Tag: open-source
-
Happy Birthday Linux! 34 Years of Open-Source Power
August 25, 2025, marks the 34th anniversary of Linux, a project that began as a modest hobby and has grown into the bedrock of modern digital infrastructure. On this day in 1991, 21-year-old Finnish student Linus Torvalds posted to the comp.os.minix newsgroup: “I’m doing a (free) operating system (just a hobby, won’t be big and…
-
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux
Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/25/kopia-open-source-encrypted-backup-tool-windows-macos-linux/
-
Open Source AppLocker Policy Generator
Noch ein kleiner Fund aus dem Internet, der für Administratoren hilfreich sein kann, die mit AppLocker in Unternehmensumgebungen arbeiten, um Anwendungsrestriktionen zu setzen. Der AppLocker Policy Generator verspricht Systemadministratoren und Sicherheitsexperten bei der Erstellung und Verwaltung von AppLocker-Richtlinien zu unterstützen. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/24/applocker-policy-generator/
-
Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell.The “Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file,” Trellix researcher Sagar Bade said in a technical write-up.”The payload isn’t hidden inside the file content or a…
-
DARPA: Closing the Open Source Security Gap With AI
DARPA’s Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/darpa-closing-open-source-security-gap-ai
-
Google fixed Chrome flaw found by Big Sleep AI
Google Chrome 139 addressed a high-severity V8 flaw, tracked as CVE-2025-9132, found by Big Sleep AI Google Chrome 139 addressed a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8. The vulnerability is an out-of-bounds write issue in the V8 JavaScript engine that was discovered by Big Sleep AI.…
-
ASPM buyer’s guide: 7 products to help secure your applications
Tags: access, ai, api, application-security, attack, business, ceo, cloud, compliance, container, crowdstrike, data, detection, endpoint, exploit, gartner, google, guide, iam, identity, infrastructure, ivanti, marketplace, microsoft, monitoring, okta, open-source, oracle, programming, risk, software, supply-chain, threat, tool, vulnerability, vulnerability-managementProtect the software development lifecycle (SDLC) and supply chain pipelinesAutomate software testingIntegrate with various applications to mitigate and remove various risksFeatures offered by ASPMs vary widely. As a result, tools can prove difficult to evaluate in terms of exactly what is being protected, what data and metadata is being collected to inform security judgments, and…
-
LudusHound: Open-source tool brings BloodHound data to life
LudusHound is an open-source tool that takes BloodHound data and uses it to set up a working Ludus Range for safe testing. It creates a copy of an Active Directory environment … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/ludushound-open-source-tool-bloodhound-data/
-
Okta open-sources catalog of Auth0 rules for threat detection
Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/okta-open-sources-catalog-of-auth0-rules-for-threat-detection/
-
PipeMagic Malware Imitates ChatGPT App to Exploit Windows Vulnerability and Deploy Ransomware
Tags: attack, backdoor, chatgpt, cve, cyber, exploit, malware, open-source, ransomware, threat, vulnerability, windowsThe PipeMagic malware, which is credited to the financially motivated threat actor Storm-2460, is a remarkable illustration of how cyber dangers are always changing. It poses as the genuine open-source ChatGPT Desktop Application from GitHub. This sophisticated modular backdoor facilitates targeted attacks by exploiting CVE-2025-29824, an elevation-of-privilege vulnerability in the Windows Common Log File System…
-
DARPA AI Cyber Challenge Winners Impress With Quick, Scalable Patching
Winners of DARPA’s AI Cyber Challenge proved AI can automate patching at scale. Their tools will go open source, offering defenders new power”, but also raising concerns about AI-fueled exploits. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/darpa-ai-cyber-challenge-winners-impress-with-quick-scalable-patching/
-
Hundreds of TeslaMate Servers Expose Real-Time Vehicle Data
A security researcher has discovered that hundreds of self-hosted TeslaMate servers are exposing sensitive Tesla vehicle data to the public internet without any authentication, revealing real-time location tracking, charging patterns, and driving habits of unsuspecting owners. TeslaMate is a popular open-source data logger that connects to Tesla’s official API to collect detailed vehicle telemetry including…
-
Agentic AI promises a cybersecurity revolution, with asterisks
Tags: ai, api, authentication, ceo, ciso, cloud, control, cybersecurity, data, endpoint, infrastructure, jobs, LLM, open-source, openai, risk, service, soc, software, supply-chain, technology, tool, update, vulnerabilityTrust, transparency, and moving slowly are crucial: Like all technologies, and perhaps more dramatically than most, agentic AI carries both risks and benefits. One obvious risk of AI agents is that, like most LLM models, they will hallucinate or make errors that could cause problems.”If you want to remove or give agency to a platform…
-
Buttercup: Open-source AI-driven system detects and patches vulnerabilities
Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/buttercup-ai-vulnerability-scanner-open-source/
-
Buttercup: Open-source AI-driven system detects and patches vulnerabilities
Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/buttercup-ai-vulnerability-scanner-open-source/
-
Popular AI Systems Still a WorkProgress for Security
According to a recent Forescout analysis, open source models were significantly less successful in vulnerability research than commercial and underground models. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/popular-ai-systems-still-work-in-progress-security
-
How to detect Open Bullet 2 bots running in Puppeteer mode
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts using stolen credentials from data breaches. It supports both website and mobile application targets and has become a staple in the fraud ecosystem due to its flexibility, extensibility, and active First seen on securityboulevard.com Jump…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Utilities, Factories at Risk From Encryption Holes in Industrial Protocol
The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/utilities-factories-encryption-holes-industrial-protocol
-
SSHamble: New Open-Source Tool Targets SSH Protocol Flaws
Security researchers have unveiled SSHamble, a powerful new open-source tool designed to identify vulnerabilities and misconfigurations in SSH implementations across networks. Developed by HD Moore and Rob King, the tool represents a significant advancement in SSH security testing capabilities, addressing critical gaps in how organizations assess their secure shell infrastructure. SSH (Secure Shell) has become…
-
A Special Diamond Is the Key to a Fully Open Source Quantum Sensor
Tags: open-sourceQuantum sensors can be used in medical technologies, navigation systems, and more, but they’re too expensive for most people. That’s where the Uncut Gem open source project comes in. First seen on wired.com Jump to article: www.wired.com/story/fully-open-source-quantum-sensor-uncut-gem/
-
DARPA’s AI Cyber Challenge reveals winning models for automated vulnerability discovery and patching
The initiative seeks to patch vulnerabilities in open-source code before they are exploited by would-be attackers. Now comes the hard part, putting the systems to the test in the real world. First seen on cyberscoop.com Jump to article: cyberscoop.com/darpa-ai-cyber-challenge-winners-def-con-2025/
-
BSidesSF 2025: Using AI To Discover Silently Patched Vulnerabilities In Open Source
Creator/Author/Presenter: Mackenzie Jackson Our deep appreciation to Security BSides – San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube channel. Additionally, the organization is welcoming…
-
HashiCorp Vault 0-Day Flaws Enable Remote Code Execution Attacks
Tags: attack, authentication, cve, cyber, flaw, open-source, remote-code-execution, vulnerability, zero-dayResearchers at Cyata have disclosed nine previously unknown zero-day vulnerabilities in HashiCorp Vault, a widely adopted open-source secrets management platform, enabling attackers to bypass authentication, escalate privileges, and achieve remote code execution (RCE). These flaws, assigned CVEs through responsible disclosure and patched in collaboration with HashiCorp, stem from subtle logic errors in core components like…
-
Securing the AI Era: Sonatype Safeguards Open Source Software Supply Chains
Open source drives modern software”, but with innovation comes risk. Learn how Sonatype secures the software supply chain to enable safer, faster delivery. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/securing-the-ai-era-sonatype-safeguards-open-source-software-supply-chains/
-
HashiCorp Vault & CyberArk Conjur kompromittiert
Tags: access, api, attack, authentication, cloud, credentials, cve, iam, identity, infrastructure, mfa, open-source, password, remote-code-execution, risk, service, software, tool, usa, vulnerabilitySecrets Management und Remote Code Exceution gehen nicht gut zusammen.In Enterprise-Umgebungen übersteigt die Anzahl nicht-menschlicher Identitäten (wie sie beispielsweise von Anwendungen und Maschinen verwendet werden), die Anzahl menschlicher Identitäten schätzungsweise um das 150-Fache. Damit sind Credential- oder Secrets-Management-Systeme eine kritische Komponente der IT-Infrastruktur. Umso fataler sind die Erkenntnisse, die Sicherheitsexperten des Identity-Spezialisten Cyata bei der…
-
HashiCorp Vault & CyberArk Conjur kompromittiert
Tags: access, api, attack, authentication, cloud, credentials, cve, iam, identity, infrastructure, mfa, open-source, password, remote-code-execution, risk, service, software, tool, usa, vulnerabilitySecrets Management und Remote Code Exceution gehen nicht gut zusammen.In Enterprise-Umgebungen übersteigt die Anzahl nicht-menschlicher Identitäten (wie sie beispielsweise von Anwendungen und Maschinen verwendet werden), die Anzahl menschlicher Identitäten schätzungsweise um das 150-Fache. Damit sind Credential- oder Secrets-Management-Systeme eine kritische Komponente der IT-Infrastruktur. Umso fataler sind die Erkenntnisse, die Sicherheitsexperten des Identity-Spezialisten Cyata bei der…