Hottest cybersecurity open-source tools of the month: May 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across …
Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware
Attackers are hosting counterfeit installers and plugins on GitHub and SourceForge that pose as widely used software, including ChatGPT, Claude, AutoTune, Kontakt, Ableton …
Vigolium: Open-source vulnerability scanner
Vigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project …
OpenHack: Open-source AI-powered vulnerability research
Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new …
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer …
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed …
CVE Lite CLI: Open-source dependency vulnerability scanner
Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration …
AI is drowning software maintainers in junk security reports
AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise …
Lyrie: Open-source autonomous pentesting agent
Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by …
Microsoft’s WinUI agent plugin trims token use by over 70% during development
Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX …
Vector embedding security gap exposes enterprise AI pipelines
Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies …
Sandyaa: Open-source autonomous security bug hunter
Source code auditing has traditionally relied on static analyzers that flag long lists of potential issues, leaving engineers to sort bugs from noise. A new open-source …
Featured news
Resources
Don't miss
- Attackers are exploiting FortiSandbox vulnerabilities
- SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)
- Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)
- Reachability makes AI threat modeling worth the trust
- EU Cybersecurity Act 2.0: When good regulation goes bad