Tag: open-source
-
Phishing Campaign Targets PyPI Maintainers with Fake Login Site
Fake PyPI login site phishing campaign threatens developer credentials and the open-source supply chain. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phishing-campaign-targets-pypi-maintainers-with-fake-login-site/
-
Shai-Hulud-Angriff: Schwachstellen in der Open-Source-Sicherheit
Open Source bildet das Fundament der digitalen Welt, doch aktuelle Ereignisse zeigen, wie anfällig die Lieferkette ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shai-hulud-angriff-schwachstellen-open-source
-
Shai-Hulud-Angriff: Schwachstellen in der Open-Source-Sicherheit
Open Source bildet das Fundament der digitalen Welt, doch aktuelle Ereignisse zeigen, wie anfällig die Lieferkette ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shai-hulud-angriff-schwachstellen-open-source
-
Shai-Hulud-Angriff: Schwachstellen in der Open-Source-Sicherheit
Open Source bildet das Fundament der digitalen Welt, doch aktuelle Ereignisse zeigen, wie anfällig die Lieferkette ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shai-hulud-angriff-schwachstellen-open-source
-
Delinea releases free open-source MCP server to secure AI agents
AI agents are becoming more common in the workplace, but giving them access to sensitive systems can be risky. Credentials often get stored in plain text, added to prompts, or … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/26/delinea-free-open-source-mcp-server/
-
How GitHub Is Securing the Software Supply Chain
In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the open-source software supply chain. The post How GitHub Is Securing the Software Supply Chain appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-github-security-npm-supply-chain/
-
JFrog entdeckt Shai-Hulud-Angriff: 164 kompromittierte npm-Pakete
Der Shai-Hulud-Angriff ist kein isoliertes Ereignis. Er ist Teil eines Musters, bei dem Angreifer die Diskrepanz zwischen der zentralen Bedeutung von Open-Source-Software und den begrenzten Ressourcen ihrer Maintainer ausnutzen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-entdeckt-shai-hulud-angriff-164-kompromittierte-npm-pakete/a42139/
-
AI coding assistants amplify deeper cybersecurity risks
Tags: access, ai, api, application-security, attack, authentication, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, data-breach, detection, fintech, flaw, governance, injection, leak, LLM, metric, open-source, programming, radius, risk, risk-management, service, software, startup, strategy, threat, tool, training, vulnerability‘Shadow’ engineers and vibe coding compound risks: Ashwin Mithra, global head of information security at continuous software development firm Cloudbees, notes that part of the problem is that non-technical teams are using AI to build apps, scripts, and dashboards.”These shadow engineers don’t realize they’re part of the software development life cycle, and often bypass critical…
-
Nosey Parker: Open-source tool finds sensitive information in textual data and Git history
Nosey Parker is an open-source command-line tool that helps find secrets and sensitive information hidden in text files. It works like a specialized version of grep, focused … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/24/nosey-parker-open-source-tool/
-
Nosey Parker: Open-source tool finds sensitive information in textual data and Git history
Nosey Parker is an open-source command-line tool that helps find secrets and sensitive information hidden in text files. It works like a specialized version of grep, focused … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/24/nosey-parker-open-source-tool/
-
Wormable Malware Triggers GitHub’s Push for Stronger npm Security
GitHub is tightening npm publishing rules after a wormable malware attack exposed weaknesses in the open source supply chain. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/wormable-malware-triggers-githubs-push-for-stronger-npm-security/
-
OpenSSF warns that open source infrastructure doesn’t run on thoughts and prayers
Foundations say billions of downloads rely on registries running on fumes and someone’s gotta pay the bills First seen on theregister.com Jump to article: www.theregister.com/2025/09/23/openssf_open_source_infrastructure/
-
GitHub Introduces npm Security with Stronger Authentication and Trusted Publishing
Open source software powers much of today’s technology, enabling developers around the world to build and share tools, libraries, and applications. However, the same openness that drives innovation also presents serious security challenges. Attackers regularly target package registries like npm to compromise accounts and inject malicious code. In response, GitHub has announced significant updates to…
-
TDL 005 – A Defender’s Journey: From Passion Project to Protecting Children Online
Tags: access, business, control, corporate, country, cyber, cybersecurity, data-breach, defense, dns, encryption, endpoint, finance, github, government, group, guide, identity, Internet, jobs, microsoft, network, open-source, privacy, risk, service, technology, tool, zero-trustSummary A Defender’s Journey: From Passion Project to Protecting Children Online In a recent episode of “The Defender’s Log,” host David Redekop sat down with cybersecurity expert Will Earp to discuss his unconventional path into the industry and his current mission-driven career. Earp, a self-proclaimed “tinkerer” from a young age, shared how his early fascination…
-
Cybersecurity AI (CAI): Open-source framework for AI security
Cybersecurity AI (CAI) is an open-source framework that helps security teams build and run AI-driven tools for offensive and defensive tasks. It’s designed for anyone working … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/22/cybersecurity-ai-cai-open-source-framework-ai-security/
-
Neue Hacker-Gruppe Yurei nutzt Open-Source-Code für Angriffe
Eine neue Ransomware-Gruppe namens Yurei japanisch für “rastlose Geister” hat binnen weniger Tage Unternehmen in Sri Lanka, Indien und Nigeria angegriffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neue-hacker-gruppe-yurei
-
Neue Ransomware-Gruppe Yurei: Open-Source-Code erleichtert weltweite Angriffe
Check Point Software Technologies warnt vor einer neuen Ransomware-Bedrohung namens Yurei, ein Begriff aus der japanischen Folklore für rastlose Geister. Check Point Research hat die Gruppe am 5. September 2025 erstmals entdeckt. Bereits in der ersten Woche konnte Yurei drei Unternehmen auf seiner Leak-Seite im Darknet aufführen: Sri Lanka: Ein Lebensmittelhersteller wurde als erstes Opfer kompromittiert.…
-
New Wave of Self-Replicating NPM Malware Exposes Critical Gaps in Software Supply Chain Security
The Shai-Hulud NPM worm highlights rising open-source supply chain threats. Secure builds with SBOMs, MFA, signed packages, and zero-trust defenses. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/new-wave-of-self-replicating-npm-malware-exposes-critical-gaps-in-software-supply-chain-security/
-
Where CISOs need to see Splunk go next
Tags: ai, api, automation, cisco, ciso, cloud, communications, compliance, conference, crowdstrike, cybersecurity, data, data-breach, detection, finance, framework, google, incident response, intelligence, jobs, metric, microsoft, open-source, RedTeam, resilience, risk, router, siem, soar, strategy, tactics, threat, tool, vulnerabilityResilience resides at the confluence of security and observability: There was also a clear message around resilience, the ability to maintain availability and recover quickly from any IT or security event.From a Cisco/Splunk perspective, this means a more tightly coupled relationship between security and observability.I’m reminded of a chat I had with the chief risk…
-
Open-Source Tool Greenshot Hit by Severe Code Execution Vulnerability
A security vulnerability has been discovered in Greenshot, the widely used open-source screenshot tool for Windows. The Greenshot vulnerability exposes to the risk of arbitrary code execution, potentially allowing attackers to bypass established security protocols and launch further malicious activities. A proof-of-concept (PoC) exploit has already been released, drawing attention to the critical nature of…
-
Malicious PyPI Packages Deliver SilentSync RAT
IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…
-
DEF CON 33: Dreadwware Interviews Jordan Kasper On Open Source In Government
Creators, Authors and Presenters: Dreadwware & Jordan Kasper Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/def-con-33-dreadwware-interviews-jordan-kasper-on-open-source-in-government/
-
Open Source: Drei von vier Unternehmen in Deutschland bereits Nutzer
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/open-source-75-prozent-unternehmen-deutschland-nutzer
-
How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381
Tenable Research recently discovered that the original patch for a critical vulnerability affecting BentoML could be bypassed. In this blog, we explain in detail how we discovered this patch bypass in this widely used open source tool. The vulnerability is now fully patched. Key takeaways Tenable Research discovered that the initial patch for a high-severity…
-
New Shai-hulud Worm Infecting npm Packages With Millions of Downloads
ReversingLabs discovers >>Shai-hulud,
-
Chaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to Takeover
Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for Kubernetes. Three of these flaws carry a maximum CVSS 3.1 score of 9.8, enabling any pod in the cluster to run arbitrary commands or inject…
-
Hackers Exploit AdaptixC2, an Emerging Open-Source C2 Tool
In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. While many C2 frameworks garner public attention, AdaptixC2 has remained largely under the radar”, until Unit 42 documented its deployment by real-world threat actors. This article examines AdaptixC2’s capabilities, recent infection scenarios, and guidance for defenders to anticipate and…
-
5 steps for deploying agentic AI red teaming
Tags: access, ai, application-security, attack, automation, blizzard, business, cloud, control, data, defense, exploit, framework, gartner, governance, infrastructure, malicious, open-source, RedTeam, risk, risk-assessment, service, software, threat, tool, zero-trustFive steps to take towards implementing agentic red teaming: 1. Change your attitude Perhaps the biggest challenge for agentic red teaming is adjusting your perspective in how to defend your enterprise. “The days where database admins had full access to all data are over,” says Suer. “We need to have a fresh attitude towards data…