Tag: open-source
-
New PyPI project archiving system aims to curb open-source security risks
First seen on scworld.com Jump to article: www.scworld.com/brief/new-pypi-project-archiving-system-aims-to-curb-open-source-security-risks
-
Deepseek tritt die nächste Welle des KI-Rushs los
Mit Deepseek wurde die nächste Welle des KI-Rushs ausgelöst. Der Open-Source-KI-gestützte Chatbot macht OpenAI Konkurrenz. Mit jeder KI-Innovation rücken allerdings auch wieder deren Auswirkungen auf den Datenschutz in den Vordergrund. Dementsprechend sollte auch bei diesem Tool vor der Einführung ein genauerer Blick auf Datenschutzüberlegungen erfolgen. Die Engines von Tools wie ChatGPT und jetzt auch Deepseek…
-
BadDNS: Open-source tool checks for subdomain takeovers
BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname Check for dangling CNAME records … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/03/baddns-open-source-tool-check-domain-subdomain-takeover/
-
Laravel admin package Voyager vulnerable to one-click RCE flaw
Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/laravel-admin-package-voyager-vulnerable-to-one-click-rce-flaw/
-
Critical remote code execution bug found in Cacti framework
A critical flaw in Cacti open-source network monitoring and fault management framework that could allow remote code execution. Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management framework for users. A critical vulnerability, tracked as CVE-2025-22604 (CVSS score of 9.1), in the Cacti open-source framework could allow an authenticated…
-
DeepSeek’s popularity exploited by malware peddlers, scammers
As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/29/deepseek-popularity-exploited-malware-scams/
-
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.”Due to a flaw in the multi-line SNMP result…
-
CISA warns of critical, high-risk flaws in ICS products from four vendors
Tags: access, authentication, automation, cisa, cloud, computing, control, credentials, cve, cvss, cybersecurity, data, exploit, flaw, infrastructure, injection, leak, mitigation, monitoring, open-source, remote-code-execution, risk, service, software, threat, update, vulnerability, windowsThe US Cybersecurity and Infrastructure Security Alliance has issued advisories for 11 critical and high-risk vulnerabilities in industrial control systems (ICS) products from several manufacturers.The issues include OS command injection, unsafe deserialization of data, use of broken cryptographic algorithms, authentication bypass, improper access controls, use of default credentials, sensitive information leaks, and more. The flaws…
-
New open-source SAST tool unveiled after Semgrep clampdown
First seen on scworld.com Jump to article: www.scworld.com/brief/new-open-source-sast-tool-unveiled-after-semgrep-clampdown
-
write waf rules faster with WAF Rule Writer – Impart Security
Rule Writer is your go-to AI-powered assistant for tackling the messy, time-consuming world of WAF rule creation and management. It’s not just a tool”, it’s like having an extra teammate who never sleeps and always knows exactly what to do. The Truth About WAF Rules “Here’s the thing about WAF rules: most teams barely touch…
-
Microsoft builds open source document database on PostgreSQL, suggests FerretDB as front end
We’re not in Kansas anymore First seen on theregister.com Jump to article: www.theregister.com/2025/01/27/microsoft_builds_open_source_document/
-
DeepSeek hit by cyberattack and outage amid breakthrough success
Tags: access, ai, apple, attack, ceo, china, compliance, control, cyberattack, cybersecurity, data, detection, encryption, finance, GDPR, google, group, HIPAA, infrastructure, malicious, nvidia, open-source, risk, saas, service, startup, technology, threat, tool, training, vulnerabilityChinese AI startup DeepSeek said it was hit by a cyberattack, prompting the company to restrict user registrations and manage website outages as demand for its AI assistant soared.According to the company’s status page, DeepSeek has been investigating the issue since late evening Beijing time on Monday.”Due to large-scale malicious attacks on DeepSeek’s services, registration…
-
New Hacker Group Using 7z UltraVNC Tool to Deploy Malware Evading Detection
A sophisticated cyber campaign targeting Russian-speaking entities has been identified by cybersecurity researchers, unveiling a deceptive operation imitating the Tactics, Techniques, and Procedures (TTPs) of the Gamaredon APT group. The attackers believed to be part of the GamaCopy group, exploited military-related content as bait, leveraging open-source tools to obscure their activities. The attacks utilized 7z…
-
BloodyAD: Open-source Active Directory privilege escalation framework
BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/28/bloodyad-active-directory-privilege-escalation/
-
Bitwarden makes it harder to hack password vaults without MFA
Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitwarden-makes-it-harder-to-hack-password-vaults-without-mfa/
-
Open-source security spat leads companies to join forces for new tool
A company’s licensing change to a static analysis tool has forced 10 companies together to create Opengrep. First seen on cyberscoop.com Jump to article: cyberscoop.com/opengrep-static-analysis-security-tool-semgrep-open-source/
-
A pickle in Meta’s LLM code could allow RCE attacks
Tags: ai, attack, breach, cve, cvss, data, data-breach, exploit, flaw, framework, github, LLM, malicious, ml, network, open-source, rce, remote-code-execution, software, supply-chain, technology, theft, vulnerabilityMeta’s large language model (LLM) framework, Llama, suffers a typical open-source coding oversight, potentially allowing arbitrary code execution on servers leading to resource theft, data breaches, and AI model takeover.The flaw, tracked as CVE-2024-50050, is a critical deserialization bug belonging to a class of vulnerabilities arising from the improper use of the open-source library (pyzmq)…
-
MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks
Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC.”MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a…
-
Don’t let these open-source cybersecurity tools slip under your radar
This article showcases free, open-source cybersecurity tools that help you identify and address vulnerabilities, detect intrusion, protect websites from cyber attacks, monitor … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/27/open-source-cybersecurity-tools-free/
-
Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks
A new report has put the spotlight on potential security vulnerabilities within the popular open-source framework Next.js, demonstrating how improper caching mechanisms can lead to critical server-side cache poisoning attacks. Developed by Vercel, Next.js remains a cornerstone for building server-rendered React applications; however, its popularity has also made it a lucrative target for threat actors.…
-
Passbolt erhält 8 Millionen US-Dollar an Series-A-Finanzierung
Tags: open-sourcePassbolt ist außerdem vollständig Open Source und ermöglicht volle Kontrolle durch Hosting in Eigenregie und flexible Anpassung an Unternehmensrichtlinien und regulatorische Anforderungen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/passbolt-erhaelt-8-millionen-us-dollar-an-series-a-finanzierung/a39544/
-
Neue Stratoshark Lösung revolutioniert Cloud-native Security
Stratoshark baut auf dem Open-Source-Erbe von Wireshark und Falco auf und bietet unübertroffene Transparenz für Cloud-native Umgebungen auf einer vertrauten Plattform First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neue-stratoshark-loesung-revolutioniert-cloud-native-security/a39536/
-
Wireshark für die Cloud
Sysdig, ein führender Anbieter von Echtzeit-Sicherheitslösungen für die Cloud, gab heute die Veröffentlichung von Stratoshark bekannt, einem Open-Source-Tool, das die granulare Netzwerktransparenz von Wireshark auf die Cloud ausweitet und Anwendern einen standardisierten Ansatz für die Analyse von Cloud-Systemen bietet. Seit 27 Jahren hilft Wireshark Anwendern bei der Analyse des Netzwerkverkehrs und der Fehlerbehebung mit […]…
-
Cisco patches antivirus decommissioning bug as exploit code surfaces
Cisco has patched a denial-of-service (DoS) vulnerability affecting its open-source antivirus software toolkit, ClamAV, which already has a proof-of-concept (PoC) exploit code available to the public.Identified as CVE-2025-20128, the vulnerability stems from a heap-based buffer overflow in the Object Linking and Embedding 2 (OLE2) decryption routine, enabling unauthenticated remote attackers to cause a DoS condition…
-
10 top XDR tools and how to evaluate them
Tags: ai, attack, automation, business, cloud, computing, container, corporate, credentials, data, defense, detection, edr, email, encryption, endpoint, finance, firewall, google, guide, Hardware, iam, ibm, identity, incident response, infrastructure, intelligence, malicious, malware, marketplace, microsoft, mitigation, network, office, okta, open-source, organized, risk, security-incident, service, siem, skills, soar, software, spam, technology, threat, tool, training, vulnerability, zero-dayLittle in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat…
-
Open-Source ClamAV Releases Security Update for Buffer Overflow Vulnerability Patch Now
ClamAV, a widely used open-source antivirus software, has released security patch updates to address a critical buffer overflow vulnerability (CVE-2025-20128). The vulnerability, identified in the OLE2 file parser, posed a potential risk of denial-of-service (DoS) attacks. Users are urged to update immediately to the newly-released ClamAV versions 1.4.2 and 1.0.8 to safeguard their systems. Details…
-
Python administrator moves to improve software security
The administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to identify and stop malware-laced packages from proliferating across the open-source community that contributes and consumes Python software. As previously reported, hijacking Python…
-
Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning
The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception. The scanner, developed by Maximilian … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/23/web-cache-vulnerability-scanner-detecting-web-cache-poisoning/
-
Stratoshark: Wireshark for the cloud now available!
Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network visibility to the cloud, providing users with a standardized approach to cloud … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/22/stratoshark-wireshark-cloud/