Tag: open-source

Meta open-sources AI tool to automatically classify sensitive documents

Jun 5, 2025 8:54 AM

Tags: ai, open-source, tool

Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/05/meta-open-source-automated-sensitive-document-classification-tool/
Open-source code repos open to supply chain attacks, researchers warn

Jun 4, 2025 11:54 PM

Tags: attack, open-source, supply-chain

First seen on scworld.com Jump to article: www.scworld.com/news/open-source-code-repos-open-to-supply-chain-attacks-researchers-warn
Automation you can trust: Cut backlogs without breaking builds

Jun 4, 2025 7:55 PM

Tags: automation, open-source, software, vulnerability
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Jun 4, 2025 4:55 PM

Tags: access, attack, linux, malware, network, open-source, rat, threat, tool, windows

Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems.According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments.”Chaos RAT is…
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Jun 4, 2025 1:55 PM

Tags: api, attack, crypto, data-breach, malicious, open-source, pypi, supply-chain, threat

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.The findings come from multiple reports published by Checkmarx, First seen on thehackernews.com…
The Texting Network for the End of the World

Jun 4, 2025 12:55 PM

Tags: network, open-source

Everyone knows what it’s like to lose cell service. A burgeoning open source project called Meshtastic is filling the gap for when you’re in the middle of nowhere”, or when disaster strikes. First seen on wired.com Jump to article: www.wired.com/story/youre-not-ready-for-phone-dead-zones/
Google patches third zero-day flaw in Chrome this year

Jun 3, 2025 10:55 PM

Tags: access, browser, chrome, cve, flaw, google, open-source, update, vulnerability, zero-day

Vulnerability in the JavaScript engine: The Chrome team described the vulnerability as an out of bounds memory read and write in V8, which is Chrome’s JavaScript and WebAssembly engine. The open-source V8 engine is used in other projects as well, including the Node.js runtime. Because the engine is designed to interpret and execute JavaScript and…
The high cost of misconfigured DevOps tools: Global cryptojacking hits enterprises

Jun 3, 2025 4:54 PM

Tags: access, api, attack, authentication, cloud, control, data-breach, docker, exploit, flaw, infrastructure, Internet, jobs, least-privilege, malware, open-source, service, software, tactics, threat, tool, unauthorized

Lockdown of DevOps exposure: Wiz urges organizations to lock down exposed DevOps infrastructure by following established best practices. For Nomad, enforcing access control lists (ACLs) would have blocked the unauthenticated job executions used in this campaign. Public Gitea instances should be fully patched, with git hooks disabled and the installation locked unless absolutely needed.In Consul,…
Android Security Update Addresses High-Severity Privilege Escalation Flaws

Jun 3, 2025 4:54 PM

Tags: android, cyber, flaw, open-source, update, vulnerability

The Android Security Bulletin for June 2025, published on June 2, details a series of high-severity vulnerabilities affecting a wide range of Android devices. Security patch levels of 2025-06-05 or later address all reported issues, with source code patches set for imminent release to the Android Open Source Project (AOSP) repository. The most critical vulnerability…
6 Best Open Source Password Managers for Windows in 2025

Jun 3, 2025 2:54 PM

Tags: open-source, password, windows

Discover the top open-source password managers for Windows. Learn about the features and benefits of each to determine which one is the best fit for your needs. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/best-password-manager-open-source-windows/
The high cost of misconfigured DevOps: Global cryptojacking hits enterprises

Jun 3, 2025 12:55 PM

Tags: access, api, attack, authentication, cloud, control, data-breach, docker, exploit, flaw, infrastructure, Internet, jobs, least-privilege, malware, open-source, service, software, tactics, threat, tool, unauthorized

Lockdown of DevOps exposure: Wiz urges organizations to lock down exposed DevOps infrastructure by following established best practices. For Nomad, enforcing access control lists (ACLs) would have blocked the unauthenticated job executions used in this campaign. Public Gitea instances should be fully patched, with git hooks disabled and the installation locked unless absolutely needed.In Consul,…
ThreatPlattformen ein Kaufratgeber

Jun 3, 2025 8:54 AM

Tags: ai, attack, automation, breach, cisa, cloud, crowdstrike, cyber, cyberattack, dark-web, deep-fake, dns, edr, exploit, finance, firewall, gartner, identity, incident response, intelligence, mail, malware, monitoring, network, open-source, phishing, risk, siem, soar, soc, threat, tool, vulnerability, zero-day

Threat-Intelligence-Plattformen erleichtern es, Bedrohungen zu durchdringen und wirksame Abwehrmaßnahmen zu ergreifen.Der erste Schritt zu einem soliden Enterprise-Security-Programm besteht darin, eine geeignete Threat-Intelligence-Plattform (TIP) auszuwählen. Fehlt eine solche Plattform, haben die meisten Security-Teams keine Möglichkeit, Tool-Komponenten miteinander zu integrieren und angemessene Taktiken und Prozesse zu entwickeln, um Netzwerke, Server, Applikationen und Endpunkte abzusichern. Aktuelle Bedrohungstrends machen…
Vet: Open-source software supply chain security tool

Jun 3, 2025 7:54 AM

Tags: open-source, risk, software, supply-chain, tool

Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/03/vet-open-source-software-supply-chain-security-tool/
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
Microsoft Open Sources GitHub Copilot: A New Era for AI Coding

Jun 2, 2025 3:54 PM

Tags: ai, github, microsoft, open-source

Microsoft opens the GitHub Copilot Chat extension under the MIT license, revolutionizing AI coding tools. Learn more about this game-changing move! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/microsoft-open-sources-github-copilot-a-new-era-for-ai-coding/
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux

Jun 2, 2025 1:54 PM

Tags: attack, cyber, linux, malicious, open-source, pypi, supply-chain, tactics, windows

Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats. Cross-Ecosystem Typo-Squatting…
New Study Reveals Vulnerable Code Pattern Putting GitHub Projects at Risk of Path Traversal Attacks

Jun 2, 2025 10:54 AM

Tags: access, attack, cyber, github, open-source, risk, software, vulnerability

A comprehensive research study has identified a widespread path traversal vulnerability (CWE-22) affecting 1,756 open-source GitHub projects, some of which are highly influential in the software ecosystem. The vulnerability, present in a commonly used Node.js code pattern for creating static HTTP file servers, enables attackers to access files outside of restricted locations, potentially compromising confidentiality…
Week in review: NIST proposes new vulnerabilities metric, flaws in NASA’s open source software

Jun 1, 2025 10:55 AM

Tags: flaw, metric, nist, open-source, software, vulnerability, WeeklyReview

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerabilities found in NASA’s open source software Vulnerabilities in open … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/01/week-in-review-nist-proposes-new-vulnerabilities-metric-flaws-in-nasas-open-source-software/
Hackers are exploiting critical flaw in vBulletin forum software

May 30, 2025 9:55 PM

Tags: exploit, flaw, hacker, open-source, software, vulnerability

Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-flaw-in-vbulletin-forum-software/
DeepSeek Upgrade Edges Model Closer to AI’s Frontline

May 30, 2025 8:55 PM

Tags: ai, china, intelligence, open-source, openai, startup

New Open-Source Model Rivals OpenAI, While Treading Beijing’s Red Line. Artificial intelligence startup DeepSeek released Thursday an updated version of its flagship reasoning model months after its Chinese origin sent shockwaves through industry. The model is a glimpse into high-performance systems being trained and deployed under norms governed by Beijing. First seen on govinfosecurity.com Jump…
Genetic Data: Emerging Cyberthreats and Privacy Concerns

May 30, 2025 7:55 PM

Tags: ai, attack, cybercrime, data, exploit, intelligence, open-source, privacy, software, tool

It’s only a matter of time before cybercriminals begin to use artificial intelligence-enabled tools, open-source software and other technologies to launch attacks to exploit sensitive genetic data, said Nicholas Morris, a practice manager at security firm Optiv. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/genetic-data-emerging-cyberthreats-privacy-concerns-i-5478
Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates

May 30, 2025 3:55 PM

Tags: cyber, flaw, monitoring, open-source, update, vulnerability

A critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source monitoring platform. The flaw, affecting installations built with OpenSSL versions older than 1.1.0, could allow attackers to obtain valid certificates from the Icinga Certificate Authority (CA), potentially impersonating trusted nodes and compromising monitoring environments. Security updates have been released in versions…
Void Blizzard nimmt NATO-Organisationen ins Visier

May 30, 2025 12:55 PM

Tags: access, api, authentication, blizzard, cloud, cyberattack, cyberespionage, edr, fido, framework, governance, government, hacker, intelligence, mail, malware, mfa, microsoft, open-source, passkey, password, phishing, risk, siem, spear-phishing, threat, tool, ukraine

Russische Hacker ändern ihre Taktik von Passwort-Spraying zu Phishing, aber ihre Ziele innerhalb der NATO bleiben gleich.Seit über einem Jahr hat es eine neue Cyberspionage-Gruppe, die mit der russischen Regierung in Verbindung stehen soll, auf Unternehmen aus verschiedenen Branchen innerhalb der NATO abgesehen. Die Gruppe wird von Microsoft Threat Intelligence ‘Void Blizzard” genannt. Die niederländischen…
Why privacy in blockchain must start with open source

May 30, 2025 8:58 AM

Tags: blockchain, finance, network, open-source, privacy

Traditionally, trust came from centralized institutions. Banks, payment networks, and clearinghouses are closed systems. Users cannot see the inner workings, but they rely on … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/30/open-source-blockchain-privacy/
Streamline SCA with Sonatype’s build-safe automation

May 29, 2025 5:55 PM

Tags: automation, open-source, risk, software
Critical Argo CD Flaw Exposes Kubernetes Clusters to Full Resource Manipulation

May 29, 2025 2:55 PM

Tags: cve, cyber, exploit, flaw, kubernetes, open-source, tool, vulnerability

A critical cross-site scripting (XSS) vulnerability, officially tracked as CVE-2025-47933 and GHSA-2hj5-g64g-fp6p, has been identified in Argo CD, a widely used open-source GitOps tool for Kubernetes. This flaw affects the repository URL handling mechanism in the Argo CD user interface, specifically due to improper validation of URL protocols in the ui/src/app/shared/components/urls.ts file. Attackers can exploit…
Woodpecker: Red Teaming Tool Targets AI, Kubernetes, and API Vulnerabilities

May 29, 2025 10:55 AM

Tags: ai, api, cyber, cyberattack, hacker, kubernetes, open-source, RedTeam, tool, vulnerability

Operant AI has announced the release of Woodpecker, an open-source automated red teaming engine designed to make advanced security testing accessible to organizations of all sizes. Traditionally, red teaming”, simulated cyberattacks conducted by ethical hackers to uncover vulnerabilities”, has been a privilege reserved for large enterprises with significant security budgets. With Woodpecker, Operant AI aims…
Questions mount as Ivanti tackles another round of zero-days

May 28, 2025 11:55 PM

Tags: exploit, ivanti, open-source, vulnerability, zero-day

The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-epmm-defects-exploited/
Mistral Launches Devstral: Open-Source LLM for Coding Agents

May 28, 2025 6:54 PM

Tags: LLM, open-source, software

Discover Mistral’s Devstral, an open-source LLM revolutionizing software engineering automation. Explore its features and download today! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/mistral-launches-devstral-open-source-llm-for-coding-agents/
Woodpecker: Open-source red teaming for AI, Kubernetes, APIs

May 28, 2025 7:54 AM

Tags: ai, api, kubernetes, open-source, RedTeam, tool

Woodpecker is an open-source tool that automates red teaming, making advanced security testing easier and more accessible. It helps teams find and fix security weaknesses in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/28/woodpecker-open-source-red-teaming/