Tag: open-source
-
Critical Argo CD API Flaw Exposes Repository Credentials to Attackers
A major security flaw has been discovered in Argo CD, a popular open-source tool used for Kubernetes GitOps deployments. The vulnerability allows project-level API tokens to expose sensitive repository credentials, such as usernames and passwords, to attackers. The issue has been classified as critical with a CVSS score of 9.8/10 and is tracked asCVE-2025-55190. The…
-
6 Open-Source Vulnerability Scanners That Actually Work
Open-source vulnerability scanners identify security vulnerabilities in apps, networks, and systems. Compare features and functionalities with our guide. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/open-source-vulnerability-scanners/
-
Microsoft open-sources the 6502 BASIC coded by Bill Gates himself
GOTO 1976 First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/microsoft_open_sources_6502_basic/
-
Sicherheitslücke bei Tesla Open Source-App TeslaMate kann Benutzerdaten offen legen
Ein Sicherheitsforscher aus der Türkei mit dem Alias @Sword_Sec hat sich die Open-Source-App TeslaMate genauer angeschaut (die App hat mit Tesla selbst nichts zu tun, wird aber von Tesla-Fans zum Logging verwendet). Laut Kılıç’s Untersuchung werden die sensiblen Daten von … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/03/sicherheitsluecke-bei-tesla-open-source-appteslamate-kann-benutzerdaten-offen-legen/
-
Malicious npm packages use Ethereum blockchain for malware delivery
Tags: attack, blockchain, crypto, github, infrastructure, malicious, malware, open-source, software, supply-chaincolortoolsv2 and mimelib2 that used Ethereum smart contracts for malware delivery in July. But not much effort was put into making those packages look legitimate and attractive for developers to include in their projects, which is usually the goal of supply chain attacks with rogue npm packages.The colortoolsv2 package, and the mimelib2 one that later…
-
Sicherheitslücke bei Tesla Open Source-AppTeslaMate kann Benutzerdaten offen legen
Ein Sicherheitsforscher aus der Türkei mit dem Alias @Sword_Sec hat sich die Open-Source-App TeslaMate genauer angeschaut (die App hat mit Tesla selbst nichts zu tun, wird aber von Tesla-Fans zum Logging verwendet). Laut Kılıç’s Untersuchung werden die sensiblen Daten von … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/03/sicherheitsluecke-bei-tesla-open-source-appteslamate-kann-benutzerdaten-offen-legen/
-
Namespace Reuse Vulnerability Exposes AI Platforms to Remote Code Execution
A newly discovered vulnerability in the AI supply chain”, termed Model Namespace Reuse”, permits attackers to achieve Remote Code Execution (RCE) across major AI platforms, including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source projects. By re-registering abandoned or deleted model namespaces on Hugging Face, malicious actors can trick pipelines that fetch…
-
Apache DolphinScheduler Vulnerability Patched, Update Immediately
A low-severity security issue in Apache DolphinScheduler has been addressed in the latest release. Identified as CVE-2024-43166 and classified under CWE-276: Incorrect Default Permissions, this vulnerability affects all DolphinScheduler versions prior to 3.2.2. Users are strongly advised to upgrade to version 3.3.1 as soon as possible to mitigate potential risks. Apache DolphinScheduler is an open-source,…
-
Apache DolphinScheduler Vulnerability Patched, Update Immediately
A low-severity security issue in Apache DolphinScheduler has been addressed in the latest release. Identified as CVE-2024-43166 and classified under CWE-276: Incorrect Default Permissions, this vulnerability affects all DolphinScheduler versions prior to 3.2.2. Users are strongly advised to upgrade to version 3.3.1 as soon as possible to mitigate potential risks. Apache DolphinScheduler is an open-source,…
-
Sicherheitslücke in der Open-Source-Shopsoftware <>
In der beliebten Open-Source-Shopsoftware (bis einschließlich Version 4.60.4) ist eine kritische Sicherheitslücke entdeckt worden, mit der ein Angreifer, eine Geschenkkarte mithilfe einer Technik namens ‘Single-Packet-Attack” mehrfach einlösen kann. Richtig durchgeführt, können Angreifer so Artikel kostenlos erhalten. Die Schwachstelle wurde von Sicherheitsforschern von Outpost24 identifiziert und betrifft die parallele Verarbeitung von Anfragen auf Webseiten, die […]…
-
MobSF Vulnerability Allows Attackers to Upload Malicious Files
Tags: application-security, cyber, exploit, flaw, framework, malicious, mobile, open-source, vulnerabilityCritical security flaws discovered in Mobile Security Framework (MobSF) version 4.4.0 enable authenticated attackers to exploit path traversal and arbitrary file write vulnerabilities, potentially compromising system integrity and exposing sensitive data. Two significant vulnerabilities have been identified in the popular Mobile Security Framework (MobSF), a widely-used open-source mobile application security testing platform. The flaws, tracked…
-
Agentic AI: A CISO’s security nightmare in the making?
Tags: access, ai, antivirus, api, attack, automation, ciso, compliance, cybersecurity, data, defense, detection, email, endpoint, exploit, framework, governance, law, leak, malicious, malware, open-source, privacy, risk, service, strategy, supply-chain, tool, vulnerabilityFree agents: Autonomy breeds increased risks: Agentic AI introduces the ability to make independent decisions and act without human oversight. This capability presents its own cybersecurity risk by potentially leaving organizations vulnerable.”Agentic AI systems are goal-driven and capable of making decisions without direct human approval,” Joyce says. “When objectives are poorly scoped or ambiguous, agents…
-
8 bösartige Open-Source-Pakete, die auf WindowsBenutzerdaten abzielen
JFrog, das Liquid-Software-Unternehmen gibt die Entdeckung von acht bösartigen Paketen bekannt, die auf npm, einem der weltweit größten Repositorys für Open-Source-Javascript-Komponenten, veröffentlicht wurden. Die Pakete, darunter react-sxt (Version 2.4.1), react-typex (Version 0.1.0) und react-native-control (Version 2.4.1), wurden von böswilligen npm-Benutzern hochgeladen. Sie enthielten eine hochentwickelte multi-layer Verschleierung mit über 70 Layers versteckten Codes, die es Angreifern ermöglichte,…
-
Critical ImageMagick Vulnerability Allows Remote Code Execution
Acritical security vulnerabilityhas been discovered in ImageMagick, the widely used open-source image processing software, that could allow attackers to execute arbitrary code remotely. The vulnerability, tracked as CVE-2025-57803 with a severity score of 9.8 out of 10, affects 32-bit builds of ImageMagick versions before 7.1.2-2 and 6.9.13-28. The Vulnerability Details The security flaw stems from a 32-bit…
-
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
Tags: attack, cyber, cybersecurity, endpoint, malicious, monitoring, open-source, software, threat, toolCybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes.”In this incident, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of creating…
-
Experts warn of actively exploited FreePBX zero-day
Sangoma warns of an actively exploited FreePBX zero-day affecting systems with publicly exposed admin control panels. The Sangoma FreePBX Security Team addressed an actively exploited FreePBX zero-day vulnerability, tracked as CVE-2025-57819 (CVSS score of 10.0), impacting systems with an internet-facing administrator control panel (ACP). FreePBXis an open-source telephony software platform that provides a web-based graphical…
-
FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available
Tags: advisory, control, data-breach, exploit, flaw, open-source, service, update, vulnerability, zero-dayThe Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet.FreePBX is an open-source private branch exchange (PBX) platform widely used by businesses, call centers, and service providers to manage voice communications. It’s built on…
-
Forensik-Tool Velociraptor für Ransomware-Angriff missbraucht
Kriminelle haben das Open-Source-Forensik-Tool Velociraptor für einen Ransomware-Angriff missbraucht. Das Counter Threat Unit (CTU) Team von Sophos konnte nach eigenen Angaben die Attacke jedoch rechtzeitig stoppen, bevor größerer Schaden entstand. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/velociraptor-ransomware-angriff
-
Angreifer missbrauchen Forensik-Tool für Ransomware-Versuch
Das Counter-Threat-Unit CTU) -Team von Sophos hat einen Cyberangriff vereitelt, bei dem Kriminelle ein eigentlich seriöses Open-Source-Programm für digitale Forensik, Velociraptor, missbrauchten. Statt es wie vorgesehen für Sicherheitsanalysen einzusetzen, nutzten die Täter das Tool, um sich verdeckt Zugang zu einem Unternehmensnetzwerk zu verschaffen und weitere Schadsoftware nachzuladen. Ziel war offenbar ein Ransomware-Angriff. So gingen…
-
Sophos Counter Threat Unit vereitelt Cyberangriff mit Forensik-Tool
Das Counter Threat Unit™ (CTU) Team von Sophos hat einen Cyberangriff vereitelt, bei dem Kriminelle das Tool “Velociraptor”, ein eigentlich seriöses Open-Source-Programm für digitale Forensik, missbrauchten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-counter-threat-unit-vereitelt-cyberangriff-mit-forensik-tool/a41834/
-
Streit um Digitale Souveränität – Schlagabtausch zwischen BSI-Chefin und Open Source Community
First seen on security-insider.de Jump to article: www.security-insider.de/bsi-praesidentin-plattner-digitale-souveraenitaet-kritik-a-a21ce446fbb2157ce5648a48b77a2d5e/
-
Anthropic detects the inevitable: genAI-only attacks, no humans involved
Tags: ai, attack, business, ciso, control, cybercrime, cybersecurity, defense, dns, infrastructure, injection, intelligence, malicious, malware, open-source, openai, RedTeam, threat, tool, warfarenot find.”There is potentially a lot of this activity we’re not seeing. Anthropic being open about their platform being used for malicious activities is significant, and OpenAI has recently shared the same as well. But will others open up about what is already likely happening?” Brunkard asked. “Or maybe they haven’t shared because they don’t…
-
Hottest cybersecurity open-source tools of the month: August 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Buttercup: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/27/hottest-cybersecurity-open-source-tools-of-the-month-august-2025/
-
Attackers steal data from Salesforce instances via compromised AI live chat tool
What Salesloft Drift users should do next: The GTIG report and the Salesloft advisories include indicators of compromise such as IP addresses used by the attackers and User-Agent strings for the tools they used to access the data. Mandiant advises companies to also search logs for any activity from known Tor exit nodes in addition…
-
New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station
A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB).The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), relies on a new open-source software toolkit…
-
BSI-Doppelstrategie für digitale Souveränität
BSI-Präsidentin Claudia Plattner: “Je mehr vertrauenswürdige Produkte verfügbar sind, desto souveräner können wir entscheiden und desto sicherer wird die digitale Zukunft.” ECBEine sichere Verwendung digitaler Produkte zu ermöglichen, sieht die Präsidentin des Bundesamtes für Sicherheit in der Informationstechnik (BSI), Claudia Plattner, als staatliche Aufgabe. “Als Cybersicherheitsbehörde Deutschlands ist es unser Anspruch, Menschen und Organisationen nicht…