eine kritische Zero-Click RCE (Remote Code Execution) Schwachstelle in Claude Desktop Extensions (DXT) entdeckt, die über 10.000 aktive Nutzende betrifft und mit einem CVSS-Score von 10/10 bewertet wurde [1]. Das mag auf den……
What CISOs need to know about the OpenClaw security nightmare

Feb 12, 2026 8:58 AM

Tags: access, ai, api, attack, authentication, china, ciso, computer, control, corporate, credentials, email, endpoint, exploit, firewall, gartner, google, injection, mfa, microsoft, monitoring, network, open-source, openai, radius, risk, skills, startup, supply-chain, tool, vulnerability

OpenClaw exposes enterprise security gaps: The first big lesson of this whole OpenClaw situation is that enterprises need to do more to get their security fundamentals in place. Because if there are any gaps, anywhere at all, they will now be found and exploited at an unprecedented pace. In the case of OpenClaw, that means…
OpenClaw Scanner: Open-source tool detects autonomous AI agents

Feb 12, 2026 7:58 AM

Tags: ai, corporate, open-source, tool

A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate environments. The OpenClaw Scanner identifies … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/openclaw-scanner-open-source-tool-detects-autonomous-ai-agents/
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Companies are using ‘Summarize with AI’ to manipulate enterprise chatbots

Feb 12, 2026 1:58 AM

Tags: ai, cybercrime, microsoft, open-source, service, technology, tool

Pushing falsehoods: A factor driving the recent popularity of recommendation poisoning appears to be the availability of open-source tools that make it easy to hide this function behind website Summarize buttons.This raises the uncomfortable possibility that poisoned buttons aren’t being added as an afterthought by SEO developers who get carried away. More likely, the intention…
Proactive strategies for cyber resilience with Wazuh

Feb 11, 2026 7:58 PM

Tags: cyber, detection, edr, open-source, resilience, siem, strategy, threat

Cyber resilience means anticipating threats, detecting them early, and recovering fast when incidents occur. Wazuh shows how its open source SIEM and XDR unify visibility, detection, and automated response to strengthen proactive defense. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/proactive-strategies-for-cyber-resilience-with-wazuh/
Claude Opus 4.6 Exposes Hundreds of Open-Source Vulnerabilities

Feb 9, 2026 4:14 PM

Tags: flaw, open-source, vulnerability

Anthropic says Claude Opus 4.6 identified over 500 previously unknown high-severity flaws in widely used open-source libraries. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/claude-opus-4-6-exposes-hundreds-of-open-source-vulnerabilities/
UAE’s TII challenges big tech dominance with open source Falcon AI models

Feb 9, 2026 3:14 PM

Tags: ai, open-source, strategy, technology

Through its Falcon models and an open, efficiency-driven research strategy, the Technology Innovation Institute is positioning the UAE as a producer of foundational AI, not merely a consumer of global platforms First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638759/UAEs-TII-challenges-big-tech-dominance-with-open-source-Falcon-AI-models
Software developers: Prime cyber targets and a rising risk vector for CISOs

Feb 9, 2026 9:14 AM

Tags: access, ai, api, application-security, attack, automation, backdoor, breach, ceo, ciso, cloud, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, exploit, flaw, Hardware, identity, infrastructure, intelligence, Internet, jobs, leak, least-privilege, LLM, malicious, malware, marketplace, north-korea, open-source, phishing, programming, resilience, risk, saas, scam, service, social-engineering, software, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability

Credential theft and environment compromise: Attackers aren’t just looking for flaws in code “, they’re looking for access to software development environments.Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.”Improperly stored access credentials are low-hanging fruit for even the most amateur…
Allama: Open-source AI security automation

Feb 9, 2026 8:14 AM

Tags: ai, automation, detection, open-source, threat

Allama is an open-source security automation platform that lets teams build visual workflows for threat detection and response. It includes integrations with 80+ types of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/allama-open-source-ai-security-automation-platform/
New “Crypto Scanner” Tool Helps Developers Identify Quantum Risks Before Q-Day

Feb 9, 2026 7:13 AM

Tags: computer, cyber, encryption, infrastructure, open-source, risk, tool, vulnerability

With the >>Q-Day<< horizon the point when quantum computers will be capable of breaking standard encryption projected for roughly 2033, the race to secure digital infrastructure is accelerating. To aid in this transition, Quantum Shield Labs has released Crypto Scanner, a new open-source CLI tool designed to inventory and analyse cryptographic vulnerabilities in codebases before they…
New tool blocks imposter attacks disguised as safe commands

Feb 8, 2026 5:14 PM

Tags: attack, open-source, tool

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-commands/
Claude Opus 4.6: KI findet über 500 Zero-Day-Lücken in Open-Source-Software

Feb 8, 2026 2:14 PM

Tags: ai, open-source, software, zero-day

Anthropics neues Sprachmodell Claude Opus 4.6 hat in internen Tests Hunderte bislang unbekannte Sicherheitslücken aufgespürt – ohne spezielles Training. First seen on golem.de Jump to article: www.golem.de/news/claude-opus-4-6-ki-findet-ueber-500-zero-day-luecken-in-open-source-software-2602-205139.html