Tag: open-source
-
Google patches Gemini CLI tool after prompt injection flaw uncovered
README.md GNU Public License file of the sort that would be part of any open source repo.The researchers then uncovered a combination of smaller weaknesses that could be exploited together to run malicious shell commands without the user’s knowledge. The first weakness is that Gemini CLI sensibly allows users to allowlist frequent commands, for example,…
-
Entwickler-Tool von Amazon verseucht
Tags: access, ai, cloud, cyberattack, cybersecurity, github, governance, hacker, injection, monitoring, open-source, risk, supply-chain, tool, update, vulnerabilityAuch die leistungsstärksten KI-Tools sind kontraproduktiv, wenn sie nicht richtig abgesichert sind. Einem Hacker ist es gelungen, zerstörerische Systembefehle in die Visual-Studio-Code-Extension einzuschleusen, die für den Zugriff auf Amazons KI-gestützten Programmierassistenten Q verwendet wird. Der Angreifer konnte das Entwickler-Tool (mit mehr als 950.000 Installationen) über ein nicht-verifiziertes GitHub-Konto verseuchen: Er reichte Ende Juni 2025 einen…
-
Werkzeug für automatisierte Datensicherung – BorgBackup: Open-Source-Backup mit Deduplizierung
First seen on security-insider.de Jump to article: www.security-insider.de/borgbackup-open-source-backup-mit-deduplizierung-a-0f7815c8de218e0b0b7cba64ccd24cc5/
-
Vulnhuntr: Open-source tool to identify remotely exploitable vulnerabilities
Vulnhuntr is an open-source tool that finds remotely exploitable vulnerabilities. It uses LLMs and static code analysis to trace how data moves through an application, from … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/28/vulnhuntr-open-source-tool-identify-remotely-exploitable-vulnerabilities/
-
Microsoft-owned GitHub: Open source needs funding. Ya think?
‘Industry, national governments, and the EU’ must pay for maintainers. El Reg says charity shouldn’t start at home First seen on theregister.com Jump to article: www.theregister.com/2025/07/24/microsoftowned_github_says_open_source/
-
Intruder Open Sources Tool for Testing API Security
Intruder this week made available an open-source tool that scans application programming interfaces (APIs) for broken authorization vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/intruder-open-sources-tool-for-testing-api-security/
-
Supply-chain attacks on open source software are getting out of hand
Attacks affected packages, including one with ~2.8 million weekly downloads. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/
-
xonPlus Launches Real-Time Breach Alerting Platform For Enterprise Credential Exposure
Chennai, India, July 25th, 2025, CyberNewsWire xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly. Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands, xonPlus…
-
Autoswagger: Open-source tool to expose hidden API authorization flaws
Autoswagger is a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities. These flaws are still common, even at large enterprises … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/24/autoswagger-open-source-tool-expose-hidden-api-authorization-flaws/
-
Cervantes: Open-source, collaborative platform for pentesters and red teams
Cervantes is an open-source collaborative platform built for pentesters and red teams. It offers a centralized workspace to manage projects, clients, vulnerabilities, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/23/cervantes-open-source-collaborative-platform-pentesters-red-teams/
-
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks.”As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers,” Matthew Suozzo, Google Open Source…
-
New Scanner Launched to Detect CVE-2025-53770 in SharePoint Servers
A cybersecurity researcher has released a new open-source scanner designed to detect a critical vulnerability affecting Microsoft SharePoint servers, providing organizations with a crucial tool to assess their security posture against the recently disclosed CVE-2025-53770 flaw. Rapid Response to Critical SharePoint Vulnerability Belgian cybersecurity freelancer Niels Hofmans, known by the GitHub handle >>hazcod,
-
Intel announces end of Clear Linux OS project, archives GitHub repos
The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/intel-announces-end-of-clear-linux-os-project-archives-github-repos/
-
Calico: Open-source solution for Kubernetes networking, security, and observability
Calico is an open-source unified platform that brings together networking, security, and observability for Kubernetes, whether you’re running in the cloud, on-premises, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/21/open-source-kubernetes-networking-security-observability/
-
Google Sues BadBox 2.0 Botnet Operators Behind 10 Million+ Infected Devices
Google has initiated legal proceedings against the operators of BadBox 2.0, identified as the largest botnet comprising internet-connected televisions and other devices. This botnet, uncovered through a collaborative effort with cybersecurity firms HUMAN Security and Trend Micro, has infected over 10 million uncertified devices running the Android Open Source Project (AOSP). Unlike certified Android systems…
-
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure.”The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android’s open-source software (Android Open Source Project), which lacks Google’s security protections,” First seen…
-
Office-Supportende: Makro-Desaster verhindern
Das Support-Ende für Office 2016 und 2019 naht. Wie steht’s um Ihre Makro-Richtlinien?Das bevorstehende Ende des Lebenszyklus von Windows 10 hält die IT-Teams in Unternehmen derzeit auf Trab. Allerdings stehen weitere wichtige End-of-Life-Termine für Microsoft-Produkte an, die IT- und Security-Teams auf dem Zettel haben sollten.Denn im Oktober endet sowohl der Support für Office 2016 und…
-
Tired of gaps in your security? These open-source tools can help
When it comes to spotting threats, security teams need tools that can pull data from all over and make it easier to analyze. In this article, we’ll take a look at some popular … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/17/open-source-threat-detection-solutions/
-
North Korea Floods npm Registry with Malware
67 Malicious Packages, XORIndex Loader Target JavaScript Code-Sharing Platform. North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm Registry as part of the ongoing Contagious Interview campaign. The malware targets open-source JavaScript developers with malware loaders. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korea-floods-npm-registry-malware-a-28990
-
Command-Line Editor Vim Hit by Vulnerability Allowing File Overwrites
A critical security vulnerability has been discovered in Vim, the popular open-source command-line text editor, that could allow attackers to overwrite arbitrary files on users’ systems. The vulnerability, designatedCVE-2025-53906, was published on July 15, 2025, and affects all versions of Vim prior to 9.1.1551. The security flaw stems from a path traversal issue within Vim’s…
-
Nearly 3 out of 4 Oracle Java users say they’ve been audited in the past 3 years
Big Red’s changes to Java licensing also inspire exodus to open source First seen on theregister.com Jump to article: www.theregister.com/2025/07/15/oracle_java_users_audited/
-
Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act
Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild.The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big…
-
Falco: Open-source cloud-native runtime security tool for Linux
Falco is an open-source runtime security tool for Linux systems, built for cloud-native environments. It monitors the system in real time to spot unusual activity and possible … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/falco-open-source-cloud-native-runtime-linux-security-tool/
-
AsyncRAT Spawns Concerning Labyrinth of Forks
Since surfacing on GitHub in 2019, AsyncRAT has become a poster child for how open source malware can democratize cybercrime, with a mazelike footprint of variants available across the spectrum of functionality. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/async-rat-labyrinth-forks
-
AsyncRAT seeds family of more than 30 remote access trojans
ESET researchers observed tens of thousands of machines infected with AsyncRAT and its variants over the past year. The open-source malware is a popular tool among cybercriminals. First seen on cyberscoop.com Jump to article: cyberscoop.com/asyncrat-malware-variants-eset/
-
AsyncRAT’s Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe
Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants.”AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a…
-
Wegen KI-Schrott: Curl-Entwickler erwägt Ende der Bug-Bounty-Prämien
Minderwertige Bug-Reports belasten Open-Source-Entwickler immer stärker. Curl-Maintainer Daniel Stenberg zieht nun radikale Maßnahmen in Erwägung. First seen on golem.de Jump to article: www.golem.de/news/wegen-ki-schrott-curl-entwickler-erwaegt-ende-der-bug-bounty-praemien-2507-198123.html
-
AsyncRAT evolves as ESET tracks its most popular malware forks
AsyncRAT is an open-source remote access trojan that first appeared on GitHub in 2019. It includes a range of typical RAT capabilities, such as keylogging, screen capture, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/15/asyncrat-forks-eset-research/
-
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks.The packages, per Socket, have attracted more than 17,000 downloads, and incorporate a previously undocumented version of a…
-
Putting AI-assisted ‘vibe hacking’ to the test
Tags: access, ai, attack, chatgpt, cyber, cybercrime, cybersecurity, data-breach, defense, exploit, hacking, least-privilege, LLM, network, open-source, strategy, threat, tool, vulnerability, zero-trustUnderwhelming results: For each LLM test, the researchers repeated each task prompt five times to account for variability in responses. For exploit development tasks, models that failed the first task were not allowed to progress to the second, more complex one. The team tested 16 open-source models from Hugging Face that claimed to have been…