Hijacking of popular ctx and phpass packages reveals open source security gaps
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …
GitGuardian announced the results of its report which extends its previous edition focused on public GitHub by depicting a realistic view of the state of secrets sprawl in …
Contrast Security announced its partnership with GitHub and the availability of its suite of GitHub Actions, simplifying the process for developers to ensure the code they …
GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, etc. It was …
For parents and families, the thought of someone gaining access to sensitive information can be nothing short of a nightmare. However, one group of developers are on a mission …
XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within …
Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than …
Cossack Labs updated its flagship open-source product Acra database security suite to version 0.90.0 and made many of its core security features previously available only for …
GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …
Apiiro released Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The toolkit, available on GitHub, …
Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …
Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, …