Tag: open-source
-
Open-source security group pulls out of U.S. grant, citing DEI restrictions
The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
-
Open-source security group pulls out of U.S. grant, citing DEI restrictions
The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
-
Open Source “b3” Benchmark to Boost LLM Security for Agents
The backbone breaker benchmark (b3) has been launched to enhance the security of LLMs within AI agents First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/open-source-b3-benchmark-security/
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
Ultimate Guide to Open Source Security: Risks, Attacks Defenses
Explore top risks and proven open source security strategies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/ultimate-guide-to-open-source-security-risks-attacks-defenses/
-
Proximity: Open-source MCP security scanner
Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/29/proximity-open-source-mcp-security-scanner/
-
A Major Leap Forward: FireTail Unveils New UI and Expansive AI Model Support to Secure Enable Enterprise AI Adoption FireTail Blog
Tags: access, ai, api, cloud, compliance, control, data, governance, incident response, intelligence, open-source, risk, service, tool, updateOct 28, 2025 – Alan Fagan – In the world of artificial intelligence, speed is the new security challenge. AI adoption is accelerating at an unprecedented rate, bringing transformative capabilities, and new risks, to the enterprise. As organizations race to leverage complex models from various providers, securing these fast-moving, multi-cloud environments is paramount.Today, we are…
-
A Major Leap Forward: FireTail Unveils New UI and Expansive AI Model Support to Secure Enable Enterprise AI Adoption FireTail Blog
Tags: access, ai, api, cloud, compliance, control, data, governance, incident response, intelligence, open-source, risk, service, tool, updateOct 28, 2025 – Alan Fagan – In the world of artificial intelligence, speed is the new security challenge. AI adoption is accelerating at an unprecedented rate, bringing transformative capabilities, and new risks, to the enterprise. As organizations race to leverage complex models from various providers, securing these fast-moving, multi-cloud environments is paramount.Today, we are…
-
IPFire 2.29 Released with Enhanced Intrusion Prevention System Reporting
The IPFire project has announced the release of version 2.29, Core Update 198, marking a significant milestone in the open-source firewall’s evolution. This update introduces transformative improvements to the Intrusion Prevention System, coupled with comprehensive reporting capabilities that fundamentally change how network administrators monitor and respond to security threats. New Features and Enhancements Real-Time Email…
-
IPFire 2.29 Released with Enhanced Intrusion Prevention System Reporting
The IPFire project has announced the release of version 2.29, Core Update 198, marking a significant milestone in the open-source firewall’s evolution. This update introduces transformative improvements to the Intrusion Prevention System, coupled with comprehensive reporting capabilities that fundamentally change how network administrators monitor and respond to security threats. New Features and Enhancements Real-Time Email…
-
Open-Source-Tools für Container-Sicherheit – Clair, Syft, Grype und Docker Bench for Security im Praxiseinsatz
First seen on security-insider.de Jump to article: www.security-insider.de/clair-syft-grype-docker-bench-for-security-a-e624fd62645e1e07ac400a91e41fbc8b/
-
Hackers steal Discord accounts with RedTiger-based infostealer
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-steal-discord-accounts-with-redtiger-based-infostealer/
-
Hackers steal Discord accounts with RedTiger-based infostealer
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-steal-discord-accounts-with-redtiger-based-infostealer/
-
Dependency-Track: Open-source component analysis platform
Software is a patchwork of third-party components, and keeping tabs on what’s running under the hood has become a challenge. The open-source platform Dependency-Track tackles … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/27/dependency-track-open-source-component-analysis-platform/
-
U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog
Tags: adobe, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, open-source, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below the list of flaws added to the…
-
Heisenberg: How We Learned to Stop Worrying and Love the SBOM
Turn SBOMs into supply chain defense with Heisenberg, an open source tool developed by Max Feldman and Yevhen Grinman. It stops risky pull requests (PRs) before they merge. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/heisenberg-how-we-learned-to-stop-worrying-and-love-the-sbom/
-
Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems
Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, chatgpt, china, ciso, cloud, computing, container, control, credentials, crime, cve, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, extortion, finance, flaw, framework, fraud, google, governance, government, group, guide, hacker, hacking, healthcare, iam, identity, incident response, intelligence, LLM, malicious, malware, mitigation, monitoring, network, open-source, openai, organized, phishing, ransom, risk, risk-management, russia, sans, scam, service, skills, soc, strategy, supply-chain, technology, theft, threat, tool, training, vulnerability, zero-trustAs organizations eagerly adopt AI, cybersecurity teams are racing to protect these new systems. In this special edition of the Cybersecurity Snapshot, we round up some of the best recent guidance on how to fend off AI attacks, and on how to safeguard your AI systems. Key takeaways Developers are getting new playbooks from groups…
-
New PDF Tool Detects Malicious Files Using PDF Object Hashing
Proofpoint has released a new open-source tool called PDF Object Hashing that helps security teams detect and track malicious files distributed as PDFs. The tool is now available on GitHub and represents a significant advancement in identifying suspicious documents used by threat actors in phishing campaigns, malware distribution, and business email compromise attacks. PDFs have…
-
Souverän in der Cloud: Adfinis und enclaive sichern die Software Supply Chain
Adfinis, ein international agierender IT-Dienstleister für Open-Source-Lösungen, und das deutsche Confidential-Computing-Unternehmen enclaive geben ihre neue Partnerschaft bekannt. Die Kooperation kombiniert moderne Verschlüsselungstechnologien mit einem durchgängigen IT-Lifecycle-Ansatz und stärkt die Sicherheit und Souveränität in Cloud-Umgebungen. Cyberattacken zielen immer häufiger auf die Software-Lieferkette: Angreifer schleusen Backdoors, Malware oder Schwachstellen in Open-Source-Komponenten ein, um sich später Zugang… First…
-
Souverän in der Cloud: Adfinis und enclaive sichern die Software Supply Chain
Adfinis, ein international agierender IT-Dienstleister für Open-Source-Lösungen, und das deutsche Confidential-Computing-Unternehmen enclaive geben ihre neue Partnerschaft bekannt. Die Kooperation kombiniert moderne Verschlüsselungstechnologien mit einem durchgängigen IT-Lifecycle-Ansatz und stärkt die Sicherheit und Souveränität in Cloud-Umgebungen. Cyberattacken zielen immer häufiger auf die Software-Lieferkette: Angreifer schleusen Backdoors, Malware oder Schwachstellen in Open-Source-Komponenten ein, um sich später Zugang… First…
-
Wireshark 4.6.0 brings major updates for packet analysis and decryption
If you’ve ever used Wireshark to dig into network traffic you know how vital even small upgrades can be. With version 4.6.0 the team behind the open-source network protocol … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/wireshark-4-6-0-released/
-
Wireshark 4.6.0 brings major updates for packet analysis and decryption
If you’ve ever used Wireshark to dig into network traffic you know how vital even small upgrades can be. With version 4.6.0 the team behind the open-source network protocol … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/wireshark-4-6-0-released/
-
Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)
Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source, Sansec researchers have warned. The company blocked … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/adobe-magento-cve-2025-54236-attack/
-
Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours.The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw…
-
Beware of the Risk of Open-Source License Changes
It is not uncommon for open source licenses to change. When licenses change, users often need to re-evaluate compliance risks. Take Redis as an example. Redis is a popular key-value store whose open source license has undergone changes from BSD to SSPL and then to AGPL, which has caused widespread discussion and controversy in the…The…
-
Beware of the Risk of Open-Source License Changes
It is not uncommon for open source licenses to change. When licenses change, users often need to re-evaluate compliance risks. Take Redis as an example. Redis is a popular key-value store whose open source license has undergone changes from BSD to SSPL and then to AGPL, which has caused widespread discussion and controversy in the…The…
-
CAASM and EASM: Top 12 attack surface discovery and management tools
Tags: access, ai, api, attack, automation, blockchain, business, cloud, control, corporate, credentials, cyber, cybersecurity, dark-web, data, data-breach, detection, dns, endpoint, exploit, framework, guide, hacking, HIPAA, incident response, infrastructure, intelligence, Internet, leak, marketplace, microsoft, monitoring, network, open-source, PCI, risk, risk-assessment, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityCAASM and EASM tools for attack surface discovery and management: Periodic scans of the network are no longer sufficient for maintaining a hardened attack surface. Continuous monitoring for new assets and configuration drift are critical to ensure the security of corporate resources and customer data.New assets need to be identified and incorporated into the monitoring…
-
OpenFGA: The open-source engine redefining access control
OpenFGA is an open-source, high-performance, and flexible authorization engine inspired by Google’s Zanzibar system for relationship-based access control. It helps developers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/22/openfga-open-source-access-control/