Tag: open-source
-
Google open-sources privacy tech for age verification
Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/google-zero-knowledge-proofs-zkp/
-
Apache Seata Flaw Enables Deserialization of Untrusted Data
A newly disclosed vulnerability in Apache Seata, a popular open-source distributed transaction solution, has raised security concerns for organizations relying on affected versions. The flaw, tracked as CVE-2025-32897, enables the deserialization of untrusted data within the Seata server, potentially exposing systems to remote code execution and other security risks. Vulnerability Overview The vulnerability impactsApache Seata (incubating) versions 2.0.0…
-
GitPhish: Open-source GitHub device code flow security assessment tool
GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/gitphish-open-source-github-device-code-flow-security-assessment-tool/
-
ModSecurity WAF Vulnerability Enables DoS Using Empty XML Elements
A newly disclosed vulnerability in ModSecurity, a widely used open-source web application firewall (WAF), exposes servers to denial-of-service (DoS) attacks by exploiting a flaw in the way the software parses empty XML elements. The flaw, registered asCVE-2025-52891, affects ModSecurity versions2.9.8 to before 2.9.11and is rated with aCVSS v3 base score of 6.5 (moderate severity). Vulnerability…
-
Auf der Suche nach Alternativen zum CVE-Programm
Tags: advisory, ceo, cisa, cve, cvss, cyber, cyersecurity, exploit, github, google, group, infrastructure, intelligence, kev, microsoft, nist, nvd, open-source, oracle, ransomware, resilience, risk, siem, soar, software, supply-chain, threat, tool, update, vulnerability, vulnerability-management, zero-daySollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger.Der jüngste kurze Panikausbruch wegen der möglichen Einstellung des Common Vulnerabilities and Exposures (CVE)-Programms hat die starke Abhängigkeit der Sicherheitsbranche von diesem Programm deutlich gemacht. Er führte zu Diskussionen über Notfallstrategien , falls das standardisierte System zur Identifizierung und Katalogisierung von Schwachstellen nicht…
-
Secretless Broker: Open-source tool connects apps securely without passwords or keys
Secretless Broker is an open-source connection broker that eliminates the need for client applications to manage secrets when accessing target services like databases, web … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/02/secretless-broker-open-source-tool-connects-apps-securely/
-
OpenMSP Launches to Help MSPs Cut Costs with Open-Source Tools and AI Insights
First seen on scworld.com Jump to article: www.scworld.com/news/openmsp-launches-to-help-msps-cut-costs-with-open-source-tools-and-ai-insights
-
Microsoft open-sources VS Code Copilot Chat extension on GitHub
Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-open-sources-vs-code-copilot-chat-extension-on-github/
-
Blind Eagle Hackers Leverage Open-Source RATs and Ciphers to Evade Static Detection
Trustwave SpiderLabs has uncovered a chilling cyber threat targeting Latin American organizations, particularly in the financial sector, with a focus on Colombian institutions. The threat cluster, linked to the notorious Proton66 OOO infrastructure, employs a cunning mix of open-source Remote Access Trojans (RATs) and advanced obfuscation techniques to bypass static detection mechanisms. Unmasking a Sophisticated…
-
RIFT: Open-Source Rust Malware Analyzer Released by Microsoft
Tags: cyber, cybercrime, exploit, intelligence, malware, microsoft, open-source, programming, rust, threat, toolAs cybercriminals and nation-state actors increasingly turn to the Rust programming language for malware development, Microsoft’s Threat Intelligence Center has unveiled a powerful new open-source tool called RIFT to help security analysts combat this growing threat. Rust, renowned for its speed, memory safety, and robustness, is now being exploited for its advantages in creating malware…
-
RIFT: New open-source tool from Microsoft helps analyze Rust malware
Microsoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/30/rift-open-source-microsoft-tool-analyze-rust-malware/
-
Cloudflare open-sources Orange Meets with End-to-End encryption
Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudflare-open-sources-orange-meets-with-end-to-end-encryption/
-
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit.The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to…
-
6 key trends redefining the XDR market
Tags: access, ai, apache, attack, cloud, country, crowdstrike, cybersecurity, data, detection, edr, endpoint, framework, identity, incident response, infrastructure, intelligence, marketplace, microsoft, ml, monitoring, msp, mssp, network, office, open-source, ransomware, service, siem, soc, sophos, threat, toolXDR-as-a-service on the rise: A fully staffed SOC is out of reach for many organizations and that’s why the rise of XDR-as-a-service reflects growing demand for managed, scalable security capabilities.”With stretched teams and expanding attack surfaces, many organizations are turning to trusted providers to deliver round-the-clock detection and response,” says Santiago Pontiroli, lead security researcher…
-
Open VSX Marketplace Flaw Enables Millions of Developers at Risk of Supply Chain Attacks
Tags: attack, control, cyber, cybersecurity, flaw, marketplace, open-source, risk, supply-chain, vulnerabilityA newly disclosed critical vulnerability in the Open VSX Registry, the open-source marketplace for Visual Studio Code (VS Code) extensions, has put millions of developers worldwide at risk of devastating supply chain attacks. The flaw, discovered by cybersecurity researchers at Koi Security, could have allowed attackers to seize control of the entire extensions marketplace, enabling…
-
French city of Lyon ditching Microsoft for open source office and collab tools
Ingredients of future software salade Lyonnaise will include Linux, PostgreSQL, and OnlyOffice First seen on theregister.com Jump to article: www.theregister.com/2025/06/26/lyon_leaving_microsoft/
-
Open-source tools leveraged to compromise African financial sector
First seen on scworld.com Jump to article: www.scworld.com/brief/open-source-tools-leveraged-to-compromise-african-financial-sector
-
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access.Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where “CL” refers to “cluster” and “CRI” stands for “criminal…
-
Google’s Gemini CLI brings open-source AI agents to developers
Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/26/google-gemini-cli-open-source-ai-agents/
-
Kanister: Open-source data protection workflow management tool
Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/26/kanister-open-source-data-protection-workflow-management-tool/
-
Hackers Use Open-Source Offensive Cyber Tools to Attack Financial Businesses in Africa
The threat actor used a combination of open-source and publicly available tools to establish their attack framework First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-financial-businesses-africa/
-
NVIDIA Megatron LM Flaw Allows Attackers to Inject Malicious Code
NVIDIA has issued an urgent security update for its open-source Megatron-LM framework, following the discovery of two critical vulnerabilities that could allow attackers to inject and execute malicious code on affected systems. The flaws, tracked as CVE-2025-23264 and CVE-2025-23265, impact all platforms running Megatron-LM versions prior to 0.12.0 and have prompted a swift response from…
-
LLMs hype versus reality: What CISOs should focus on
Tags: ai, attack, backdoor, breach, business, chatgpt, ciso, cloud, control, corporate, cyber, cybercrime, cybersecurity, data, finance, governance, LLM, malware, monitoring, network, open-source, risk, risk-management, sans, service, software, supply-chain, technology, threat, tool, vulnerabilitynot using AI even though there is a lot of over-hype and promise about its capability. That said, organizations that don’t use AI will get left behind. The risk of using AI is where all the FUD is.”In terms of applying controls, rinse, wash, and repeat the processes you followed when adopting cloud, BYOD, and…
-
Google Cloud Donates A2A Protocol to Linux Foundation for Smarter, Secure Communication
In a landmark move for the artificial intelligence industry, Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, marking a significant step toward open, secure, and interoperable communication between AI agents. The announcement was made at the Open Source Summit North America, where the Linux Foundation unveiled the formation of the Agent2Agent…
-
Reconmap: Open-source vulnerability assessment, pentesting management platform
Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/24/reconmap-open-source-vulnerability-assessment-pentesting-management-platform/
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…