Tag: open-source
-
Use of XMRig Cryptominer by Threat Actors Expanding: Expel
Security researchers last year wrote about a surge in the use by threat actors of the legitimate XMRig cryptominer, and cybersecurity firm Expel is now outlining the widening number of malicious ways they’re deploying the open-source tool against corporate IT operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/use-of-xmrig-cryptominer-by-threat-actors-expanding-expel/
-
Ni8mare: Kritische n8n-Lücke bedroht 100.000 Server
Tags: access, api, bug, cloud, cve, cvss, cyberattack, google, open-source, rce, remote-code-execution, update, vulnerabilityn8n-Anwender sollten ihre Systeme dringend patchen. Forscher warnen vor einer schwerwiegenden Sicherheitslücke. Forscher des Security-Anbieters Cyera haben eine schwerwiegende Schwachstelle in der Workflow-Automatisierungsplattform n8n entdeckt. Sie ermöglicht es Angreifern, beliebigen Code auszuführen. Auf diese Weise könnten sie die vollständige Kontrolle über die betroffene Umgebung übernehmen, so die Experten. Laut Forschungsbericht sind davon 100.000 Server betroffen.…
-
Product showcase: TrackerControl lets Android users see who’s tracking them
TrackerControl is an open-source Android application designed to give users visibility into and control over the hidden data within mobile apps. Many apps routinely … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/09/product-showcase-trackercontrol-for-android/
-
Free Docker Hardened Images challenge Chainguard
Docker calls out Chainguard by making all its hardened container images available free, while Chainguard expands its support for open source security. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366636656/Free-Docker-Hardened-Images-challenge-Chainguard
-
Inside Vercel’s sleep-deprived race to contain React2Shell
Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat-and-mouse patch fight, and a debate about open-source security coordination. First seen on cyberscoop.com Jump to article: cyberscoop.com/vercel-cto-security-react2shell-vulnerability/
-
The Myth of Linux Invincibility: Why Automated Patch Management is Key to Securing the Open Source Enterprise
Users and developers have hailed Linux as the operating system that >>just works,<< celebrating it for decades as a symbol of open source strength, speed, and security. Linux's architecture and permissions model have long helped maintain cybersecurity resilience, fostering a reputation for near-invincible security. However, without additional layers of security to protect enterprise environments beyond..…
-
The State of Trusted Open Source
Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half…
-
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.The list of vulnerabilities is as follows -CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated First seen on thehackernews.com Jump to…
-
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.The list of vulnerabilities is as follows -CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated First seen on thehackernews.com Jump to…
-
StackRox: Open-source Kubernetes security platform
Security teams spend a lot of time stitching together checks across container images, running workloads, and deployment pipelines. The work often happens under time pressure, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/08/stackrox-kubernetes-security-platform-open-source/
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions
Tags: automation, cloud, cve, cvss, exploit, flaw, open-source, rce, remote-code-execution, vulnerabilityOpen-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE).The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system.”Under certain conditions, an authenticated user may be able to cause untrusted code to be…
-
HackerOne ‘ghosted’ me for months over $8,500 bug bounty, says researcher
Long after CVEs issued and open source flaws fixed First seen on theregister.com Jump to article: www.theregister.com/2026/01/07/hackerone_ghosted_researcher/
-
New n8n Vulnerability Allows Attackers to Execute Arbitrary Commands
A critical vulnerability has been discovered in n8n, an open-source automation and workflow platform, that could allow authenticated users to execute arbitrary commands on vulnerable systems. The flaw, tracked as CVE-2025-68668, affects all n8n versions from 1.0.0 to 1.999.999 and has a CVSS score of 9.1, indicating severe risk. Attribute Details CVE ID CVE-2025-68668 Vulnerability…
-
AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026?
Tags: access, ai, api, application-security, attack, authentication, automation, business, ciso, cloud, compliance, computer, computing, container, control, crypto, cryptography, cyber, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, flaw, framework, governance, government, healthcare, iam, identity, infrastructure, injection, LLM, malicious, metric, monitoring, network, nist, open-source, oracle, regulation, resilience, risk, service, skills, software, strategy, supply-chain, threat, tool, vulnerability, vulnerability-management, waf, zero-day, zero-trustAI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026? madhav Tue, 01/06/2026 – 04:44 If we think 2025 has been fast-paced, it’s going to feel like a warm-up for the changes on the horizon in 2026. Every time this year, Thales experts become cybersecurity oracles and predict where the industry is…
-
Critical n8n Vulnerability Allows Arbitrary Command Execution (CVE-2025-68668)
A newly disclosed n8n vulnerability has been confirmed to allow authenticated users to execute arbitrary system commands on affected servers. The issue, tracked as CVE-2025-68668, has been assigned a CVSS score of 9.9, placing it firmly in the critical severity range. The flaw impacts the open-source workflow automation platform n8n and affects a broad range of deployed versions. First…
-
New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands
A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host.The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure.It affects…
-
GHOSTCREW: AI-Powered Red Team Toolkit Integrating Metasploit, Nmap, and More
A new open-source tool is bridging the gap between artificial intelligence and offensive security operations. GHOSTCREW is an advanced AI red team assistant that leverages Large Language Models (LLMs), Model Context Protocol (MCP), and Retrieval-Augmented Generation (RAG) to automate complex penetration testing tasks through simple natural language commands. Unlike standard chatbots that simply provide code snippets,…
-
OpenAEV: Open-source adversarial exposure validation platform
OpenAEV is an open source platform designed to plan, run, and review cyber adversary simulation campaigns used by security teams. The project focuses on organizing exercises … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/05/openaev-open-source-adversarial-exposure-validation-platform/
-
RondoDox Botnet Exploiting Devices With React2Shell Flaw
The Campaign Compromises Open-Source Vulnerability to Hack IoT Devices at Scale. Security firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed, open-source React framework across a variety of devices since December. The security firm attributed the campaign to RondoDox. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rondodox-botnet-exploiting-devices-react2shell-flaw-a-30436
-
NDSS 2025 “¢ Decentralized Infrastructure For Sharing Trusted Encrypted Facts And Nothing More
Session 7C: Secure Protocols Authors, Creators & Presenters: Sofia Celi (Brave Software), Alex Davidson (NOVA LINCS & Universidade NOVA de Lisboa), Hamed Haddadi (Imperial College London & Brave Software), Gonçalo Pestana (Hashmatter), Joe Rowell (Information Security Group, Royal Holloway, University of London) PAPER DiStefano: Decentralized Infrastructure for Sharing Trusted Encrypted Facts and Nothing More We…
-
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs
MongoBleed (CVE-2025-14847) lets attackers remotely leak memory from unpatched MongoDB servers using zlib compression, without authentication. A critical vulnerability, CVE-2025-14847 (MongoBleed), was disclosed right after Christmas, an unwelcome “gift” for the cybersecurity community, impacting MongoDB Server deployments that use zlib network compression. MongoDB is a popular open-source NoSQL database used to store and manage data…
-
Duplicati: Free, open-source backup client
Duplicati is an open source backup client that creates encrypted, incremental, compressed backup sets and sends them to cloud storage services or remote file servers. What the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/31/duplicati-free-open-source-backup-client/
-
New Open-Source C2 Framework AdaptixC2 Debuts With Improved Stability and Speed
The open-source community has received a major update with the release of AdaptixC2 Version 1.0. This new version brings significant enhancements to the Command and Control (C2) framework, with a focus on network stability, user interface (UI) performance, and operational speed. The most notable technical improvement in Version 1.0 is the complete overhaul of the…
-
Top 5 real-world AI security threats revealed in 2025
Tags: access, ai, api, attack, breach, chatgpt, cloud, control, credentials, cybercrime, data, data-breach, defense, email, exploit, flaw, framework, github, gitlab, google, injection, least-privilege, LLM, malicious, malware, microsoft, nvidia, open-source, openai, rce, remote-code-execution, risk, service, software, supply-chain, theft, threat, tool, vulnerabilityA critical remote code execution (RCE) in open-source AI agent framework Langflow that was also exploited in the wildAn RCE flaw in OpenAI’s Codex CLIVulnerabilities in NVIDIA Triton Inference ServerRCE vulnerabilities in major AI inference server frameworks, including those from Meta, Nvidia, Microsoft, and open-source projects such as vLLM and SGLangVulnerabilities in open-source compute framework…
-
Superagent: Open-source framework for guardrails around agentic AI
Superagent is an open-source framework for building, running, and controlling AI agents with safety built into the workflow. The project focuses on giving developers and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/29/superagent-framework-guardrails-agentic-ai/
-
MongoBleed Detector Launched to Identify Critical MongoDB Flaw (CVE-2025-14847)
Security researchers have released an open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting multiple MongoDB versions. The MongoBleed Detector, developed by Neo23x0, provides incident responders with an offline analysis capability to scan MongoDB logs for exploitation indicators without requiring network connectivity or additional agents. MongoBleed…
-
Webrat turns GitHub PoCs into a malware trap
The malicious payload and behavior: Beneath the polished README, the attackers dumped a password-protected ZIP linked in the repository. The archive password was hidden in file names, something easily missable by unsuspecting eyes. Inside, the key components include a decoy DLL, a batch file to launch the malware, and the primary executable (like rasmanesc.exe) capable…