After Shai-Hulud, GitHub tightens npm publishing security
Attackers are constantly finding ways to take over accounts and push malicious packages to the npm registry, the (GitHub-operated) online repository for JavaScript and Node.js …
Malicious GitHub pages lure MacOS users into installing Atomic infostealer
MacOS users looking to download popular software such as LastPass, 1Password, After Effects, Gemini, and many others are in danger of getting saddled with the Atomic …
Cybersecurity AI (CAI): Open-source framework for AI security
Cybersecurity AI (CAI) is an open-source framework that helps security teams build and run AI-driven tools for offensive and defensive tasks. It’s designed for anyone working …
Rayhunter: EFF releases open-source tool to detect cellular spying
The Electronic Frontier Foundation (EFF) has released Rayhunter, a new open-source tool designed to detect cell site simulators (CSS). These devices, also known as IMSI …
GitHub adds post-quantum protection for SSH access
GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. …
Phishing campaign targets Rust developers
Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm …
Arkime: Open-source network analysis and packet capture system
Arkime is an open-source system for large-scale network analysis and packet capture. It works with your existing security tools to store and index network traffic in standard …
Garak: Open-source LLM vulnerability scanner
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks …
Fake npm 2FA reset email led to compromise of popular code packages
Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. …
InterceptSuite: Open-source network traffic interception tool
InterceptSuite is an open-source, cross-platform network traffic interception tool designed for TLS/SSL inspection, analysis, and manipulation at the network level. …
BruteForceAI: Free AI-powered login brute force tool
BruteForceAI is a penetration testing tool that uses LLMs to improve the way brute-force attacks are carried out. Instead of relying on manual setup, the tool can analyze HTML …
Hottest cybersecurity open-source tools of the month: August 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Buttercup: …
Featured news
Resources
Don't miss
- Social data puts user passwords at risk in unexpected ways
- New observational auditing framework takes aim at machine learning privacy leaks
- Why password management defines PCI DSS success
- Hottest cybersecurity open-source tools of the month: November 2025
- Gainsight breach: Salesforce details attack window, issues investigation guidance