Tag: open-source
-
Sophos Counter Threat Unit vereitelt Cyberangriff mit Forensik-Tool
Das Counter Threat Unit™ (CTU) Team von Sophos hat einen Cyberangriff vereitelt, bei dem Kriminelle das Tool “Velociraptor”, ein eigentlich seriöses Open-Source-Programm für digitale Forensik, missbrauchten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-counter-threat-unit-vereitelt-cyberangriff-mit-forensik-tool/a41834/
-
Streit um Digitale Souveränität – Schlagabtausch zwischen BSI-Chefin und Open Source Community
First seen on security-insider.de Jump to article: www.security-insider.de/bsi-praesidentin-plattner-digitale-souveraenitaet-kritik-a-a21ce446fbb2157ce5648a48b77a2d5e/
-
Anthropic detects the inevitable: genAI-only attacks, no humans involved
Tags: ai, attack, business, ciso, control, cybercrime, cybersecurity, defense, dns, infrastructure, injection, intelligence, malicious, malware, open-source, openai, RedTeam, threat, tool, warfarenot find.”There is potentially a lot of this activity we’re not seeing. Anthropic being open about their platform being used for malicious activities is significant, and OpenAI has recently shared the same as well. But will others open up about what is already likely happening?” Brunkard asked. “Or maybe they haven’t shared because they don’t…
-
Hottest cybersecurity open-source tools of the month: August 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Buttercup: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/27/hottest-cybersecurity-open-source-tools-of-the-month-august-2025/
-
Attackers steal data from Salesforce instances via compromised AI live chat tool
What Salesloft Drift users should do next: The GTIG report and the Salesloft advisories include indicators of compromise such as IP addresses used by the attackers and User-Agent strings for the tools they used to access the data. Mandiant advises companies to also search logs for any activity from known Tor exit nodes in addition…
-
New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station
A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB).The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), relies on a new open-source software toolkit…
-
BSI-Doppelstrategie für digitale Souveränität
BSI-Präsidentin Claudia Plattner: “Je mehr vertrauenswürdige Produkte verfügbar sind, desto souveräner können wir entscheiden und desto sicherer wird die digitale Zukunft.” ECBEine sichere Verwendung digitaler Produkte zu ermöglichen, sieht die Präsidentin des Bundesamtes für Sicherheit in der Informationstechnik (BSI), Claudia Plattner, als staatliche Aufgabe. “Als Cybersicherheitsbehörde Deutschlands ist es unser Anspruch, Menschen und Organisationen nicht…
-
Happy Birthday Linux! 34 Years of Open-Source Power
August 25, 2025, marks the 34th anniversary of Linux, a project that began as a modest hobby and has grown into the bedrock of modern digital infrastructure. On this day in 1991, 21-year-old Finnish student Linus Torvalds posted to the comp.os.minix newsgroup: “I’m doing a (free) operating system (just a hobby, won’t be big and…
-
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux
Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/25/kopia-open-source-encrypted-backup-tool-windows-macos-linux/
-
Open Source AppLocker Policy Generator
Noch ein kleiner Fund aus dem Internet, der für Administratoren hilfreich sein kann, die mit AppLocker in Unternehmensumgebungen arbeiten, um Anwendungsrestriktionen zu setzen. Der AppLocker Policy Generator verspricht Systemadministratoren und Sicherheitsexperten bei der Erstellung und Verwaltung von AppLocker-Richtlinien zu unterstützen. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/24/applocker-policy-generator/
-
Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell.The “Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file,” Trellix researcher Sagar Bade said in a technical write-up.”The payload isn’t hidden inside the file content or a…
-
DARPA: Closing the Open Source Security Gap With AI
DARPA’s Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/darpa-closing-open-source-security-gap-ai
-
Google fixed Chrome flaw found by Big Sleep AI
Google Chrome 139 addressed a high-severity V8 flaw, tracked as CVE-2025-9132, found by Big Sleep AI Google Chrome 139 addressed a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8. The vulnerability is an out-of-bounds write issue in the V8 JavaScript engine that was discovered by Big Sleep AI.…
-
ASPM buyer’s guide: 7 products to help secure your applications
Tags: access, ai, api, application-security, attack, business, ceo, cloud, compliance, container, crowdstrike, data, detection, endpoint, exploit, gartner, google, guide, iam, identity, infrastructure, ivanti, marketplace, microsoft, monitoring, okta, open-source, oracle, programming, risk, software, supply-chain, threat, tool, vulnerability, vulnerability-managementProtect the software development lifecycle (SDLC) and supply chain pipelinesAutomate software testingIntegrate with various applications to mitigate and remove various risksFeatures offered by ASPMs vary widely. As a result, tools can prove difficult to evaluate in terms of exactly what is being protected, what data and metadata is being collected to inform security judgments, and…
-
LudusHound: Open-source tool brings BloodHound data to life
LudusHound is an open-source tool that takes BloodHound data and uses it to set up a working Ludus Range for safe testing. It creates a copy of an Active Directory environment … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/ludushound-open-source-tool-bloodhound-data/
-
Okta open-sources catalog of Auth0 rules for threat detection
Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/okta-open-sources-catalog-of-auth0-rules-for-threat-detection/
-
PipeMagic Malware Imitates ChatGPT App to Exploit Windows Vulnerability and Deploy Ransomware
Tags: attack, backdoor, chatgpt, cve, cyber, exploit, malware, open-source, ransomware, threat, vulnerability, windowsThe PipeMagic malware, which is credited to the financially motivated threat actor Storm-2460, is a remarkable illustration of how cyber dangers are always changing. It poses as the genuine open-source ChatGPT Desktop Application from GitHub. This sophisticated modular backdoor facilitates targeted attacks by exploiting CVE-2025-29824, an elevation-of-privilege vulnerability in the Windows Common Log File System…
-
DARPA AI Cyber Challenge Winners Impress With Quick, Scalable Patching
Winners of DARPA’s AI Cyber Challenge proved AI can automate patching at scale. Their tools will go open source, offering defenders new power”, but also raising concerns about AI-fueled exploits. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/darpa-ai-cyber-challenge-winners-impress-with-quick-scalable-patching/
-
Agentic AI promises a cybersecurity revolution, with asterisks
Tags: ai, api, authentication, ceo, ciso, cloud, control, cybersecurity, data, endpoint, infrastructure, jobs, LLM, open-source, openai, risk, service, soc, software, supply-chain, technology, tool, update, vulnerabilityTrust, transparency, and moving slowly are crucial: Like all technologies, and perhaps more dramatically than most, agentic AI carries both risks and benefits. One obvious risk of AI agents is that, like most LLM models, they will hallucinate or make errors that could cause problems.”If you want to remove or give agency to a platform…
-
Hundreds of TeslaMate Servers Expose Real-Time Vehicle Data
A security researcher has discovered that hundreds of self-hosted TeslaMate servers are exposing sensitive Tesla vehicle data to the public internet without any authentication, revealing real-time location tracking, charging patterns, and driving habits of unsuspecting owners. TeslaMate is a popular open-source data logger that connects to Tesla’s official API to collect detailed vehicle telemetry including…
-
Buttercup: Open-source AI-driven system detects and patches vulnerabilities
Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/buttercup-ai-vulnerability-scanner-open-source/
-
Buttercup: Open-source AI-driven system detects and patches vulnerabilities
Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/buttercup-ai-vulnerability-scanner-open-source/
-
Popular AI Systems Still a WorkProgress for Security
According to a recent Forescout analysis, open source models were significantly less successful in vulnerability research than commercial and underground models. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/popular-ai-systems-still-work-in-progress-security
-
How to detect Open Bullet 2 bots running in Puppeteer mode
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts using stolen credentials from data breaches. It supports both website and mobile application targets and has become a staple in the fraud ecosystem due to its flexibility, extensibility, and active First seen on securityboulevard.com Jump…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Utilities, Factories at Risk From Encryption Holes in Industrial Protocol
The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/utilities-factories-encryption-holes-industrial-protocol
-
SSHamble: New Open-Source Tool Targets SSH Protocol Flaws
Security researchers have unveiled SSHamble, a powerful new open-source tool designed to identify vulnerabilities and misconfigurations in SSH implementations across networks. Developed by HD Moore and Rob King, the tool represents a significant advancement in SSH security testing capabilities, addressing critical gaps in how organizations assess their secure shell infrastructure. SSH (Secure Shell) has become…
-
A Special Diamond Is the Key to a Fully Open Source Quantum Sensor
Tags: open-sourceQuantum sensors can be used in medical technologies, navigation systems, and more, but they’re too expensive for most people. That’s where the Uncut Gem open source project comes in. First seen on wired.com Jump to article: www.wired.com/story/fully-open-source-quantum-sensor-uncut-gem/