Tag: open-source
-
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads.According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It’s assessed that the malware is being propagated through First…
-
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads.According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It’s assessed that the malware is being propagated through First…
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, monitoring, open-source, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Grafana flaw, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. Grafana is an open-source platform for monitoring and observability. This flaw is a directory traversal vulnerability affecting versions…
-
Nagios: Open-source monitoring solution
Nagios is an open-source monitoring solution, now included as part of the robust Nagios Core Services Platform (CSP). It delivers end-to-end visibility across the entire IT … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/10/nagios-open-source-monitoring-solution/
-
Legit tools, illicit uses: Velociraptor, Nezha turned against victims
Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/09/velociraptor-nezha-attackers-misuse/
-
Threat Actors Exploit DFIR Tool Velociraptor in Ransomware Attacks
Tags: access, attack, cisco, cyber, exploit, incident response, open-source, ransomware, software, threat, toolCisco Talos has confirmed that ransomware operators are now leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool, to gain stealthy, persistent access and deploy multiple ransomware variants against enterprise environments. This marks the first definitive linkage between Velociraptor and ransomware operations, underscoring a shift in how threat actors incorporate legitimate security software…
-
Velociraptor leveraged in ransomware attacks
Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to threat actor Storm-2603, based on overlapping tools First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/
-
Velociraptor leveraged in ransomware attacks
Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to threat actor Storm-2603, based on overlapping tools First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/
-
IT Aktuelle Ransomware-Bedrohung ‘Yurei” ist ein Open-Source-Projekt
First seen on security-insider.de Jump to article: www.security-insider.de/aktuelle-ransomware-bedrohung-yurei-ist-ein-open-source-projekt-a-eaebffe977f73819da9c0911db446738/
-
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets.The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log…
-
China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-actors-nezha-open-source-tool
-
China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-actors-nezha-open-source-tool
-
China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-actors-nezha-open-source-tool
-
Open-source monitor turns into an off-the-shelf attack beacon
Tags: api, apt, attack, china, control, hacker, malware, monitoring, open-source, powershell, ransomware, rat, RedTeam, russia, software, threat, tool, windowsRiding Nezha to Ghost RAT: With the web shell in place, the attackers used AntSword to download two components: “live.exe” (the Nezha agent) and a “config.yml” that pointed to the attacker-controlled domain. The Nezha agent connected back to a management server whose dashboard was running in Russian, presumably to throw off attribution.Once Nezha was active,…
-
Autonomous AI hacking and the future of cybersecurity
Tags: ai, cyber, cyberattack, cybersecurity, defense, framework, hacking, offense, open-source, programming, reverse-engineering, risk, risk-management, saas, software, tool, update, vulnerabilityThe AI-assisted evolution of cyberdefense: AI technologies can benefit defenders as well. We don’t know how the different technologies of cyber-offense and cyber-defense will be amenable to AI enhancement, but we can extrapolate a possible series of overlapping developments.Phrase One: The Transformation of the Vulnerability Researcher. AI-based hacking benefits defenders as well as attackers. In…
-
Autonomous AI hacking and the future of cybersecurity
Tags: ai, cyber, cyberattack, cybersecurity, defense, framework, hacking, offense, open-source, programming, reverse-engineering, risk, risk-management, saas, software, tool, update, vulnerabilityThe AI-assisted evolution of cyberdefense: AI technologies can benefit defenders as well. We don’t know how the different technologies of cyber-offense and cyber-defense will be amenable to AI enhancement, but we can extrapolate a possible series of overlapping developments.Phrase One: The Transformation of the Vulnerability Researcher. AI-based hacking benefits defenders as well as attackers. In…
-
DefectDojo: Open-source DevSecOps platform
DefectDojo is an open-source tool for DevSecOps, application security posture management (ASPM), and vulnerability management. It helps teams manage security testing, track … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/08/defectdojo-open-source-devsecops-platform/
-
DefectDojo: Open-source DevSecOps platform
DefectDojo is an open-source tool for DevSecOps, application security posture management (ASPM), and vulnerability management. It helps teams manage security testing, track … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/08/defectdojo-open-source-devsecops-platform/
-
FreePBX SQL Injection Vulnerability Leads to Database Tampering
A critical SQL injection vulnerability in FreePBX, designated as CVE-2025-57819, has been actively exploited by attackers to modify the database and achieve arbitrary code execution on vulnerable systems. The vulnerability affects the popular open-source PBX platform that provides a web-based administration interface for managing Asterisk VoIP systems across all supported versions including FreePBX 15, 16, and…
-
Google DeepMind launches an AI agent to fix code vulnerabilities automatically
Reactive and proactive security: The tool takes both reactive and proactive approaches to code security, Google DeepMind said. Reactively, it instantly patches new vulnerabilities. Proactively, it rewrites and secures existing code to eliminate entire classes of vulnerabilities.In one proactive example, Google DeepMind deployed CodeMender to apply -fbounds-safety annotations to parts of libwebp, a widely used…
-
The role of Artificial Intelligence in today’s cybersecurity landscape
AI is transforming cybersecurity”, from detecting phishing and insider threats to accelerating response. See how Waziuh, the open-source XDR and SIEM, integrates AI to turn raw security data into actionable insights and smarter threat hunting. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-role-of-artificial-intelligence-in-todays-cybersecurity-landscape/
-
Integrate Gemini CLI into Your Kali Terminal to Speed Up Pentesting Tasks
With the release of Kali Linux 2025.3, penetration testers and security professionals gain access to an innovative AI-powered assistant, the Gemini Command-Line Interface (CLI). This open-source package brings Google’s Gemini AI directly into the terminal, offering natural languagedriven automation for common pentesting workflows. The integration of Gemini CLI marks a significant leap forward in the…
-
Vibe Coding Is the New Open Source”, in the Worst Way Possible
As developers increasingly lean on AI-generated code to build out their software”, as they have with open source in the past”, they risk introducing critical security failures along the way. First seen on wired.com Jump to article: www.wired.com/story/vibe-coding-is-the-new-open-source/
-
Proxmox Mail Gateway: Open-source email security solution reaches version 9.0
First released in 2005, the open-source Proxmox Mail Gateway has become a widely adopted mail proxy, positioned between the firewall and the internal mail server to stop … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/06/proxmox-mail-gateway-open-source-email-security-solution/
-
Proxmox Mail Gateway: Open-source email security solution reaches version 9.0
First released in 2005, the open-source Proxmox Mail Gateway has become a widely adopted mail proxy, positioned between the firewall and the internal mail server to stop … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/06/proxmox-mail-gateway-open-source-email-security-solution/
-
Red Hat fesses up to GitLab breach after attackers brag of data theft
Open source giant admits intruders broke into dedicated consulting instance, but insists core products untouched First seen on theregister.com Jump to article: www.theregister.com/2025/10/03/red_hat_gitlab_breach/
-
Red Hat confirms breach of GitLab instance, which stored company’s consulting data
The open-source software company said exposure is limited to consulting engagements, adding that it hasn’t found evidence of personal or sensitive data theft. First seen on cyberscoop.com Jump to article: cyberscoop.com/red-hat-gitlab-attack-consulting-data/
-
Red Hat confirms breach of GitLab instance, which stored company’s consulting data
The open-source software company said exposure is limited to consulting engagements, adding that it hasn’t found evidence of personal or sensitive data theft. First seen on cyberscoop.com Jump to article: cyberscoop.com/red-hat-gitlab-attack-consulting-data/