Tag: open-source
-
OpenSSH 10.0 Released: New Protocol Changes and Key Security Improvements
The OpenSSH team has announced the release ofOpenSSH 10.0on April 9, marking an important milestone for one of the most widely-used open-source tools in secure communications. With significant protocol changes, security advancements, and new features, this version aims to provide enhanced protection and functionality for users worldwide. Key Security Improvements The OpenSSH 10.0 release introduces…
-
CodeSecure and FOSSA Partner to Deliver Single Integrated Platform for Binary and Open Source Analysis
Consolidated capabilities enable customers to create comprehensive software bill of materials and eliminate security blindspots across the software development lifecycle BETHESDA, Md., Apr. 9, 2025 CodeSecure, a leading global provider of application security testing (AST) solutions, and FOSSA, the complete software supply chain platform, today announced a strategic partnership and native product integration that”¦ First…
-
SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool
The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting scope since late December 2024. Initially, the group focused on infiltrating India’s government, defense, maritime sectors, and university students. Recent developments indicate an inclusion of crucial sectors like railways, oil & gas, and external affairs ministries into their cyber activities.…
-
OpenSSL prepares for a quantum future with 3.5.0 release
Tags: open-sourceThe OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that signal its evolution … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/09/openssl-3-5-0-released/
-
APTRS: Open-source automated penetration testing reporting system
APTRS is an open-source reporting tool built with Python and Django. It’s made for penetration testers and security teams who want to save time on reports. Instead of writing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/09/aptrs-open-source-automated-penetration-testing-reporting-system/
-
ProwlerPro secures $12.5M to advance open-source cloud security solutions
First seen on scworld.com Jump to article: www.scworld.com/brief/prowlerpro-secures-12-5m-to-advance-open-source-cloud-security-solutions
-
Dangerous, Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube
The malware’s creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/windows-hijacking-neptune-rat-telegram-youtube
-
Apache Parquet Critical RCE via Deserialization (CVE-2025-30065)
Summary On April 5, 2025, a critical deserialization vulnerability (CVE-2025-30065) affecting Apache Parquet was disclosed. Apache Parquet is an open source, column-oriented data file format First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/04/08/apache-parquet-critical-rce-via-deserialization-cve-2025-30065/
-
Google’s Sec-Gemini v1 Takes on Hackers Outperforms Rivals by 11%
Tags: access, attack, cybersecurity, data, google, hacker, intelligence, mandiant, open-source, threat, vulnerabilitySec-Gemini v1 has access to real-time cybersecurity data from trusted sources including Google Threat Intelligence, Mandiant’s attack reports, and the Open Source Vulnerabilities database. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-sec-gemini-v1/
-
Open-Source-Security im Praxis-Check – Wazuh im Test: Flexibles SIEM mit XDR-Funktionen
First seen on security-insider.de Jump to article: www.security-insider.de/wazuh-open-source-siem-xdr-loesung-test-a-ba210f6ea5a61cdda169bfbf9b6f43f8/
-
The risks of entry-level developers over relying on AI
Tags: ai, attack, awareness, best-practice, cio, ciso, compliance, cybersecurity, exploit, jobs, law, malicious, open-source, programming, resilience, risk, skills, software, technology, threat, tool, training, update, vulnerabilityThe risks of blind spots, compliance and license violation: As generative AI becomes more embedded in software development and security workflows, cybersecurity leaders are raising concerns about the blind spots it can potentially introduce. “AI can produce secure-looking code, but it lacks contextual awareness of the organization’s threat model, compliance needs, and adversarial risk environment,”…
-
YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection
YES3 Scanner is an open-source tool that scans and analyzes 10+ different configuration items for your S3 buckets in AWS. This includes access such as public access via ACLs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/07/yes3-scanner-open-source-s3-security-scanner/
-
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
A newly discovered malicious PyPi package named ‘disgrasya’ that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/carding-tool-abusing-woocommerce-api-downloaded-34k-times-on-pypi/
-
Microsoft AI findet Schwachstellen in Open-Source-Boot-Loader
Microsoft hat seine AI-Lösung Microsoft Security CoPilot verwendet, um mehrere Boot-Loader, darunter den von Linux verwendeten Open-Source-Boot-Loader Grub, sowie U-boot und Barebox, auf Schwachstellen abzuklopfen. Dabei wurden gleich mehrere Schwachstellen entdeckt wobei die Verwendung von AI das Auffinden von … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/06/microsoft-ai-findet-schwachstellen-in-open-source-boot-loader/
-
Top 20 Best Open-Source SOC Tools in 2025
As cyber threats continue to evolve, Security Operations Centers (SOCs) require robust tools to detect, analyze, and respond to incidents effectively. Open-source SOC tools provide cost-effective, customizable, and community-supported solutions for organizations of all sizes. In this article, we’ll explore 20 notable open-source SOC tools for 2025, categorized by their functionalities. What Is An Open-Source…
-
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs.”The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular…
-
AI programming copilots are worsening code security and leaking more secrets
Tags: access, ai, api, application-security, attack, authentication, best-practice, breach, ceo, ciso, container, control, credentials, cybersecurity, data, data-breach, github, government, incident response, injection, least-privilege, LLM, monitoring, open-source, openai, password, programming, risk, skills, software, strategy, tool, training, vulnerabilityOverlooked security controls: Ellen Benaim, CISO at enterprise content mangement firm Templafy, said AI coding assistants often fail to adhere to the robust secret management practices typically observed in traditional systems.”For example, they may insert sensitive information in plain text within source code or configuration files,” Benaim said. “Furthermore, because large portions of code are…
-
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code
OpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security vulnerability that could allow attackers to crash servers and potentially execute remote code under certain conditions. The flaw, identified as CVE-2025-2704, affects OpenVPN servers using specific configurations and has been addressed in the newly released version OpenVPN 2.6.14. CVE-2025-2704: Overview The vulnerability is…
-
Apache Traffic Server Flaw Allows Request Smuggling Attacks
A critical vulnerability has been discovered in Apache Traffic Server (ATS), an open-source caching proxy server. Identified as CVE-2024-53868, this flaw enables attackers to exploit request smuggling via malformed chunked messages. Users of Apache Traffic Server are urged to upgrade to secure versions of the software immediately to mitigate potential risks. CVE-2024-53868 Details The vulnerability was…
-
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
A maximum severity security vulnerability has been disclosed in Apache Parquet’s Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances.Apache Parquet is a free and open-source columnar data file format that’s designed for efficient data processing and retrieval, providing support for complex data, high-performance First seen…
-
Evilginx stiehlt Zugangsdaten und trickst die Multi-Faktor-Authentifizierung aus
Eine böswillige Mutation des weit verbreiteten Nginx-Webservers erleichtert bösartige Adversary-in-the-Middle-Attacken. Sophos-X-Ops haben in einem Versuchsaufbau das kriminelle Potential von Evilginx analysiert und geben Tipps für den Schutz. Evilginx ist eine Malware, die auf dem legitimen und weit verbreiteten Open-Source-Webserver Nginx basiert. Sie kann dazu verwendet werden, Benutzernamen, Passwörter und Sitzungs-Token zu stehlen und sie bietet…
-
Evilginx: Die nginx-Mutation, die MFA-Schutz aushebelt
Sicherheitsforscher von Sophos X-Ops haben die Funktionsweise und das Gefährdungspotenzial von Evilginx untersucht. Die auf dem weit verbreiteten Open-Source-Webserver nginx basierende Malware stellt eine erhebliche Bedrohung für die IT-Sicherheit dar, indem sie gezielte Adversary-in-the-Middle (AitM)-Angriffe ermöglicht und dabei sogar Multi-Faktor-Authentifizierung (MFA) aushebeln kann. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/evilginx-nginx-mutation-mfa-schutz
-
Open Source vs. proprietäre Software – Nur mit Offenheit gelingt digitale Souveränität in Europa
First seen on security-insider.de Jump to article: www.security-insider.de/open-source-vs-proprietaere-software-peter-ganten-erklaert-a-f5d165ae509d467b552c4dd5d0a58ca2/
-
Open-source malware doubles, data exfiltration attacks dominate
There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/open-source-malware-index-q1-2025/
-
Vulnerabilities Expose Jan AI Systems to Remote Manipulation
Vulnerabilities in open source ChatGPT alternative Jan AI expose systems to remote, unauthenticated manipulation. The post Vulnerabilities Expose Jan AI Systems to Remote Manipulation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/vulnerabilities-expose-jan-ai-systems-to-remote-manipulation/
-
Mozilla is rolling Thundermail, a Gmail, Office 365 rival
Thunderbirds are Pro: Open-source email client to get message hosting, appointment scheduling, more First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/thunderbird_pay_services/
-
Leitfaden von Flashpoint – Open Source Intelligence in der Praxis umsetzen
First seen on security-insider.de Jump to article: www.security-insider.de/digitale-gefahren-reale-folgen-osint-cyberangriffe-a-c892ad92f75c876b04fe1adae49f5b43/
-
Prince Ransomware An Automated Open-Source Ransomware Builder Freely Available on GitHub
Tags: attack, cyber, cybercrime, cybersecurity, exploit, github, healthcare, open-source, programming, ransomware, toolThe cybersecurity landscape has witnessed a concerning development with the emergence of >>Prince Ransomware,