Tag: open-source
-
Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting
Tags: ai, api, apt, attack, bug-bounty, business, chatgpt, cloud, computing, conference, credentials, cve, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, email, exploit, finance, firewall, flaw, framework, github, government, group, guide, hacker, hacking, incident response, injection, LLM, malicious, microsoft, open-source, openai, penetration-testing, programming, rce, RedTeam, remote-code-execution, service, skills, software, sql, tactics, threat, tool, training, update, vulnerability, waf, zero-dayGenerative AI has had a significant impact on a wide variety of business processes, optimizing and accelerating workflows and in some cases reducing baselines for expertise.Add vulnerability hunting to that list, as large language models (LLMs) are proving to be valuable tools in assisting hackers, both good and bad, in discovering software vulnerabilities and writing…
-
Cyberbro: Open-source tool extracts IoCs and checks their reputation
Cyberbro is an open-source application that extracts IoCs from garbage input and checks their reputation using multiple services. Cyberbro features Input handling: Paste raw … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/07/cyberbro-open-source-extract-iocs-check-reputation/
-
Nuclei Patches High Severity Flaw in Security Tool
Flaw Enabled Signature Bypassing on Nuclei ProjectDiscovery. Open-source vulnerability scanner Nuclei patched a critical flaw in its open-source vulnerability management tool ProjectDiscovery. Security firm Wiz uncovered the flaw, a signature verification system flaw that could allow attackers to execute malicious code using custom code templates. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/nuclei-patches-high-severity-flaw-in-security-tool-a-27224
-
Veracode Looks To Boost Security For Software Supply Chain With Acquisition Of Phylum
Veracode says its acquisition of software supply chain security startup Phylum will enhance its capabilities around protecting against malicious open-source code. First seen on crn.com Jump to article: www.crn.com/news/security/2025/veracode-looks-to-boost-security-for-software-supply-chain-with-acquisition-of-phylum
-
Open source vulnerability scanner found with a serious vulnerability in its own code
A widely popular open-source tool, Nuclei, used for scanning vulnerabilities and weaknesses in websites, cloud applications, and networks is found to have a high-severity flaw that could potentially allow attackers to execute malicious codes on local systems.The flaw tracked as CVE-2024-43405 is assigned a CVSS score of 7.4 out of 10 and is said to…
-
Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation’s Hardhat tool in order to steal sensitive data from developer systems.”By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, First seen…
-
DigiCert Open Sources Domain Control Validation Software
DigiCert has made available a Domain Control Validation (DCV) library under an open-source software license as part of a larger effort to enable certificate authorities (CAs) to reduce total costs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/digicert-open-sources-domain-control-validation-software/
-
Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation’s Hardhat tool in order to steal sensitive data from developer systems.”By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, First seen…
-
Garak An Open Source LLM Vulnerability Scanner for AI Red-Teaming
Garak is a free, open-source tool specifically designed to test the robustness and reliability of Large Language Models (LLMs). Inspired by utilities like Nmap or Metasploit, Garak identifies potential weak points in LLMs by probing for issues such as hallucinations, data leakage, prompt injections, toxicity, jailbreak effectiveness, and misinformation propagation. This guide covers everything you…
-
Open-Source-Netzwerk Uneinigkeit über Schwere der Socat-Sicherheitslücke
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-schwachstelle-open-source-tool-socat-cve-2024-54661-a-955df96f677fbd9ed78c849bddd27a66/
-
Balancing proprietary and open-source tools in cyber threat research
In this Help Net Security interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses how threat research drives faster, better decision-making in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/06/thomas-roccia-microsoft-threat-research/
-
Nuclei flaw allows signature bypass and code execution
A vulnerability in Nuclei, an open-source vulnerability scanner, could allow attackers to bypass signature checks and execute malicious code. A high-severity security flaw, tracked as CVE-2024-43405 (CVSS score of 7.4), in the open-source vulnerability scanner ProjectDiscovery’s Nuclei, could allow attackers to bypass signature checks and execute malicious code. The Wiz’s engineering team discovered the vulnerability. The vulnerability…
-
Privacy Roundup: Week 1 of Year 2025
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
Nuclei flaw lets malicious templates bypass signature verification
A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nuclei-flaw-lets-malicious-templates-bypass-signature-verification/
-
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code.Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0.”The…
-
NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems. First seen on hackread.com Jump to article: hackread.com/npm-package-disguised-ethereum-tool-quasar-rat/
-
Nuklearunternehmen im Visier von Lazarus
Die APT-Gruppe Lazarus hat im Zuge ihrer ‘Operation DreamJob” eine raffinierte Kampagne initiiert, die gezielt Mitarbeiter einer Einrichtung aus dem Bereich der Nukleartechnik ins Visier nahm. In einem besonders ausgeklügelten Täuschungsmanöver tarnte die Gruppe eine neuartige modulare Schadsoftware namens ‘CookiePlus” als vermeintlich harmloses Open-Source-Plugin. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/kritis/nuklearunternehmen-im-visier-von-lazarus/
-
Fake 7-Zip Exploit Code Traced to AI-Generated Misinterpretation
A recent claim that a critical zero-day vulnerability existed in the popular open-source file archiver 7-Zip has been met with skepticism from the software’s creator and other security researchers. First seen on hackread.com Jump to article: hackread.com/fake-7-zip-exploit-code-ai-generated-misinterpretation/
-
TrueNAS CORE Vulnerability Let Attackers Execute Remote Code
Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a critical vulnerability in TrueNAS CORE, a widely-used open-source storage operating system developed by iXsystems. The vulnerability, CVE-2024-11944, allows network-adjacent attackers to execute arbitrary code on affected installations without requiring authentication. This discovery was presented during the renowned cybersecurity competitionPwn2Own. 2024…
-
Hottest cybersecurity open-source tools of the month: December 2024
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. SafeLine: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/31/hottest-cybersecurity-open-source-tools-of-the-month-december-2024/
-
An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip’s creator says is a fake
An X user using the handle @NSA_Employee39 disclosed a zero-day vulnerability in the open-source file archive software 7-Zip. A verified X account, @NSA_Employee39, claimed to disclose a zero-day vulnerability in the open-source file archive software 7-Zip. The X user announced it would be “dropping 0days all this week,” starting with an arbitrary code execution vulnerability…
-
reconFTW: Open-source reconnaissance automation
reconFTW is an open-source tool that simplifies and automates the reconnaissance process, delivering subdomain enumeration, vulnerability assessment, and gathering … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/30/reconftw-open-source-reconnaissance-automation/
-
NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern
The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in the cybersecurity community. This notorious Remote Access Trojan (RAT), also known as Bladabindi, has long been a tool of choice for cybercriminals due to its extensive capabilities and ease of use. The availability of its latest version on an open-source…
-
TCP-, UDP-, und ICMP-Pakete als hilfreiche Info-Quellen für Admins – Open Source Pentesting: Hping3, tcpdump und ptunnel in der Praxis
First seen on security-insider.de Jump to article: www.security-insider.de/netzwerkanalyse-schwachstellensuche-hping3-tcpdump-ptunnel-a-e73ac407d905b15c6f349af0b1bfa4d7/
-
SvarDOS: DR-DOS is reborn as an open source operating system
A #DOScember surprise: fits on a single floppy, but has a network-capable package manager First seen on theregister.com Jump to article: www.theregister.com/2024/12/23/svardos_drdos_reborn/