Tag: open-source
-
LOLPROX Unveils Undetected Exploitation Routes for Stealthy Hypervisor Attacks
A new security analysis has unveiled >>LOLPROX,>Living Off The Land
-
LOLPROX Unveils Undetected Exploitation Routes for Stealthy Hypervisor Attacks
A new security analysis has unveiled >>LOLPROX,>Living Off The Land
-
The Bastion: Open-source access control for complex infrastructure
Operational teams know that access sprawl grows fast. Servers, virtual machines and network gear all need hands-on work and each new system adds more identities to manage. A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/open-source-bastion-host-security/
-
Warning: React2Shell vulnerability already being exploited by threat actors
Tags: ai, application-security, attack, china, cloud, communications, credentials, data, data-breach, exploit, firewall, framework, group, infosec, intelligence, linux, malicious, malware, open-source, service, software, threat, tool, update, vulnerability, wafSystem.Management.Automation.AmsiUtils.amsiInitFailed = true (a standard AMSI bypass), and iex executes the next stage.JFrog’s security research team also today reported finding a working proof of concept that leads to code execution, and they and others have also reported finding fake PoCs containing malicious code on GitHub. “Security teams must verify sources before testing [these PoCs],” warns JFrog.Amitai Cohen, attack…
-
Cyber teams on alert as React2Shell exploitation spreads
Exploitation of an RCE flaw in a widely-used open source library is spreading quickly, with China-backed threat actors in the driving seat First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636015/Cyber-teams-on-alert-as-React2Shell-exploitation-spreads
-
React Server Vulnerability Is No Cause For Panic: Security Expert
A critical-severity vulnerability impacting the popular React open-source library deserves attention, but is far from the apocalyptic scenario that some in the cybersecurity industry are making it out to be, according to well-known security researcher Kevin Beaumont. First seen on crn.com Jump to article: www.crn.com/news/security/2025/react-server-vulnerability-is-no-cause-for-panic-security-expert
-
Cacti Command Injection Flaw Allows Remote Execution of Malicious Code
A newly disclosed security flaw in the open-source monitoring platform Cacti could allow attackers to execute arbitrary commands on vulnerable servers. The issue, ratedHighseverity and tracked asCVE-2025-66399, affectsCacti versions up to and including 1.2.28. The problem has been fixed inCacti 1.2.29. The vulnerability stems from improper input validation in the SNMP device configuration workflow. When an authenticated…
-
Cacti Command Injection Flaw Allows Remote Execution of Malicious Code
A newly disclosed security flaw in the open-source monitoring platform Cacti could allow attackers to execute arbitrary commands on vulnerable servers. The issue, ratedHighseverity and tracked asCVE-2025-66399, affectsCacti versions up to and including 1.2.28. The problem has been fixed inCacti 1.2.29. The vulnerability stems from improper input validation in the SNMP device configuration workflow. When an authenticated…
-
From feeds to flows: Using a unified linkage model to operationalize threat intelligence
Tags: access, api, attack, authentication, automation, business, ciso, cloud, compliance, container, control, corporate, credentials, cyber, cybersecurity, data, defense, exploit, finance, firewall, framework, github, government, iam, identity, infrastructure, intelligence, ISO-27001, malicious, metric, mitre, monitoring, network, nist, open-source, phishing, risk, risk-assessment, risk-management, saas, service, siem, soc, software, supply-chain, tactics, threat, tool, update, vulnerability, zero-trustwhat to watch for, but not why it matters or how it moves through your environment.The result is a paradox of abundance: CISOs have more data than ever before, but less operational clarity. Analysts are overwhelmed by indicators disconnected from context or mission relevance.Each feed represents a snapshot of a potential threat, but it does…
-
Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment
Tags: access, control, cyber, exploit, hacker, incident response, infrastructure, open-source, ransomware, threat, tool, vulnerabilityThreat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents spanning September through November 2025 where attackers exploited critical vulnerabilities to gain initial access before deploying Velociraptor for persistent remote access and lateral movement.…
-
Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment
Tags: access, control, cyber, exploit, hacker, incident response, infrastructure, open-source, ransomware, threat, tool, vulnerabilityThreat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents spanning September through November 2025 where attackers exploited critical vulnerabilities to gain initial access before deploying Velociraptor for persistent remote access and lateral movement.…
-
Admins and defenders gird themselves against maximum-severity server vuln
Open source React executes malicious code with malformed HTML”, no authentication needed. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/12/admins-and-defenders-gird-themselves-against-maximum-severity-server-vulnerability/
-
RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments
Tags: access, ai, api, attack, automation, backdoor, cloud, exploit, flaw, google, malicious, open-source, openai, rce, remote-code-execution, risk, service, tool, vulnerabilityMultiple attack vectors: For this flaw to be exploited, the victim needs to clone the repository and run Codex on it and an attacker needs to have commit access to the repo or have their malicious pull request accepted.”Compromised templates, starter repos, or popular open-source projects can weaponize many downstream consumers with a single commit,”…
-
Admins and defenders gird themselves against maximum-severity server vulnerability
Open source React executes malicious code with malformed HTML”, no authentication needed. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/12/admins-and-defenders-gird-themselves-against-maximum-severity-server-vulnerability/
-
Developers scramble as critical React flaw threatens major apps
The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments. First seen on cyberscoop.com Jump to article: cyberscoop.com/react-server-vulnerability-critical-severity-security-update/
-
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform…
-
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform…
-
Evilginx Attack Techniques Allow Hackers to Defeat MFA Through SSO Phishing
Tags: attack, authentication, credentials, cyber, framework, hacker, login, mfa, open-source, phishing, threatA sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, which has targeted at least 18 universities to date, utilizes adversary-in-the-middle (AiTM) techniques to intercept login credentials and session cookies by mimicking legitimate single…
-
SmartTube Android TV App Compromised After Signing Keys Leak
SmartTube, a popular open-source YouTube client for Android TV devices with over 25,900 GitHub stars, has been compromised after its digital signing keys were exposed, prompting an urgent security response from developer Yurii Liskov (yuliskov). The incident, disclosed on November 27, 2025, has forced affected users to reinstall the application under a new digital signature…
-
Evilginx Attack Techniques Allow Hackers to Defeat MFA Through SSO Phishing
Tags: attack, authentication, credentials, cyber, framework, hacker, login, mfa, open-source, phishing, threatA sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, which has targeted at least 18 universities to date, utilizes adversary-in-the-middle (AiTM) techniques to intercept login credentials and session cookies by mimicking legitimate single…
-
OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read sensitive memory data. The OpenVPN development team has released urgent updates to address these issues, and administrators are…
-
OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read sensitive memory data. The OpenVPN development team has released urgent updates to address these issues, and administrators are…
-
SmartTube YouTube app for Android TV breached to push malicious update
The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer’s signing keys, leading to a malicious update being pushed to users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/
-
Microsoft gives Windows admins a legacy migration headache with WINS sunset
Tags: attack, control, cyber, dns, exploit, hacker, infrastructure, malicious, microsoft, network, open-source, penetration-testing, risk, service, technology, tool, vulnerability, windowsWhy WINS is still in use: Organizations still using WINS are likely to fall into one of two categories: those using it to support old technologies with long lifecycles such as operational technology (OT) systems, and those that have simply half-forgotten that they are still using it.”For OT stacks built around WINS/NetBIOS, replacing them isn’t…
-
Linux 6.18 Rolls Out With Major Hardware Support Upgrades and Driver Enhancements
Linus Torvalds has officially released Linux 6.18, the latest stable version of the Linux kernel. The announcement came on Sunday, November 30, 2025, marking another milestone for the open-source operating system that powers everything from smartphones to supercomputers. Torvalds shared the news through the Linux kernel mailing list, noting that while there was more bugfixing…
-
Schwachstellen in Fluent Bit gefährdeten USInstanzen
Cloud-Anbieter wie AWS, Microsoft oder Google verwenden die Open Source-Software Fluent Bit zur Erfassung von Telemetriedaten (Monitoring). Gleich fünf Schwachstellen in dieser Software hätten die Remote-Übernahme von Containern, die auf den entsprechenden Cloud-Instanzen gehostet wurden, ermöglichet. Nutzer sollten die Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/30/schwachstellen-in-oss-tool-fluent-bit-gefaehrdete-us-cloud-instanzen/
-
KawaiiGPT: A Free WormGPT Clone Using DeepSeek, Gemini, and Kimi-K2 Models
A new open-source tool called KawaiiGPT has surfaced on GitHub, positioning itself as a >>cute>jailbroken>WormGPT kawaii ver,
-
Neues ToddyCat-Toolkit greift Outlook und Microsoft-Token an
Tags: access, apt, backdoor, browser, chrome, cloud, cyberattack, exploit, governance, government, Internet, kaspersky, mail, microsoft, open-source, powershell, tool, update, vulnerability, windowsDie APT-Gruppe ToddyCat hat ihren Fokus auf den Diebstahl von Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken verlagert.Forscher von Kaspersky Labs haben festgestellt, dass sich die APT-Gruppe (Advanced Persistent Threat) ToddyCat jetzt darauf spezialisiert hat, Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken zu stehlen.Demnachhat die Hackerbande ihr Toolkit Ende 2024 und Anfang 2025 weiterentwickelt, um nicht nur wie bisher Browser-Anmeldedaten zu…
-
Hottest cybersecurity open-source tools of the month: November 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Heisenberg: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/27/hottest-cybersecurity-open-source-tools-of-the-month-november-2025/