Tag: open-source
-
Chekov: Open-source static code analysis tool
Checkov is an open-source tool designed to help teams secure their cloud infrastructure and code. At its core, it’s a static code analysis tool for infrastructure as code … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/chekov-open-source-static-code-analysis-tool-iac/
-
Chekov: Open-source static code analysis tool
Checkov is an open-source tool designed to help teams secure their cloud infrastructure and code. At its core, it’s a static code analysis tool for infrastructure as code … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/chekov-open-source-static-code-analysis-tool-iac/
-
OpenSSL patches 3 vulnerabilities, urging immediate updates
OpenSSL updates addressed 3 flaws enabling key recovery, code execution, and DoS attacks. Users are urged to update asap. The OpenSSL Project has released security updates to address three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232, in its open-source SSL/TLS toolkit. OpenSSL is an open-source library that provides encryption, decryption, hashing, and digital certificate management.…
-
Threat Actors Exploiting MS-SQL Servers to Deploy XiebroC2 Framework
A surge in attacks targeting improperly managed MS-SQL servers, culminating in the deployment of the open-source XiebroC2 command-and-control (C2) framework. Similar in functionality to legitimate tools like Cobalt Strike, XiebroC2 offers capabilities for information gathering, remote control, and defense evasion, making it an attractive option for threat actors seeking a cost-effective intrusion platform. In one…
-
Threat Actors Exploiting MS-SQL Servers to Deploy XiebroC2 Framework
A surge in attacks targeting improperly managed MS-SQL servers, culminating in the deployment of the open-source XiebroC2 command-and-control (C2) framework. Similar in functionality to legitimate tools like Cobalt Strike, XiebroC2 offers capabilities for information gathering, remote control, and defense evasion, making it an attractive option for threat actors seeking a cost-effective intrusion platform. In one…
-
The hidden risks inside open-source code
Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/30/hidden-risks-open-source-code-scanning/
-
The hidden risks inside open-source code
Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/30/hidden-risks-open-source-code-scanning/
-
Google’s dev registration plan ‘will end the F-Droid project’
Open source Android app store cannot exist if Google’s plans go ahead, says F-Droid board member First seen on theregister.com Jump to article: www.theregister.com/2025/09/29/googles_dev_registration_plan_will/
-
One line of malicious npm code led to massive Postmark email heist
MCP plus open source plus typosquatting “¦ what could possibly go wrong? First seen on theregister.com Jump to article: www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/
-
Chinese hackers breached critical infrastructure globally using enterprise network gear
Tags: access, backdoor, breach, business, china, communications, control, cve, defense, exploit, framework, germany, government, group, hacker, infrastructure, Internet, korea, law, malware, military, monitoring, network, open-source, penetration-testing, programming, service, threat, tool, update, vpn, vulnerability72-hour vulnerability exploitation window: RedNovember demonstrated the ability to weaponize newly disclosed vulnerabilities faster than most organizations could deploy patches, researchers found. When researchers published proof-of-concept code for Check Point VPN vulnerability CVE-2024-24919 on May 30, 2024, RedNovember was attacking vulnerable systems by June 3.That campaign hit at least 60 organizations across Brazil, Germany, Japan,…
-
XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics
Tags: api, control, detection, edr, encryption, injection, malware, monitoring, office, open-source, powershell, software, tacticsDodging sandboxes and scanners: The attackers relied on well-known evasion techniques throughout the chain, including API hashing to hide intent, API calls that bypass user-mode hooks installed by security software, and multiple encryption layers inside .NET DLLs.”The DLL file uses several encryption techniques for analysis to be difficult, such as RSACryptor, Virtualization, Fake.cctor, and many…
-
XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics
Tags: api, control, detection, edr, encryption, injection, malware, monitoring, office, open-source, powershell, software, tacticsDodging sandboxes and scanners: The attackers relied on well-known evasion techniques throughout the chain, including API hashing to hide intent, API calls that bypass user-mode hooks installed by security software, and multiple encryption layers inside .NET DLLs.”The DLL file uses several encryption techniques for analysis to be difficult, such as RSACryptor, Virtualization, Fake.cctor, and many…
-
XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics
Tags: api, control, detection, edr, encryption, injection, malware, monitoring, office, open-source, powershell, software, tacticsDodging sandboxes and scanners: The attackers relied on well-known evasion techniques throughout the chain, including API hashing to hide intent, API calls that bypass user-mode hooks installed by security software, and multiple encryption layers inside .NET DLLs.”The DLL file uses several encryption techniques for analysis to be difficult, such as RSACryptor, Virtualization, Fake.cctor, and many…
-
Forensic-timeliner: A Windows Forensics Tool for DFIR Investigators
Forensic-Timeliner is a fast, open-source command-line tool designed to help digital forensics and incident response (DFIR) teams quickly build a unified timeline of Windows artifacts. By automatically collecting, filtering, and merging CSV output from popular triage tools, it creates a mini timeline that is ready for analysis in tools like Timeline Explorer or Excel, as…
-
Forensic-timeliner: A Windows Forensics Tool for DFIR Investigators
Forensic-Timeliner is a fast, open-source command-line tool designed to help digital forensics and incident response (DFIR) teams quickly build a unified timeline of Windows artifacts. By automatically collecting, filtering, and merging CSV output from popular triage tools, it creates a mini timeline that is ready for analysis in tools like Timeline Explorer or Excel, as…
-
Firezone: Open-source platform to securely manage remote access
Firezone is an open-source platform that helps organizations of any size manage secure remote access. Unlike most VPNs, it uses a least-privileged model, giving users only the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/firezone-open-source-secure-remote-access-management/
-
Firezone: Open-source platform to securely manage remote access
Firezone is an open-source platform that helps organizations of any size manage secure remote access. Unlike most VPNs, it uses a least-privileged model, giving users only the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/firezone-open-source-secure-remote-access-management/
-
Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
Tags: 2fa, access, advisory, api, attack, authentication, breach, business, cisa, cisco, cloud, control, credentials, crime, cve, cyber, cybersecurity, data, defense, endpoint, exploit, fido, finance, firewall, framework, github, grc, guide, identity, incident response, infrastructure, Internet, ISO-27001, kev, law, lessons-learned, malicious, malware, mfa, mitigation, monitoring, network, open-source, phishing, privacy, ransomware, risk, saas, scam, security-incident, service, soc, software, supply-chain, tactics, threat, update, vpn, vulnerability, vulnerability-management, worm, zero-dayCISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack, patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more! Here are six things you need to…
-
Phishing Campaign Targets PyPI Maintainers with Fake Login Site
Fake PyPI login site phishing campaign threatens developer credentials and the open-source supply chain. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phishing-campaign-targets-pypi-maintainers-with-fake-login-site/
-
Shai-Hulud-Angriff: Schwachstellen in der Open-Source-Sicherheit
Open Source bildet das Fundament der digitalen Welt, doch aktuelle Ereignisse zeigen, wie anfällig die Lieferkette ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shai-hulud-angriff-schwachstellen-open-source
-
Shai-Hulud-Angriff: Schwachstellen in der Open-Source-Sicherheit
Open Source bildet das Fundament der digitalen Welt, doch aktuelle Ereignisse zeigen, wie anfällig die Lieferkette ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shai-hulud-angriff-schwachstellen-open-source
-
Shai-Hulud-Angriff: Schwachstellen in der Open-Source-Sicherheit
Open Source bildet das Fundament der digitalen Welt, doch aktuelle Ereignisse zeigen, wie anfällig die Lieferkette ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shai-hulud-angriff-schwachstellen-open-source
-
Delinea releases free open-source MCP server to secure AI agents
AI agents are becoming more common in the workplace, but giving them access to sensitive systems can be risky. Credentials often get stored in plain text, added to prompts, or … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/26/delinea-free-open-source-mcp-server/
-
How GitHub Is Securing the Software Supply Chain
In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the open-source software supply chain. The post How GitHub Is Securing the Software Supply Chain appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-github-security-npm-supply-chain/
-
JFrog entdeckt Shai-Hulud-Angriff: 164 kompromittierte npm-Pakete
Der Shai-Hulud-Angriff ist kein isoliertes Ereignis. Er ist Teil eines Musters, bei dem Angreifer die Diskrepanz zwischen der zentralen Bedeutung von Open-Source-Software und den begrenzten Ressourcen ihrer Maintainer ausnutzen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-entdeckt-shai-hulud-angriff-164-kompromittierte-npm-pakete/a42139/
-
AI coding assistants amplify deeper cybersecurity risks
Tags: access, ai, api, application-security, attack, authentication, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, data-breach, detection, fintech, flaw, governance, injection, leak, LLM, metric, open-source, programming, radius, risk, risk-management, service, software, startup, strategy, threat, tool, training, vulnerability‘Shadow’ engineers and vibe coding compound risks: Ashwin Mithra, global head of information security at continuous software development firm Cloudbees, notes that part of the problem is that non-technical teams are using AI to build apps, scripts, and dashboards.”These shadow engineers don’t realize they’re part of the software development life cycle, and often bypass critical…
-
Nosey Parker: Open-source tool finds sensitive information in textual data and Git history
Nosey Parker is an open-source command-line tool that helps find secrets and sensitive information hidden in text files. It works like a specialized version of grep, focused … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/24/nosey-parker-open-source-tool/
-
Nosey Parker: Open-source tool finds sensitive information in textual data and Git history
Nosey Parker is an open-source command-line tool that helps find secrets and sensitive information hidden in text files. It works like a specialized version of grep, focused … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/24/nosey-parker-open-source-tool/