Tag: open-source
-
PortGPT: How researchers taught an AI to backport security patches automatically
Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/05/portgpt-ai-backport-security-patches-automatically/
-
VulnRisk: Open-source vulnerability risk assessment platform
VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/05/vulnrisk-open-source-vulnerability-risk-assessment-platform/
-
VulnRisk: Open-source vulnerability risk assessment platform
VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/05/vulnrisk-open-source-vulnerability-risk-assessment-platform/
-
VulnRisk: Open-source vulnerability risk assessment platform
VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/05/vulnrisk-open-source-vulnerability-risk-assessment-platform/
-
NDSS 2025 The Philosopher’s Stone: Trojaning Plugins Of Large Language Models
Tags: attack, conference, control, data, defense, exploit, LLM, malicious, malware, network, open-source, phishing, spear-phishingSESSION Session 2A: LLM Security Authors, Creators & Presenters: Tian Dong (Shanghai Jiao Tong University), Minhui Xue (CSIRO’s Data61), Guoxing Chen (Shanghai Jiao Tong University), Rayne Holland (CSIRO’s Data61), Yan Meng (Shanghai Jiao Tong University), Shaofeng Li (Southeast University), Zhen Liu (Shanghai Jiao Tong University), Haojin Zhu (Shanghai Jiao Tong University) PAPER The Philosopher’s Stone:…
-
Ransomware Defense Using the Wazuh Open Source Platform
Tags: access, attack, computer, cyberattack, data, defense, infrastructure, malicious, malware, open-source, ransom, ransomware, software, threatRansomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure worldwide.A ransomware attack typically begins when the malware infiltrates a system through various vectors…
-
Fake Solidity VSCode extension on Open VSX backdoors developers
A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-solidity-vscode-extension-on-open-vsx-backdoors-developers/
-
OpenAIs Aardvark soll Fehler im Code erkennen und beheben
Tags: ai, ceo, chatgpt, cve, cyberattack, LLM, open-source, openai, risk, software, supply-chain, tool, update, vulnerabilityKI soll das Thema Sicherheit frühzeitig in den Development-Prozess miteinbeziehen.OpenAI hat Aardvark vorgestellt, einen autonomen Agenten auf Basis von GPT-5. Er soll wie ein menschlicher Sicherheitsforscher in der Lage sein, Code zu scannen, zu verstehen und zu patchen.Im Gegensatz zu herkömmlichen Scannern, die verdächtigen Code mechanisch markieren, versucht Aardvark zu analysieren, wie und warum sich…
-
Heisenberg: Open-source software supply chain health check tool
Heisenberg is an open-source tool that checks the health of a software supply chain. It analyzes dependencies using data from deps.dev, Software Bills of Materials (SBOMs), … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/03/heisenberg-open-source-software-supply-chain-health-check-tool/
-
Heisenberg: Open-source software supply chain health check tool
Heisenberg is an open-source tool that checks the health of a software supply chain. It analyzes dependencies using data from deps.dev, Software Bills of Materials (SBOMs), … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/03/heisenberg-open-source-software-supply-chain-health-check-tool/
-
Lightweight Open Source Identity Management Solutions for Home Labs
Discover lightweight, open-source identity management solutions perfect for securing your home lab. Compare Authelia, Authentik, and other tools to find the right fit. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/lightweight-open-source-identity-management-solutions-for-home-labs/
-
Lightweight Open Source Identity Management Solutions for Home Labs
Discover lightweight, open-source identity management solutions perfect for securing your home lab. Compare Authelia, Authentik, and other tools to find the right fit. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/lightweight-open-source-identity-management-solutions-for-home-labs/
-
Chainguard Banks $280M for Global Open-Source Security Play
Non-Dilutive Funding From General Catalyst Supports Global Go-to-Market Push. Backed by $280 million in growth financing from General Catalyst, Chainguard plans to scale global go-to-market efforts and invest in its open source security platform. The non-dilutive funding structure allows for targeted investment based on customer acquisition. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chainguard-banks-280m-for-global-open-source-security-play-a-29909
-
AdaptixC2: When Open-Source Tools Become Weapons
Cybercriminals are turning AdaptixC2, an open-source security tool, into a weapon for ransomware attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/adaptixc2-when-open-source-tools-become-weapons/
-
European governments opt for open source alternatives to Big Tech encrypted communications
European governments are rolling out decentralised secure messaging and collaboration services as they seek to reduce their reliance on Big Tech companies First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366633894/European-governments-opt-for-open-source-alternatives-to-Big-Tech-encrypted-communications
-
OpenAI launches Aardvark to detect and patch hidden bugs in code
Tags: ai, attack, cve, flaw, framework, LLM, open-source, openai, software, supply-chain, update, vulnerabilitySecuring open source and shifting security left: Aardvark’s role extends beyond enterprise environments. OpenAI has already deployed it across open-source repositories, where it claims to have discovered multiple real-world vulnerabilities, ten of which have received official CVE identifiers. The LLM giant said it plans to provide pro-bono scanning for selected non-commercial open-source projects, under a…
-
OpenAI launches Aardvark to detect and patch hidden bugs in code
Tags: ai, attack, cve, flaw, framework, LLM, open-source, openai, software, supply-chain, update, vulnerabilitySecuring open source and shifting security left: Aardvark’s role extends beyond enterprise environments. OpenAI has already deployed it across open-source repositories, where it claims to have discovered multiple real-world vulnerabilities, ten of which have received official CVE identifiers. The LLM giant said it plans to provide pro-bono scanning for selected non-commercial open-source projects, under a…
-
The unified linkage model: A new lens for understanding cyber risk
Tags: access, api, attack, breach, ciso, cloud, compliance, credentials, cve, cyber, cybersecurity, data, defense, exploit, flaw, framework, identity, incident response, infrastructure, intelligence, malicious, mitre, network, nist, okta, open-source, radius, resilience, risk, risk-analysis, saas, sbom, software, supply-chain, threat, update, vpn, vulnerability, zero-day, zero-trustMissed systemic risk: Organizations secure individual components but miss how vulnerabilities propagate through dependencies (e.g., Log4j embedded in third-party apps).Ineffective prioritization: Without a linkage structure, teams patch high-severity CVEs on isolated systems while leaving lower-scored flaws on critical trust pathways.Slow incident response: When a zero-day emerges, teams scramble to locate vulnerable components. Without pre-existing linkage…
-
Threat Actors Exploiting Open-Source C2 Frameworks to Deploy Malicious Payloads
Tags: control, cyber, cyberattack, cybercrime, exploit, framework, hacking, intelligence, malicious, open-source, russia, threat, toolThreat intelligence researchers have uncovered a growing campaign where cybercriminals are weaponizing AdaptixC2, a legitimate open-source Command and Control framework designed for authorized penetration testers. The discovery reveals how threat actors are exploiting ethical hacking tools to conduct sophisticated cyberattacks, with significant ties linking the framework’s development to Russian criminal networks. Silent Push threat analysts…
-
Threat Actors Exploiting Open-Source C2 Frameworks to Deploy Malicious Payloads
Tags: control, cyber, cyberattack, cybercrime, exploit, framework, hacking, intelligence, malicious, open-source, russia, threat, toolThreat intelligence researchers have uncovered a growing campaign where cybercriminals are weaponizing AdaptixC2, a legitimate open-source Command and Control framework designed for authorized penetration testers. The discovery reveals how threat actors are exploiting ethical hacking tools to conduct sophisticated cyberattacks, with significant ties linking the framework’s development to Russian criminal networks. Silent Push threat analysts…
-
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace.The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft’s…
-
Malicious packages in npm evade dependency detection through invisible URL links: Report
Tags: ai, application-security, attack, control, detection, edr, endpoint, exploit, flaw, github, governance, hacker, malicious, malware, microsoft, open-source, programming, service, software, supply-chain, threat, tool, trainingCampaign also exploits AI: The names of packages uploaded to npm aren’t typosquats of common packages, a popular tactic of threat actors. Instead the hackers exploit AI hallucinations. When developers ask AI assistants for package recommendations, the chatbots sometimes suggest plausible-sounding names that are close to those of legitimate packages, but that don’t actually exist.…
-
OpenAI releases ‘Aardvark’ security and patching model
The model, currently in beta mode, is designed to automatically scan, analyze and patch vulnerabilities in private and open-source code bases. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-aardvark-security-and-patching-model-beta/
-
OpenAI releases ‘Aardvark’ security and patching model
The model, currently in beta mode, is designed to automatically scan, analyze and patch vulnerabilities in private and open-source code bases. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-aardvark-security-and-patching-model-beta/
-
OpenAI releases ‘Aardvark’ security and patching model
The model, currently in beta mode, is designed to automatically scan, analyze and patch vulnerabilities in private and open-source code bases. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-aardvark-security-and-patching-model-beta/