Tag: open-source
-
Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational awareness platform … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/08/week-in-review-notepad-supply-chain-attack-details-and-targets-patch-tuesday-forecast/
-
Bug Hunting With LLMs: Expert Tool Seeks More ‘True’ Flaws
Open Source ‘Vulnhalla’ Promises ‘Up to 96% Reduction in False Positives’. Using large language models to automatically identify only real code vulnerabilities – not false positives – remains a holy grail. Eschewing a moonshot approach, a tool called Vulnhalla helps senior researchers use guided questioning with LLMs to more rapidly triage actual vulnerabilities. First seen…
-
Microsoft Unveils LiteBox, a Rust-Based Approach to Secure Sandboxing
Microsoft has released LiteBox, an experimental open-source library OS designed to sandbox applications while reducing their exposure to host systems. Written in Rust and published under the MIT license, LiteBox reflects the company’s efforts to upgrade software security as confidential computing gains adoption. LiteBox takes a different path from traditional virtualization or container technologies. Rather..…
-
Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful
A disconnect exists between the organization’s cybersecurity needs and lists like CISA’s KEV Catalog. KEV Collider combines data from multiple open source vulnerability frameworks to help security teams quickly assess which are important, based on their priorities. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-tool-triage-exploited-vulnerabilities-make-kev-catalog-more-useful
-
Claude Opus 4.6 Launches Enhanced Security Capabilities to Validate 500+ Critical Vulnerabilities
Anthropic has released Claude Opus 4.6, marking a significant leap in the defensive application of artificial intelligence. Released yesterday, the model has already identified and validated over 500 high-severity >>zero-day<< vulnerabilities in open-source software. This development signals a major shift in cybersecurity, moving beyond traditional brute-force testing to intelligent, reason-based analysis that mimics human security…
-
Digitale Souveränität: Wie Deutschland sich von US-Software löst
Nach Rekordbeteiligung an der EU-Konsultation treibt der Bund Open Source und souveräne Clouds voran – der Weg ist lang. First seen on golem.de Jump to article: www.golem.de/news/digitale-souveraenitaet-wie-deutschland-sich-von-us-software-loest-2602-205092.html
-
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF.Claude Opus 4.6, which was launched on Thursday, comes with improved coding skills, including code review and debugging capabilities, along First seen…
-
OpenClaw AI Agent Sparks Global Security Alarm
Open-Source Tool Security ‘Dumpster Fire,’ Experts Warn. An open-source AI assistant that exploded in popularity over the past month is exposing users to data theft, malicious code and runaway costs. Users can add functions called skills that connect assistants with different services – and hackers have been quick to add malicious examples. First seen on…
-
Microsoft develops a new scanner to detect hidden backdoors in LLMs
Effectiveness of the scanner: Microsoft said the scanner does not require retraining models or prior knowledge of backdoor behavior and operates using forward passes only, avoiding gradient calculations or backpropagation to keep computing costs low.The company also said it works with most causal, GPT-style language models and can be used across a wide range of…
-
Microsoft launches LiteBox, a security-focused open-source library OS
Microsoft has released LiteBox, a project intended to function as a security-focused library OS that can serve as a secure kernel for protecting a guest kernel using … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/microsoft-litebox-security-focused-open-source-library-os/
-
Critical n8n flaws disclosed along with public exploits
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/
-
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats.The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don’t end up getting…
-
Critical Django Flaw Allows DoS and SQL Injection Attacks
The Django Software Foundation has issued emergency security patches addressing six critical vulnerabilities affecting multiple versions of the popular Python web framework. Released on February 3, 2026, the updates fix severe flaws that could enable attackers to execute SQL injection attacks, cause denial-of-service conditions, and enumerate user accounts.”‹ Django is a widely used open-source Python…
-
Global Threat Map: Open-source real-time situational awareness platform
Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/04/global-threat-map-open-source-osint/
-
Sicherheitsexperten warnen: Open-Source-KI könnte zu gravierendem Security-Problem werden
First seen on t3n.de Jump to article: t3n.de/news/sicherheitsexperten-warnen-open-source-ki-gravierendes-security-problem-1727710/
-
The ‘Invisible Risk’: 1.5 Million Unmonitored AI Agents Threaten Corporate Security
A massive >>invisible workforce<< of autonomous digital workers has arrived in the corporate world, but new research suggests it may be operating largely out of control. Large enterprises across the U.S. and UK have already deployed 3 million AI agents, according to a study released by Gravitee, an open-source leader in API and agentic management……
-
Compromise of Notepad++ Equals Software Supply Chain Fallout
Tags: attack, backdoor, china, exploit, group, infrastructure, open-source, software, supply-chain, vulnerability, windowsHacked Infrastructure Delivered Chinese Nation-State Group’s Backdoor, Experts Warn. The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors. First seen on…
-
ChatGPT hat die Welt verändert, OpenClaw krempelt sie um
Zurzeit überschlagen sich die Einschätzungen und News zum neuen KI-Agenten OpenClaw/Moltbot. Nash Borges, Vice President of Engineering and Data Science bei Sophos hat sich den Bot näher angesehen und hat eine dedizierte Meinung zum neuen KI-Supertool: Wer hätte gedacht, dass wir nur ein Open-Source-Projekt vom bedeutendsten Paradigmenwechsel in der künstlichen Intelligenz (KI) seit ChatGPT entfernt…
-
Sandisk brings SPRandom to open source for large SSD testing
Tags: open-sourceEnterprise storage environments already run long qualification cycles as solid-state drive capacities rise and validation teams try to mirror production workloads. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/sprandom-open-source-ssd-testing/
-
Open-Source-Alternative zu WSUS für Windows, Linux und macOS – Nach dem WSUS-Ende wird OPSI zur kostenlosen Alternative
First seen on security-insider.de Jump to article: www.security-insider.de/opsi-wsus-alternative-open-source-a-d6d2a3f7544135385bfbec3a62fe7bae/
-
Apache Syncope Vulnerability Allows Attackers to Hijack Active User Sessions
Apache Syncope, a popular open-source identity and access management platform, has disclosed a critical XML External Entity (XXE) vulnerability in its Console component. The vulnerability, tracked as CVE-2026-23795, allows authenticated administrators to execute XXE attacks and extract sensitive data from affected systems. Security researchers Follycat and Y0n3er discovered the flaw, which affects multiple versions of…
-
APT28 Leverages CVE-2026-21509 in Operation Neusploit
IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
-
Open-source attacks move through normal development workflows
Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/
-
Product showcase: 2FAS Auth Free, open-source 2FA for iOS
Online accounts usually rely on a password, but passwords alone can be weak if they’re reused, easily guessed, or stolen. Two-factor authentication (2FA) adds a second layer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/product-showcase-2fas-auth-free-open-source-2fa-ios/
-
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.The development comes shortly First seen…
-
Over 21,000 OpenClaw AI Instances Leak Personal Configuration Data
The open-source AI assistant OpenClaw experienced explosive growth, expanding from approximately 1,000 active instances to over 21,000 in just seven days. Created by Austrian developer Peter Steinberger, the personal AI assistant integrates with email, calendars, smart-home systems, and food-delivery services, enabling it to perform actions far beyond those of traditional chatbots. The project’s rapid evolution…
-
Fosdem 2026: Wo das Herz der freien Welt schlägt
Tags: open-sourceDie Open-Source-Konferenz der Superlative wird politischer. Denn: Wenn die Demokratie verschwinde, verschwinde auch Open Source. First seen on golem.de Jump to article: www.golem.de/news/fosdem-2026-wo-das-herz-der-freien-welt-schlaegt-2602-204902.html
-
AutoPentestX Introduced as Automated Penetration Testing Toolkit for Linux Systems
AutoPentestX, an open-source automated penetration testing framework designed to streamline vulnerability assessment and security testing workflows on Linux systems. The toolkit consolidates multiple security testing capabilities into a unified platform for ethical hacking and security auditing operations. Developed by security researcher Gowtham-Darkseid, AutoPentestX automates the execution of common penetration testing procedures through modular architecture and…