Tag: open-source
-
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…
-
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
Tags: authentication, exploit, flaw, hacker, open-source, rce, remote-code-execution, tool, vulnerabilityHackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-rce-flaws-in-qinglong-task-scheduler-for-cryptomining/
-
Why Financial Services Leaders Are Re-Evaluating Open Source for Database Change Management
OSS can be too risky for banks and FinTechs working to meet security, governance, and compliance demands. Know the risks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/why-financial-services-leaders-are-re-evaluating-open-source-for-database-change-management/
-
EU waves through open source age-check tool to keep kids safe online
‘Online platforms can rely on our app,’ says Commish, ‘there are no more excuses’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/29/eu_adopts_open_source_ageverification/
-
Product showcase: SimpleX Chat removes user identifiers from messaging
SimpleX Chat is a free, private, open-source messenger that uses encryption and does not require user identifiers. It is available on mobile and desktop platforms, including … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/29/product-showcase-simplex-chat-secure-messaging/
-
More fake extensions linked to GlassWorm found in Open VSX code marketplace
Tags: control, marketplace, monitoring, open-source, risk, software, supply-chain, tool, update, vulnerabilityAdvice for developers: Janca said developers who want to reduce their exposure to the GlassWorm campaign should start with the basics: install fewer extensions and treat each one as a dependency with real risk attached. Disable auto-update so you control when updates are applied, and carefully evaluate each one. Use a next-generation SCA tool that covers…
-
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw/
-
Researchers Find 38 Flaws in OpenEMR. They’ve Been Fixed
AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity Vulnerabilities. Researchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems. First seen on govinfosecurity.com Jump to…
-
Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks
A critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to execute arbitrary system commands on affected servers. With over 21,500 stars on GitHub, LeRobot’s widespread adoption…
-
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Tags: cve, cybersecurity, data, exploit, flaw, github, open-source, rce, remote-code-execution, vulnerabilityCybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of…
-
Open-source privacy tool BleachBit 6.0.0 upgrades code signing across Windows and Linux
System cleaning utilities have grown more relevant as web browsers stockpile larger volumes of cached data, tracking artifacts, and site storage on local disks. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/28/bleachbit-6-0-0-open-source-privacy-tool/
-
Open-source privacy tool BleachBit 6.0.0 upgrades code signing across Windows and Linux
System cleaning utilities have grown more relevant as web browsers stockpile larger volumes of cached data, tracking artifacts, and site storage on local disks. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/28/bleachbit-6-0-0-open-source-privacy-tool/
-
Open-source IPFire DNS Firewall blocks malware and phishing at the resolver
The IPFire project shipped Core Update 201 for its 2.29 release line, bringing DNS-layer domain blocking into the open-source firewall distribution. The update replaces two … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/28/open-source-ipfire-dns-firewall/
-
Open-source IPFire DNS Firewall blocks malware and phishing at the resolver
The IPFire project shipped Core Update 201 for its 2.29 release line, bringing DNS-layer domain blocking into the open-source firewall distribution. The update replaces two … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/28/open-source-ipfire-dns-firewall/
-
Artifact Poisoning: A Silent Threat to Enterprise Software Supply Chains
Software supply chains have quietly become one of the most critical and most vulnerable foundations of modern enterprises. Today, applications are no longer monolithic systems built entirely in-house. Instead, they are complex assemblies of open-source libraries, third-party packages, container images, APIs, and pre-built binaries pulled from multiple repositories. This interconnected ecosystem has dramatically improved speed,……
-
Open source package with 1 million monthly downloads stole user credentials
If you’re one of millions using element-data, it’s time to check for compromise. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/open-source-package-with-1-million-monthly-downloads-stole-user-credentials/
-
25 open-source cybersecurity tools that don’t care about your budget
Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/25-open-source-security-tools/
-
Week in review: Claude Mythos finds 271 Firefox flaws, Vercel breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/26/week-in-review-claude-mythos-finds-271-firefox-flaws-vercel-breach/
-
Flurry of Supply-Chain Software Library Attacks
Continuous Integration Has Its Downsides. As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not only rely on code integrity tools, but also to introduce a delay before merging new repos, since unfolding attacks tend to get spotted in days, if not hours or minutes. First seen on govinfosecurity.com Jump…
-
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure.The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data.”A server-side…
-
Hackers Exploit Ollama Model Uploads to Leak Server Data
Cybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows an unauthenticated attacker to steal sensitive server data by simply uploading a maliciously crafted AI model file. How…
-
Hackers Exploit Ollama Model Uploads to Leak Server Data
Cybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows an unauthenticated attacker to steal sensitive server data by simply uploading a maliciously crafted AI model file. How…
-
Cloudsmith Raises $72M for Software Supply-Chain Security
Recent Package Compromises Pushed Software Component Trust to the Security Agenda. Cloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts. First seen on govinfosecurity.com Jump to…
-
Five steps to become Mythos ready
Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-dayAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
-
Five steps to become Mythos ready
Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-dayAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…