Tag: open-source
-
Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm. First seen on wired.com Jump to article: www.wired.com/story/easyjson-open-source-vk-ties/
-
Open-Source Platforms Are More Secure Than Proprietary Ones
Elastic CEO Ash Kulkarni on How AI Transforms Security Data Analysis. Ash Kulkarni, CEO at Elastic, discussed how bug bounty projects and close scrutiny by millions of developers worldwide have made open-source projects more secure than proprietary solutions. He recommends open APIs and interoperability as the future of effective security solutions. First seen on govinfosecurity.com…
-
How OSINT supports financial crime investigations
In this Help Net Security interview, Stuart Clarke, CEO at Blackdot Solutions, discusses the strategic use of open-source intelligence (OSINT) in tackling financial crime. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/05/stuart-clarke-blackdot-solutions-financial-crime-osint/
-
Vuls: Open-source agentless vulnerability scanner
Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to solve the daily problems admins face when trying to keep servers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/05/vuls-open-source-agentless-vulnerability-scanner/
-
Open source AI hiring bots favor men, leave women hanging by the phone
Easy fix: Telling LLMs to cosplay Lenin makes ’em more gender blind First seen on theregister.com Jump to article: www.theregister.com/2025/05/02/open_source_ai_models_gender_bias/
-
Hackers Exploit New Eye Pyramid Offensive Tool With Python to Launch Cyber Attacks
Tags: attack, backdoor, control, cyber, exploit, group, hacker, infrastructure, network, open-source, ransomware, toolSecurity researchers from Intrinsec have published a comprehensive analysis revealing significant overlaps in infrastructure between multiple ransomware operations and the open-source offensive tool, Eye Pyramid. Their investigation, which began by examining a Python backdoor used by the RansomHub ransomware group, uncovered a network of interconnected command-and-control (C2) servers, bulletproof hosting providers, and shared toolsets fueling…
-
Redis ‘returns’ to open source with AGPL license
Tags: open-sourceNew plan may remain too restrictive for some developers First seen on theregister.com Jump to article: www.theregister.com/2025/05/01/redis_returns_to_open_source/
-
Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands
Tags: control, cyber, exploit, malicious, open-source, security-incident, service, supply-chain, threatA major supply chain security incident has rocked the Python open-source community as researchers at Socket’s Threat Research Team uncovered seven interconnected malicious packages published on the Python Package Index (PyPI). These packages Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb-were ingeniously designed to exploit Gmail’s SMTP service, establishing covert command-and-control tunnels and enabling attackers to execute…
-
Meta Unveils New Advances in AI Security and Privacy Protection
Alongside its new Meta AI app, Facebook’s parent company launched several new products to help secure open-source AI applications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/meta-new-advances-ai-security/
-
Open-Source-Cloud-Infrastrukturen – Neue Leitlinien für digitale Autonomie
First seen on security-insider.de Jump to article: www.security-insider.de/neue-leitlinien-fuer-digitale-autonomie-a-cdc41805020ff1b637d20597badb1596/
-
Hottest cybersecurity open-source tools of the month: April 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. GoSearch: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/01/hottest-cybersecurity-open-source-tools-of-the-month-april-2025/
-
Villain: Open-source framework for managing and enhancing reverse shells
Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells. Beyond simply handling connections, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/30/villain-managing-enhancing-shells/
-
CNAPP-Kaufratgeber
Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmware -
RSAC 2025 Keynote: Cisco open-sources AI security tools
First seen on scworld.com Jump to article: www.scworld.com/news/rsac-2025-keynote-cisco-open-sources-ai-security-tools
-
Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories
Tags: control, cyber, cybersecurity, hacker, infrastructure, linux, malicious, open-source, risk, software, toolCybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads and a Linux ELF Cobalt Strike beacon. The discovery, originating from a routine search for open-source proxy software, highlights the pervasive risks of unsecured infrastructure and the sophistication of modern cyber threats. Hunt’s continuous scanning of public IPv4…
-
Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software
A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest Uyghur diaspora organization, using a weaponized version of UyghurEditPP-a trusted open-source Uyghur language text editor. This incident exemplifies the technical evolution of digital transnational repression and the exploitation of cultural software by state-aligned threat actors, likely linked to the Chinese government.…
-
Introducing Mend’s Integration with Microsoft Defender for Cloud
Mend.io now integrates with Microsoft Defender for Cloud, bringing intelligent open source security insights into cloud workflows. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/introducing-mends-integration-with-microsoft-defender-for-cloud/
-
Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool
In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance.The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support…
-
Open source text editor poisoned with malware to target Uyghur users
Whoever could be behind this attack on an ethnic minority China despises? First seen on theregister.com Jump to article: www.theregister.com/2025/04/29/citizen_lab_uyghur_phishing_malware/
-
BSides SF: Using AI to spot shadow patches in open-source software
First seen on scworld.com Jump to article: www.scworld.com/news/bsides-sf-using-ai-to-spot-shadow-patches-in-open-source-software
-
Cisco Unveils Open Source AI Reasoning Model for Cybersecurity Use Cases
Cisco today at the 2025 RSA Conference revealed it is making available an open-source generative artificial intelligence (AI) reasoning model specifically designed to automate cybersecurity analytics and workflows, along with a set of controls for securing AI artifacts in software supply chains. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/cisco-unveils-open-source-ai-reasoning-model-for-cybersecurity-use-cases/
-
GoSearch: Open-source OSINT tool for uncovering digital footprints
GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/28/gosearch-open-source-osint/
-
RSAC Fireside Chat: The NDR evolution story”, from open source start to kill chain clarity
As enterprises brace for a new wave of stealthy intrusions, so-called Typhoon attacks, security leaders are doubling down on network intelligence that goes beyond surface-level alerts. Related: What is NDR? In this RSAC 2025 Fireside Chat, I sat… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/rsac-fireside-chat-the-ndr-evolution-story-from-open-source-start-to-kill-chain-clarity/
-
Data in Danger: Detecting Cross-Site Scripting in Grafana
Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/data-in-danger-detecting-cross-site-scripting-in-grafana/
-
Critical Langflow Flaw Enables Malicious Code Injection Technical Breakdown Released
Tags: ai, cve, cvss, cyber, endpoint, flaw, injection, malicious, open-source, remote-code-execution, risk, vulnerabilityA critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score of 9.8, has been uncovered in Langflow, an open-source platform widely used for visually designing AI-driven agents and workflows. This flaw, residing in the platform’s /api/v1/validate/code endpoint, poses a significant risk to organizations leveraging Langflow in their AI development ecosystems. The…
-
2025’s Top OSINT Tools: A Fresh Take on Open-Source Intel
Check out the top OSINT tools of 2025, an updated list featuring the best free and paid open-source… First seen on hackread.com Jump to article: hackread.com/2025-top-osint-tools-take-on-open-source-intel/