Tag: open-source
-
OSPS Baseline: Practical security best practices for open source software projects
The Open Source Security Foundation (OpenSSF), a cross-industry initiative by the Linux Foundation, has announced the initial release of the Open Source Project Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/28/osps-baseline-practical-security-best-practices-for-open-source-software-projects/
-
CVE volumes head towards 50,000 in 2025, analysts claim
Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619678/CVE-volumes-head-towards-50000-in-2025-analysts-claim
-
MITRE Caldera Hit by Critical RCE Flaw (CVE-2025-27364) Here’s What You Need to Know
CVE-2025-27364, a critical Remote Code Execution (RCE) flaw has been discovered in MITRE Caldera, an open-source adversary emulation platform used by security professionals. This flaw could allow attackers to execute arbitrary code on the server running Caldera, leading to the compromise of sensitive systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2025-27364-in-mitre-caldera/
-
GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects
GitVenom malware campaign targets gamers and crypto investors by posing as open-source projects on GitHub. Kaspersky researchers warn of a malware campaign, dubbed GitVenom, targeting GitHub users. The threat actors behind this campaign created hundreds of fake GitHub repositories with malicious code, disguising them as automation tools, crypto bots, and hacking utilities. The attackers used…
-
Dalfox: Open-source XSS scanner
DalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/26/dalfox-open-source-xss-scanner/
-
DeepSeek Lure Using CAPTCHAs To Spread Malware
Tags: ai, attack, botnet, breach, captcha, cloud, control, credentials, crypto, cybercrime, data, detection, exploit, infrastructure, injection, international, login, malicious, malware, network, open-source, powershell, privacy, scam, service, technology, theft, threat, tool, windowsIntroductionThe rapid rise of generative AI tools has created opportunities and challenges for cybercriminals. In an instant, industries are being reshaped while new attack surfaces are being exposed. DeepSeek AI chatbot that launched on January 20, 2025, quickly gained international attention, making it a prime target for abuse. Leveraging a tactic known as brand impersonation,…
-
Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy
Hyperscalers have perpetuated the narrative that open-source solutions cannot compete at scale. This perception has influenced funding priorities, shaped policy discussions, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/25/nextcloud-hub-10/
-
GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets
Cybersecurity researchers are calling attention to an ongoing campaign that’s targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub.The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky.”The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables First seen on…
-
Black Basta Leaks Reveal Targeting, Planning, Escalation
Group Cross-Referenced Open-Source Victim Intelligence With Infostealer Hauls The leak of 200,000 internal chat messages for the Black Basta operation provides an overview of how a modern ransomware group organizes itself to take down victims in the most efficient, profit-maximizing manner possible, using a variety of tactics that should be, in theory, easy to repel.…
-
Sliver C2 Server Vulnerability Enables TCP Hijacking for Traffic Interception
A significant vulnerability has been discovered in the Sliver C2 server, a popular open-source cross-platform adversary emulation and red team framework. This vulnerability, identified as CVE-2025-27090, allows attackers to hijack TCP connections, enabling them to intercept and manipulate traffic. The exploit leverages a Server-Side Request Forgery (SSRF) technique, which can be particularly damaging as it…
-
Misconfig Mapper: Open-source tool to uncover security misconfigurations
Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/24/misconfig-mapper-open-source-tool-uncover-security-misconfigurations/
-
Vielseitige und flexible Datensicherung – Backup mit Open Source: Kopia
First seen on security-insider.de Jump to article: www.security-insider.de/kopia-open-source-tool-datensicherung-a-28cf1eb74057f47b91c940e56a8210a6/
-
NSA Adds Innovative Features to Ghidra 11.3 Release
The National Security Agency (NSA) has unveiled Ghidra 11.3, the latest iteration of its open-source software reverse engineering (SRE) framework, introducing transformative features that streamline vulnerability analysis and collaborative research. This release”, coded internally as >>NSA Adds Innovative Features to Ghidra 11.3 Release
-
Critical Flaw in Apache Ignite (CVE-2024-52577) Allows Attackers to Execute Code Remotely
A severe security vulnerability (CVE-2024-52577) in Apache Ignite, the open-source distributed database and computing platform, has been disclosed. The flaw enables remote attackers to execute arbitrary code on vulnerable servers by exploiting insecure deserialization mechanisms in specific configurations. First reported on February 14, 2025, this issue impacts all Apache Ignite versions from 2.6.0 up to…
-
Kunai: Open-source threat hunting tool for Linux
Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. >>What sets Kunai apart is its ability to go beyond simple event … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/19/kunai-open-source-threat-hunting-tool-for-linux/
-
ProofConcept Exploits Published for 2 New OpenSSH Bugs
Rapid Patching Urged: Flaws Pose Man-in-the-Middle Attack, Denial of Service Risks. Millions of servers are at risk from vulnerabilities in OpenSSH, a widely used, open source remote server management and file transfer tool. The flaws pose man-in-the-middle attack and denial of service exploit risks, and have been patched in the latest version of OpenSSH. First…
-
AI Wars Playing Out in Application Attacks and Defenses
Deb Radcliff interviews Bugcrowd founder and white hat hacker, Casey Ellis. As if protecting applications wasn’t tough enough, attackers are now leveraging AI to find and exploit application vulnerabilities faster, outpacing patch efforts and evading security. This especially applies to embedded systems and open-source libraries, and all along the software supply chain. The trend of”¦…
-
Unlocking OSINT: Top books to learn from
Discover the top Open-Source Intelligence (OSINT) books in this curated list. From investigative techniques to digital footprint analysis, these titles offer insights for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/17/osint-books/
-
Orbit: Open-source Nuclei security scanning and automation platform
Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/17/orbit-open-source-security-scanning-tool-nuclei/
-
Software Bill of Material umsetzen: Die besten SBOM-Tools
Tags: api, business, compliance, container, cyberattack, data, docker, gartner, github, gitlab, healthcare, linux, monitoring, open-source, risk, saas, sbom, service, software, tool, update, vulnerabilityNur wenn Sie wissen, was drinsteckt, können Sie sich sicher sein, dass alles mit rechten Dingen zugeht. Das gilt für Fast Food wie für Software. Um Software abzusichern, muss man wissen, was in ihrem Code steckt. Aus diesem Grund ist eine Software Bill of Material, SBOM oder Software-Stückliste heute unerlässlich. Der SolarWinds-Angriff sowie die Log4j-Schwachstelle…
-
Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities
-
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that’s associated with a…
-
whoAMI name confusion attacks can expose AWS accounts to malicious code execution
Amazon fixed the problem: Through the AWS Vulnerability Disclosure Program (VDP), researchers found that AWS’s own internal non-production systems were vulnerable, potentially allowing attackers to execute code within AWS infrastructure. The issue was disclosed and promptly fixed in September 2024.A little later on December 1, 2024, AWS introduced Allowed AMIs, a feature that lets users…
-
Cybercriminals Exploit Pyramid Pentesting Tool for Covert C2 Communications
Cybersecurity analysts have identified that hackers are leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Originally designed as a post-exploitation framework for penetration testers, Pyramid has become an attractive option for malicious actors due to its ability to evade detection by endpoint security tools. The tool, first released on GitHub in…
-
Content Credentials Technology Verifies Image, Video Authenticity
The open technology tackles disinformation by verifying whether the image is real or has been modified. The standard, created to document the provenance of photos and other media, has gained steam in the past year, surpassing 500 corporate members and releasing open-source tools for developers. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/content-credentials-aim-to-tame-disinformation
-
Threat Actors Exploiting DeepSeek’s Popularity to Deploy Malware
The meteoric rise of DeepSeek, a Chinese AI startup, has not only disrupted the AI sector but also attracted the attention of cybercriminals. Following the release of its open-source model, DeepSeek-R1, on January 20, 2025, the platform experienced exponential growth, reaching millions of users globally. However, this popularity has been exploited by threat actors who…
-
SysReptor: Open-source penetration testing reporting platform
SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals. You can optimize your … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/12/sysreptor-open-source-penetration-testing-reporting-platform/
-
OpenSSL patched high-severity flaw CVE-2024-12797
OpenSSL patched the vulnerability CVE-2024-12797, a high-severity flaw found by Apple that enables man-in-the-middle attacks. The OpenSSL Project addressed a high-severity vulnerability, tracked as CVE-2024-12797, in its secure communications library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. OpenSSL contains an open-source implementation…