Fake npm 2FA reset email led to compromise of popular code packages
Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. …
InterceptSuite: Open-source network traffic interception tool
InterceptSuite is an open-source, cross-platform network traffic interception tool designed for TLS/SSL inspection, analysis, and manipulation at the network level. …
BruteForceAI: Free AI-powered login brute force tool
BruteForceAI is a penetration testing tool that uses LLMs to improve the way brute-force attacks are carried out. Instead of relying on manual setup, the tool can analyze HTML …
Hottest cybersecurity open-source tools of the month: August 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Buttercup: …
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux
Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached …
LudusHound: Open-source tool brings BloodHound data to life
LudusHound is an open-source tool that takes BloodHound data and uses it to set up a working Ludus Range for safe testing. It creates a copy of an Active Directory environment …
Buttercup: Open-source AI-driven system detects and patches vulnerabilities
Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place …
Obot MCP Gateway: Open-source platform to securely manage the adoption of MCP servers
Obot MCP Gateway is a free, open-source gateway that enables IT organizations to securely manage and scale adoption of Model Context Protocol (MCP) servers. MCPs are becoming …
EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations
EntraGoat is a purpose-built tool that sets up a vulnerable Microsoft Entra ID environment to mimic real-world identity security issues. It’s designed to help security …
Concentric AI adds integrations to strengthen data security governance
Concentric AI announced new integrations that enhance the AI-driven capabilities of its Semantic Intelligence data security governance platform, expanding data governance …
BloodHound 8.0 debuts with major upgrades in attack path management
SpecterOps has released BloodHound 8.0, the latest iteration of its open-source attack path management platform, featuring major enhancements and expanded capabilities. …
Open-source password recovery utility Hashcat 7.0.0 released
Hashcat is an open-source password recovery tool that supports five attack modes and more than 300 highly optimized hashing algorithms. It runs on CPUs, GPUs, and other …
Featured news
Resources
Don't miss
- Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)
- 18 arrested in €300 million global credit card fraud scheme
- PortGPT: How researchers taught an AI to backport security patches automatically
- AI can flag the risk, but only humans can close the loop
- VulnRisk: Open-source vulnerability risk assessment platform