Tag: open-source
-
9 unverzichtbare Open-Source-Security-Tools
Tags: attack, authentication, backdoor, blueteam, breach, ciso, cyersecurity, data-breach, encryption, incident response, intelligence, linux, mail, malware, monitoring, open-source, powershell, privacy, risk, software, sql, threat, tool, vulnerability, windowsDiese Open-Source-Tools adressieren spezifische Security-Probleme mit minimalem Footprint.Cybersicherheitsexperten verlassen sich in diversen Bereichen auf Open-Source-Lösungen nicht zuletzt weil diese im Regelfall von einer lebendigen und nutzwertigen Community gestützt werden. Aber auch weil es inzwischen Hunderte qualitativ hochwertiger, quelloffener Optionen gibt, um Breaches und Datenlecks auf allen Ebenen des Unternehmens-Stacks zu verhindern.Falls Sie nun gedanklich bereits…
-
Exploring Open Source and Compliance in Vulnerability Management
Discover how to leverage open-source tools for vulnerability management while meeting compliance requirements. Learn best practices for secure and compliant software development. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/exploring-open-source-and-compliance-in-vulnerability-management/
-
Cybersecurity Snapshot: Security Lags Cloud and AI Adoption, Tenable Report Finds, as CISA Lays Out Vision for CVE Program’s Future
Tags: access, ai, api, attack, automation, best-practice, breach, bug-bounty, business, cisa, cloud, communications, computer, control, cve, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, framework, google, governance, government, identity, infrastructure, intelligence, international, Internet, linkedin, mitre, network, nist, office, open-source, privacy, programming, RedTeam, resilience, risk, risk-management, service, skills, software, strategy, tactics, technology, threat, tool, update, vulnerabilityCheck out Tenable’s report detailing challenges and best practices for cloud and AI security. Plus, CISA rolled out a roadmap for the CVE Program, while NIST updated its guidelines for secure software patches. And get the latest on TLS/SSL security and AI attack disclosures! Here are five things you need to know for the week…
-
New Malvertising Campaign Exploits GitHub Repositories to Distribute Malware
A sophisticated malvertising campaign has been uncovered targeting unsuspecting users through “dangling commits” in a legitimate GitHub repository. Attackers are injecting promotional content for a counterfeit GitHub Desktop installer into popular development and open-source projects. When users download what appears to be the genuine client, the installer quietly delivers malicious payloads in the background, compromising…
-
Threat Actors Leveraging Open-Source AdaptixC2 in Real-world Attacks
In early May 2025, Unit 42 researchers observed multiple instances of AdaptixC2 being deployed to infect enterprise systems. Unlike many high-profile command-and-control (C2) platforms, AdaptixC2 has flown under the radar, with scant public documentation demonstrating its use in live adversary operations. Our research dissects AdaptixC2’s capabilities, deployment techniques, and evasion mechanisms to equip security teams…
-
OT security: Why it pays to look at open source
Tags: access, ai, attack, compliance, control, data, defense, detection, edr, endpoint, Hardware, intelligence, iot, microsoft, ml, monitoring, network, open-source, PCI, service, strategy, threat, tool, vulnerabilityOT security at the highest level thanks to open-source alternatives: Commercial OT security solutions such as those from Nozomi Networks, Darktrace, Forescout or Microsoft Defender for IoT promise a wide range of functions, but are often associated with license costs in the mid to high six-figure range per year. Such a high investment is often…
-
Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts
Adobe fixed a critical flaw in its Commerce and Magento Open Source platforms that allows an attacker to take over customer accounts. Adobe addressed a critical vulnerability, tracked as CVE-2025-54236 (aka SessionReaper, CVSS score of 9.1) in its Commerce and Magento Open Source platforms. The vulnerability is an improper input validation flaw. >>The bug, dubbed…
-
Garak: Open-source LLM vulnerability scanner
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/garak-open-source-llm-vulnerability-scanner/
-
Huge NPM Supply Chain Attack Goes Out With Whimper
Threat actors phished Qix’s NPM account, then used their access to publish poisoned versions of 18 popular open source packages accounting for more than 2 billion weekly downloads. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/huge-npm-supply-chain-attack-whimper
-
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts.The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input…
-
The npm incident frightened everyone, but ended up being nothing to fret about
Tags: open-sourceDisaster was averted after widely used open-source packages were compromised via social engineering. First seen on cyberscoop.com Jump to article: cyberscoop.com/open-source-npm-package-attack/
-
Open source security and sustainability remain unsolved problem
While software bills of materials offer some transparency over software components, they don’t solve the imbalance between corporate consumption of open source software and the lack of investment in its security and health First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630429/Open-source-security-and-sustainability-remain-unsolved-problem
-
Garak: Open-source LLM vulnerability scanner
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/garak-open-source-llm-vulnerability-scanner/
-
Garak: Open-source LLM vulnerability scanner
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/garak-open-source-llm-vulnerability-scanner/
-
Garak: Open-source LLM vulnerability scanner
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/garak-open-source-llm-vulnerability-scanner/
-
Huge NPM Supply-Chain Attack Goes Out With Whimper
Threat actors phished Qix’s NPM account, then used their access to publish poisoned versions of 18 popular open-source packages accounting for more than 2 billion weekly downloads. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/huge-npm-supply-chain-attack-whimper
-
Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of ” the most severe” flaws in the history of the product. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/adobe-patches-critical-sessionreaper-flaw-in-magento-ecommerce-platform/
-
Open Source MFA – privacyIDEA 3.12 bringt User Resolver für Entra ID und Keycloak
First seen on security-insider.de Jump to article: www.security-insider.de/neue-funktionen-privacyidea-open-source-mfa-3-12-a-450b2b51fc101b374489d3ef979ce512/
-
How AI and politics hampered the secure open-source software movement
Tech giants pledged millions to secure open-source code. Then AI came along. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/open-source-software-security-progress-roadblocks/758506/
-
How AI and politics hampered the secure open-source software movement
Tech giants pledged millions to secure open-source code. Then AI came along. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/open-source-software-security-progress-roadblocks/758506/
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Open Source Community Thwarts Massive npm Supply Chain Attack
What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source community First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-supply-chain-attack-averted/
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…