Tag: open-source
-
RIFT: Open-Source Rust Malware Analyzer Released by Microsoft
Tags: cyber, cybercrime, exploit, intelligence, malware, microsoft, open-source, programming, rust, threat, toolAs cybercriminals and nation-state actors increasingly turn to the Rust programming language for malware development, Microsoft’s Threat Intelligence Center has unveiled a powerful new open-source tool called RIFT to help security analysts combat this growing threat. Rust, renowned for its speed, memory safety, and robustness, is now being exploited for its advantages in creating malware…
-
RIFT: New open-source tool from Microsoft helps analyze Rust malware
Microsoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/30/rift-open-source-microsoft-tool-analyze-rust-malware/
-
Cloudflare open-sources Orange Meets with End-to-End encryption
Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudflare-open-sources-orange-meets-with-end-to-end-encryption/
-
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit.The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to…
-
6 key trends redefining the XDR market
Tags: access, ai, apache, attack, cloud, country, crowdstrike, cybersecurity, data, detection, edr, endpoint, framework, identity, incident response, infrastructure, intelligence, marketplace, microsoft, ml, monitoring, msp, mssp, network, office, open-source, ransomware, service, siem, soc, sophos, threat, toolXDR-as-a-service on the rise: A fully staffed SOC is out of reach for many organizations and that’s why the rise of XDR-as-a-service reflects growing demand for managed, scalable security capabilities.”With stretched teams and expanding attack surfaces, many organizations are turning to trusted providers to deliver round-the-clock detection and response,” says Santiago Pontiroli, lead security researcher…
-
Open VSX Marketplace Flaw Enables Millions of Developers at Risk of Supply Chain Attacks
Tags: attack, control, cyber, cybersecurity, flaw, marketplace, open-source, risk, supply-chain, vulnerabilityA newly disclosed critical vulnerability in the Open VSX Registry, the open-source marketplace for Visual Studio Code (VS Code) extensions, has put millions of developers worldwide at risk of devastating supply chain attacks. The flaw, discovered by cybersecurity researchers at Koi Security, could have allowed attackers to seize control of the entire extensions marketplace, enabling…
-
French city of Lyon ditching Microsoft for open source office and collab tools
Ingredients of future software salade Lyonnaise will include Linux, PostgreSQL, and OnlyOffice First seen on theregister.com Jump to article: www.theregister.com/2025/06/26/lyon_leaving_microsoft/
-
Open-source tools leveraged to compromise African financial sector
First seen on scworld.com Jump to article: www.scworld.com/brief/open-source-tools-leveraged-to-compromise-african-financial-sector
-
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access.Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where “CL” refers to “cluster” and “CRI” stands for “criminal…
-
Google’s Gemini CLI brings open-source AI agents to developers
Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/26/google-gemini-cli-open-source-ai-agents/
-
Kanister: Open-source data protection workflow management tool
Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/26/kanister-open-source-data-protection-workflow-management-tool/
-
Hackers Use Open-Source Offensive Cyber Tools to Attack Financial Businesses in Africa
The threat actor used a combination of open-source and publicly available tools to establish their attack framework First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-financial-businesses-africa/
-
NVIDIA Megatron LM Flaw Allows Attackers to Inject Malicious Code
NVIDIA has issued an urgent security update for its open-source Megatron-LM framework, following the discovery of two critical vulnerabilities that could allow attackers to inject and execute malicious code on affected systems. The flaws, tracked as CVE-2025-23264 and CVE-2025-23265, impact all platforms running Megatron-LM versions prior to 0.12.0 and have prompted a swift response from…
-
LLMs hype versus reality: What CISOs should focus on
Tags: ai, attack, backdoor, breach, business, chatgpt, ciso, cloud, control, corporate, cyber, cybercrime, cybersecurity, data, finance, governance, LLM, malware, monitoring, network, open-source, risk, risk-management, sans, service, software, supply-chain, technology, threat, tool, vulnerabilitynot using AI even though there is a lot of over-hype and promise about its capability. That said, organizations that don’t use AI will get left behind. The risk of using AI is where all the FUD is.”In terms of applying controls, rinse, wash, and repeat the processes you followed when adopting cloud, BYOD, and…
-
Google Cloud Donates A2A Protocol to Linux Foundation for Smarter, Secure Communication
In a landmark move for the artificial intelligence industry, Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, marking a significant step toward open, secure, and interoperable communication between AI agents. The announcement was made at the Open Source Summit North America, where the Linux Foundation unveiled the formation of the Agent2Agent…
-
Reconmap: Open-source vulnerability assessment, pentesting management platform
Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/24/reconmap-open-source-vulnerability-assessment-pentesting-management-platform/
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
A severe cryptographic vulnerability in the popular open-source Meshtastic project allows attackers to decrypt private messages and hijack nodes across LoRa mesh networks. This flaw stems from duplicated encryption keys and insufficient randomness during key generation. The issue affects multiple hardware platforms and poses significant risks to users relying on Meshtastic for secure off-grid communication…
-
Mattermost Vulnerabilities Let Attackers Execute Remote Code Via Path Traversal
Mattermost, a widely-used open-source collaboration platform, has recently disclosed critical vulnerabilities in its software that could allow attackers to execute remote code through path traversal exploits. As detailed on the official Mattermost Security Updates page, these flaws have been identified through rigorous security reviews and penetration testing conducted by global security research communities, deploying organizations,…
-
Tonic Validate is now available on GitHub Marketplace!
Tonic Validate, our free, open-source library for evaluating RAG and LLM-based applications, can be run entirely as a GitHub Action. And it’s now available for quick deployment on GitHub Marketplace! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/tonic-validate-is-now-available-on-github-marketplace/
-
Tonic Validate is now on GitHub Marketplace! (Part 2)
Tonic Validate is a free, open-source library for evaluating RAG and LLM based applications. We recently announced a new listing on GitHub Marketplace that provides a GitHub Actions template to run Tonic Validate against code changes on every commit. Today, we’re following up with an additional listing that allows you to establish integration tests each…
-
LinuxFest Northwest: The Geology of Open Source
Author/Presenter: Hazel Weakly (Nivenly Foundation; Director, Haskell Foundation; Infrastructure Witch of Hachyderm) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via…
-
Malicious AI Agent in LangSmith May Have Exposed API Data
High-Severity Flaw in LangChain’s AI Tooling Hub Now Patched. A flaw in the LangSmith platform, an open-source framework that helps developers build LLM-powered applications, can enable hackers to siphon sensitive data, said Noma Security. Dubbed AgentSmith, the flaw can allow attackers to embed malicious proxy configurations into public AI agents. First seen on govinfosecurity.com Jump…
-
GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos
The campaign had a tell: ReversingLabs observed a few telling signs about the repositories that can help catch the infection at its source. “For the majority of the malicious repositories, the owner only has that (the malicious one) one repository listed under its GitHub account,” Simmons said. “This indicates that these kinds of user accounts…
-
Threat Actor Exploit GitHub and Hosted 60 GitHub Repositories with 100s of Malware
A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide, by hosting over 60 malicious repositories containing hundreds of trojanized Python files. Discovered by the ReversingLabs threat research team, this campaign represents a shift toward stealthier and more sophisticated tactics in open-source exploitation. Sophisticated Supply Chain…
-
Den Cloud Stack mit Open Source absichern – 9 Open-SourceSicherheitstools
First seen on security-insider.de Jump to article: www.security-insider.de/open-source-cloud-sicherheitstools-2025-a-a1bf3067075bf67000070982f96173f8/