Tag: open-source
-
Abliteration: Entfernung von Sicherheitsmechanismen in KI-Modellen immer einfacher
Frei verfügbare Tools erlauben es auch ohne technische Kenntnisse, Sicherheitsbarrieren in Open-Source-KI-Modellen zu umgehen. First seen on golem.de Jump to article: www.golem.de/news/abliteration-entfernung-von-sicherheitsmechanismen-in-ki-modellen-immer-einfacher-2605-209026.html
-
IT-Sicherheit: Wenn der Roboterschwarm das Haus durchsucht
Der Druck auf Unternehmen und Behörden wächst: mehr Angriffe, mehr Schwachstellen, mehr regulatorische Vorgaben. Gleichzeitig wird die IT-Landschaft immer unübersichtlicher durch Schatten-IT, veraltete Systeme oder fehlende Prozesse. Im Gespräch erklären KIX-CEO Rico Barth und Greenbone-CEO Elmar Geese, warum die Zahl der Sicherheitslücken explodiert, weshalb Open Source bei IT-Security ein Vertrauensfaktor ist und wieso… First seen…
-
Hackers Compromise 34 npm, PyPI, and Crates Packages in Major Supply Chain Attack
Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source packages and hundreds of associated versions. Security researchers at Socket are tracking the campaign as “TrapDoor,” a crypto-focused credential stealer designed to infiltrate developer environments and exfiltrate sensitive data. Cross-Ecosystem Supply Chain Attack The…
-
Hackers Compromise 34 npm, PyPI, and Crates Packages in Major Supply Chain Attack
Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source packages and hundreds of associated versions. Security researchers at Socket are tracking the campaign as “TrapDoor,” a crypto-focused credential stealer designed to infiltrate developer environments and exfiltrate sensitive data. Cross-Ecosystem Supply Chain Attack The…
-
OpenHack: Open-source AI-powered vulnerability research
Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/25/openhack-open-source-ai-powered-vulnerability-research/
-
Hackers Compromise Laravel-Lang Packages via 700 GitHub Repos
A sophisticated and active supply chain attack has struck the Laravel-Lang open-source organization, compromising over 700 historical package versions across four widely used PHP localization repositories. The attack, detected on May 22, 2026, and reported by both Aikido Security and the Socket Research Team, introduces a fully functional remote code execution (RCE) backdoor that executes automatically via Composer’s…
-
Socket raises $60 million for its open-source security platform
Tags: open-sourceFirst seen on scworld.com Jump to article: www.scworld.com/brief/socket-raises-60-million-for-its-open-source-security-platform
-
A hacker group is poisoning open source code at an unprecedented scale
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/05/a-hacker-group-is-poisoning-open-source-code-at-an-unprecedented-scale/
-
Megalodon Malware Rapidly Infects Over 5,500 GitHub Repositories
A newly identified malware campaign dubbed “Megalodon” has compromised more than 5,500 GitHub repositories, raising serious concerns about the security of open-source ecosystems. Security researchers from SafeDep report that the malware spreads through malicious code injections hidden inside seemingly legitimate projects, targeting developers who unknowingly download and execute infected files. Megalodon Malware Infects Github Repo…
-
CISA chief frets about open-source vulnerabilities, delayed security improvements
Acting director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements/
-
Microsoft open-sources tools for designing and testing AI agents
Microsoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous testing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/21/microsoft-open-sources-tools-for-designing-and-testing-ai-agents/
-
Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication Bypass
Tags: apache, authentication, business, cyber, flaw, open-source, password, rce, remote-code-execution, vulnerabilityA critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE) via a single HTTP request, affecting all versions before 24.09.06. Apache OFBiz RCE Flaw Apache OFBiz is an open-source Enterprise Resource Planning (ERP) platform used for managing business processes. When an administrator flags a…
-
Xi and Putin pledge closer cooperation on AI, cyberspace and satellite systems
In a lengthy joint statement, Moscow and Beijing pledged closer cooperation on satellite internet technologies and joint work on software development and open-source initiatives, part of a broader effort to reduce reliance on Western technology and build a more independent technological ecosystem capable of competing with countries both states consider “unfriendly.” First seen on therecord.media…
-
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations. First seen on wired.com Jump to article: www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/
-
Mini Shai-Hulud Hits @antv npm Packages, Targets CI/CD Secrets
An Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonstrates how deeply embedded open-source libraries can be weaponized to infiltrate modern development pipelines at scale. The…
-
GitHub Confirms Breach, 4K Internal Repos Stolen
Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor, TeamPCP, took credit. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-confirms-breach-4k-internal-repos-stolen
-
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents.RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents,…
-
Compromised coding tool helped hackers breach thousands of GitHub repositories
The attack is the latest example of hackers’ intense focus on open-source packages. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/github-hacked-repository-data/820722/
-
Critical ChromaDB Flaw Exposes AI Vector Databases to Remote Code Execution
The security issue tracked as CVE-2026-45829, often referred to in analysis as ChromaToast Served Pre-Auth, affects the open-source vector database ChromaDB. ChromaDB is widely used for semantic search and AI-driven retrieval workflows, where embedding models transform text into numerical vectors for similarity matching. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-45829-chromatoast-chromadb/
-
Critical ChromaDB Flaw Exposes AI Vector Databases to Remote Code Execution
The security issue tracked as CVE-2026-45829, often referred to in analysis as ChromaToast Served Pre-Auth, affects the open-source vector database ChromaDB. ChromaDB is widely used for semantic search and AI-driven retrieval workflows, where embedding models transform text into numerical vectors for similarity matching. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-45829-chromatoast-chromadb/
-
CVE Lite CLI: Open-source dependency vulnerability scanner
Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/20/cve-lite-cli-open-source-dependency-vulnerability-scanner/
-
FreePBX Security Flaw Lets Attackers Access User Portals
A critical security vulnerability has been discovered in FreePBX, a widely used open-source PBX platform, allowing unauthenticated attackers to access user portals under certain conditions. The flaw, tracked as CVE-2026-46376, carries a CVSS v4 base score of 9.1 and affects the User Control Panel (UCP) via the “userman” module. FreePBX Security Flaw According to an…
-
Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/hackers-have-compromised-dozens-of-popular-open-source-packages-in-an-ongoing-supply-chain-attack/
-
Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS”‘level backdoors and persisting in developer tools and CI pipelines. First seen on cyberscoop.com Jump to article: cyberscoop.com/mini-shai-hulud-malware-npm-packages-compromised-again/
-
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/hackers-have-compromised-dozens-of-popular-open-source-packages-in-an-ongoing-supply-chain-attack/
-
OverDoS in n8n Wie eine OAuth-Funktion über 70.000 Automatisierungsserver lahmlegen kann
Die Open-Source-Automatisierungsplattform n8n steht erneut im Fokus der Sicherheitsforschung. Diesmal geht es nicht um klassischen Remote Code Execution, sondern um eine besonders perfide Denial-of-Service-Schwachstelle mit dem Namen OverDoS. Sicherheitsforscher von Checkmarx zeigen, wie Angreifer ohne Authentifizierung ganze n8n-Instanzen gezielt mit Daten fluten und dadurch unbrauchbar machen können. Betroffen sind potenziell zehntausende öffentlich erreichbare Systeme. CVE-2026-42236:…
-
Grafana Labs Confirms Hackers Stole Source Code
Open source tool maker Grafana says hackers stole codebase via GitHub breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/grafana-labs-confirms-hackers/
-
New image-based prompt injection attack targets multimodal AI models
Researchers claim strong black-box transferability: The researchers evaluated the technique against multiple open-source LVLMs, including MiniGPT4, BLIP-2, InstructBLIP, BLIVA, and Qwen2.5-VL, the paper added.According to the paper, the attack achieved an average success rate of 66.36% across tested models, outperforming prior baseline attacks by roughly 41 percentage points.The researchers also said the technique demonstrated “strong…
-
Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom
The open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/18/open-source-tool-maker-grafana-labs-says-hackers-stole-its-code-refuses-to-pay-ransom/
-
Cyberkriminelle missbrauchen Openclaw-Workflows zur Verbreitung von Remcos-RAT und Ghostloader
Die Threatlabz-Researcher von Zscaler haben eine neuartige Angriffskampagne analysiert, die gezielt den wachsenden Einsatz von autonomen KI-Agenten Entwicklungs- und Unternehmensumgebungen ins Visier nimmt. Die Angreifer machen sich das Open-Source-Framework <> zunutze, das KI-Agenten zur Umsetzung komplexer Aufgaben mit weitreichenden Systemzugriffsrechten ausstattet. Das zur Automatisierung von Workflow entwickelte Rahmenwerk wird jetzt als gefährlicher Angriffsvektor instrumentalisiert. Im…