![GitHub](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/18100102/github-3-1500-400x200.webp)
Researchers expose GitHub Actions workflows as risky and exploitable
GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it. Despite its widespread use, many GitHub Actions …
![GitHub](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/24161318/github-ghost-400x200.webp)
Network of ghost GitHub accounts successfully distributes malware
Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and …
![Infisical](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/11091752/infisical-1500-color-400x200.webp)
Infisical: Open-source secret management platform
Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while …
![Shuffle Automation](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/10135440/shuffle_automation-1500-400x200.webp)
Shuffle Automation: Open-source security automation platform
Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process. …
![Grype](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/06152010/grype-scanner-1500-400x200.webp)
Grype: Open-source vulnerability scanner for container images, filesystems
Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) …
![SubSnipe](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/07154904/subsnipe-1500-400x200.webp)
SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than …
![GitHub](https://img.helpnetsecurity.com/wp-content/uploads/2024/06/21124934/github-door-1500-400x200.webp)
Most GitHub Actions workflows are insecure in some way
Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose …
![Realm](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/06152013/realm-1500-400x200.webp)
Realm: Open-source adversary emulation framework
Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size. “Realm …
![BunkerWeb](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/06152006/bunkerweb-open_source-waf-400x200.webp)
BunkerWeb: Open-source Web Application Firewall (WAF)
BunkerWeb is an open-source Web Application Firewall (WAF) distributed under the AGPLv3 free license. The solution’s core code is entirely auditable by a third party and …
![Monocle](https://img.helpnetsecurity.com/wp-content/uploads/2024/06/01211022/monocle-llm-1500-400x200.webp)
Monocle: Open-source LLM for binary analysis search
Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a …
![Secator](https://img.helpnetsecurity.com/wp-content/uploads/2024/06/24212032/secator-1500-400x200.webp)
Secator: Open-source pentesting Swiss army knife
Secator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to enhance the efficiency of …
![Portainer](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/21125740/portainer_docker_kubernetes-1500-400x200.webp)
Portainer: Open-source Docker and Kubernetes management
Portainer Community Edition is an open-source, lightweight service delivery platform for containerized applications. It enables the management of Docker, Swarm, Kubernetes, …
Featured news
Sponsored
Don't miss
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
- Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
- Learning from CrowdStrike’s quality assurance failures
- BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements
- How CISOs enable ITDR approach through the principle of least privilege