open source
XMGoat: Open-source pentesting tool for Azure
XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within …
Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide
Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than …
Acra: Open-source database protection with field-level encryption and intrusion detection
Cossack Labs updated its flagship open-source product Acra database security suite to version 0.90.0 and made many of its core security features previously available only for …
Malicious Python packages employ advanced detection evasion techniques
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …
Dependency Combobulator: Open source toolkit to combat dependency confusion attacks
Apiiro released Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The toolkit, available on GitHub, …
Trojan Source bugs may lead to extensive supply-chain attacks on source code
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …
Regulation fatigue: A challenge to shift processes left
Recent high-profile supply chain attacks have heightened the need for increased regulation of the open-source community. In the U.S., for example, President Biden’s …
Popular npm package hijacked, modified to deliver cryptominers
Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …
ThreatMapper: Open source platform for scanning runtime environments
Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, …
KuberLogic open-source platform turns infrastructure into a managed PaaS
CloudLinux launched a new open-core project – KuberLogic – software that allows DevOps to set up scalable, self-healing PaaS on top of your Kubernetes cluster. Available on …
Apache OpenOffice users should upgrade to newest security release!
The Apache Software Foundation (ASF) has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed …
Securing Kubernetes as it becomes mainstream
In this interview with Help Net Security, Shauli Rozen, CEO at ARMO, talks about securing Kubernetes (K8s) systems, what makes them susceptible to cyberattacks and what should …
Featured news
Sponsored
Don't miss
- US exposes scheme enabling North Korean IT workers to bypass sanctions
- The importance of access controls in incident response
- Organizations struggle to defend against ransomware
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)