Raven: Open-source CI/CD pipeline security scanner
Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across …
GOAD: Vulnerable Active Directory environment for practicing attack techniques
Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: …
Wazuh: Free and open-source XDR and SIEM
Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings. …
ELITEWOLF: NSA’s repository of signatures and analytics to secure OT
Cyber entities continue to show a persistent interest in targeting critical infrastructure by taking advantage of vulnerable OT assets. To counter this threat, NSA has …
DIY attack surface management: Simple, cost-effective and actionable perimeter insights
Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being …
Yeti: Open, distributed, threat intelligence repository
Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as …
GNOME users at risk of RCE attack (CVE-2023-43641)
If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption …
Chalk: Open-source software security and infrastructure visibility tool
Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into …
Securing GitHub Actions for a safer DevOps pipeline
GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to …
Network Flight Simulator: Open-source adversary simulation tool
Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool …
BinDiff: Open-source comparison tool for binary files
BinDiff is a binary file comparison tool to find differences and similarities in disassembled code quickly. It was made open source today. With BinDiff, you can identify and …
LLM Guard: Open-source toolkit for securing Large Language Models
LLM Guard is a toolkit designed to fortify the security of Large Language Models (LLMs). It is designed for easy integration and deployment in production environments. It …
Featured news
Resources
Don't miss
- Gainsight breach: Salesforce details attack window, issues investigation guidance
- New “HashJack” attack can hijack AI browsers and assistants
- Heineken CISO champions a new risk mindset to unlock innovation
- Small language models step into the fight against phishing sites
- Black Friday 2025 for InfoSec: How to spot real value and avoid the noise