Tag: open-source
-
HashiCorp Vault & CyberArk Conjur kompromittiert
Tags: access, api, attack, authentication, cloud, credentials, cve, iam, identity, infrastructure, mfa, open-source, password, remote-code-execution, risk, service, software, tool, usa, vulnerabilitySecrets Management und Remote Code Exceution gehen nicht gut zusammen.In Enterprise-Umgebungen übersteigt die Anzahl nicht-menschlicher Identitäten (wie sie beispielsweise von Anwendungen und Maschinen verwendet werden), die Anzahl menschlicher Identitäten schätzungsweise um das 150-Fache. Damit sind Credential- oder Secrets-Management-Systeme eine kritische Komponente der IT-Infrastruktur. Umso fataler sind die Erkenntnisse, die Sicherheitsexperten des Identity-Spezialisten Cyata bei der…
-
Weg von Windows: Linux auf Business-Desktops und -Notebooks immer beliebter
Der treibende Faktor soll weniger der Wunsch nach Open-Source, sondern die Verbesserung der Sicherheitslage in Unternehmen sein. First seen on golem.de Jump to article: www.golem.de/news/weg-von-windows-linux-auf-business-desktops-und-notebooks-immer-beliebter-2508-198920.html
-
Microsoft promises to eventually make WinUI ‘truly open source’
Developer community skeptical following ‘long silent stagnation’ of the framework and accompanying SDK First seen on theregister.com Jump to article: www.theregister.com/2025/08/05/microsoft_winui_open_source/
-
Researchers uncover RCE attack chains in popular enterprise credential vaults
Tags: access, api, attack, authentication, cloud, credentials, cve, encryption, exploit, flaw, identity, infrastructure, login, malicious, mfa, open-source, password, ransomware, rce, remote-code-execution, risk, service, software, vulnerabilityFrom identity forgery to full RCE: An AWS instance identity typically corresponds to a hostname. But the researchers explored how this could be abused within Conjur’s resource model, which uses three parameters: Account (Conjur account name), Kind (resource type, host, user, variable, policy, etc.), and Identifier (unique resource name). These parameters are also used in…
-
Threat Actors Exploit Open-Source Vulnerabilities to Spread Malicious Code
Tags: ai, cyber, data, exploit, malicious, malware, open-source, pypi, software, supply-chain, threat, vulnerabilityFortiGuard Labs has reported a sustained trend in the exploitation of open-source software (OSS) repositories for malware dissemination within supply chain ecosystems. As development workflows increasingly depend on third-party packages, adversaries are capitalizing on vulnerabilities in platforms like NPM and PyPI to inject malicious code, facilitate data exfiltration, and inflict broader damage. Leveraging proprietary AI-driven…
-
Streamlit Vulnerability Exposes Users to Cloud Account Takeover Attacks
A critical security flaw in Streamlit, the popular open-source framework for building data applications, has been discovered that could allow cybercriminals to execute cloud account takeover attacks and manipulate financial data systems. The vulnerability, found in Streamlit’s file upload feature, demonstrates how a simple oversight in client-side validation can lead to devastating consequences for organizations…
-
BloodHound 8.0 debuts with major upgrades in attack path management
SpecterOps has released BloodHound 8.0, the latest iteration of its open-source attack path management platform, featuring major enhancements and expanded capabilities. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/05/bloodhound-8-0-open-source-attack-path-management-platform/
-
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers
Tags: ai, control, exploit, flaw, intelligence, linux, nvidia, open-source, remote-code-execution, windowsA newly disclosed set of security flaws in NVIDIA’s Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers.”When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote…
-
News alert: OpenSSL conference to convene experts on cryptograohy, compliance and open-source
Newark, NJ, Aug. 4, 2025, CyberNewswire”, Early Bird registration is now available for the inaugural OpenSSL Conference, scheduled for October 79, 2025, in Prague. The event will bring together leading voices in cryptography, secure systems, and open-source infrastructure. Early registrants… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/news-alert-openssl-conference-to-convene-experts-on-cryptograohy-compliance-and-open-source/
-
CISA releases Thorium, an open-source, scalable platform for malware analysis
Tags: access, ceo, cio, cisa, compliance, container, control, cyber, cybersecurity, data, docker, framework, github, governance, incident response, kubernetes, malware, open-source, privacy, risk, skills, toolRethinking malware analysis at scale: Enterprise-grade malware analysis tools and platforms have been widely used in the security community. But many of them require paid licenses, lack orchestration at scale, or are difficult to integrate with enterprise workflows. Experts view Thorium as a significant democratization of advanced malware analysis technology.”It is a big deal as…
-
âš¡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More
Malware isn’t just trying to hide anymore”, it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just…
-
Plattform für Austausch und Zertifizierungen – Sysdig startet Open Source Community
Tags: open-sourceFirst seen on security-insider.de Jump to article: www.security-insider.de/sysdig-startet-open-source-community-fuer-falco-wireshark-a-57904c1590c15f5de41e55e46d47fe59/
-
Pi-hole Data Breach Exposes Donor Emails Through WordPress Plugin Flaw
A trusted name in open-source privacy software is facing tough questions after a recent data breach exposed donor names and email addresses. Here’s what happened, why it matters, and what you need to know. What Happened? On July 28, 2025, members of the Pi-hole community reported suspicious emails sent to addresses used only for Pi-hole……
-
Open-source password recovery utility Hashcat 7.0.0 released
Hashcat is an open-source password recovery tool that supports five attack modes and more than 300 highly optimized hashing algorithms. It runs on CPUs, GPUs, and other … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/04/hashcat-open-source-password-recovery-7-0-0-released/
-
Another one bites the dust as KubeSphere kills open source edition
Company blames license violations and infrastructure changes for abrupt move First seen on theregister.com Jump to article: www.theregister.com/2025/08/01/kubesphere_open_source_edition/
-
OpenAI prepares new open weight models along with GPT-5
OpenAI isn’t just working on GPT-5. It looks like OpenAI is also preparing to release new open-source weights, living up to its name, OpenAI.’ First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/openai-prepares-new-open-weight-models-along-with-gpt-5/
-
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers
Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sonatype identified and blocked 234 malicious software packages deployed through both the npm and PyPI open-source…
-
CISA Releases Free Thorium Malware Analysis Tool
Thorium enhances cybersecurity teams’ defense capabilities by seamlessly integrating commercial, open-source, and custom tools used to analyze malware. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisa-releases-free-thorium-malware-analysis-tool
-
CloudReport 2025 Das neue Fundament der Cloud-Sicherheit steht auf drei Säulen
Sysdig hat seinen aktuellen Cloud-Defense-Report 2025 veröffentlicht. Der Bericht enthält Erkenntnisse und Prognosen über die entscheidende Rolle von KI, Open-Source und Transparenz durch Runtime-Insights (Laufzeit-Analysen) im Kontext aktueller Cloud-Bedrohungen. Die Datengrundlage stammt aus einer sorgfältigen und methodisch fundierten Analyse von Millionen von Cloud-Konten und Kubernetes-Containern, die Sysdig-Kunden täglich betreiben und sichern. Die repräsentative Stichprobe umfasst…
-
CISA released Thorium platform to support malware and forensic analysis
CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform…
-
Open Source: Proton bringt eigene Authenticator-App auf den Markt
Die quelloffene App ermöglicht sichere Log-ins per 2FA, eine verschlüsselte Synchronisation und ist ab sofort für alle gängigen Systeme verfügbar. First seen on golem.de Jump to article: www.golem.de/news/open-source-proton-bringt-eigene-authenticator-app-auf-den-markt-2508-198716.html
-
CISA Releases Thorium: Open-Source Malware and Forensics Tool Now Public
The Cybersecurity and Infrastructure Security Agency (CISA) has made a significant contribution to the cybersecurity community by publicly releasing Thorium, a powerful open-source platform designed to revolutionize malware analysis and digital forensics operations. This announcement marks a major milestone in democratizing advanced cybersecurity tools for organizations worldwide. Partnership with Sandia National Laboratories CISA, in partnership…
-
CISA open-sources Thorium platform for malware, forensic analysis
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-open-sources-thorium-platform-for-malware-forensic-analysis/
-
North Korean hackers target open-source repositories in new espionage campaign
In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain, like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-targeting-open-source-repositories
-
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/200-malicious-open-source-lazarus/
-
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data
Tags: apt, cyber, data, data-breach, detection, group, hacker, korea, lazarus, malicious, malware, north-korea, open-source, threatSonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malware packages attributed to this state-sponsored threat actor across popular open-source registries like npm and PyPI. These malicious…
-
How CISOs can scale down without compromising security
Tags: breach, business, ciso, compliance, control, cybersecurity, data, detection, finance, framework, gartner, governance, intelligence, jobs, metric, open-source, regulation, resilience, risk, soc, strategy, threat, tool, training, vulnerabilityStrategic risk (high, medium, low): What’s the actual exposure if this control fails?Business alignment: Which functions are enabling revenue, customer trust, or compliance?No-brainers: These are redundant tools, shelfware, or “security theatre” controls that look good on paper but deliver no measurable protection.For this assessment, Mahdi brings together a cross-functional team that includes business unit leaders,…
-
Prepping for the quantum threat requires a phased approach to crypto agility
Tags: access, ceo, ciso, computing, crypto, cryptography, cybersecurity, encryption, firmware, government, Hardware, identity, network, nist, open-source, software, supply-chain, threat, tool, vulnerabilityMissing pieces: Michael Smith, field CTO at DigiCert, noted that the industry is “yet to develop a completely PQC-safe TLS protocol.””We have the algorithms for encryption and signatures, but TLS as a protocol doesn’t have a quantum-safe session key exchange and we’re still using Diffie-Hellman variants,” Smith explained. “This is why the US government in…
-
Artemis: Open-source modular vulnerability scanner
Artemis is an open-source modular vulnerability scanner that checks different aspects of a website’s security and translates the results into easy-to-understand messages that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/30/artemis-open-source-modular-vulnerability-scanner/