Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Homebrew
Homebrew tightens tap security, begins work on its interface

Anyone who installs software through a third-party Homebrew tap runs Ruby code written by people outside the project, and that code runs without a sandbox. That risk sits at …

shield
The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects

Chainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live …

Microsoft AntiSSRF
Microsoft AntiSSRF open-source library helps block server-side request forgery

AntiSSRF is an open-source code library from Microsoft that validates URLs and network connections to reduce server-side request forgery (SSRF) risks in web applications. It …

CI/CD Abuse Detector
Open-source CI/CD abuse detector guards against stolen credential attacks

CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, …

Proxmox
Proxmox releases Mail Gateway 9.1 with quarantine and backup encryption changes

Proxmox Mail Gateway 9.1 adds updated system components, changes to the spam quarantine interface, and encryption for backups. It works as a mail proxy positioned between the …

Robot
X Square Robot open sources its robot-free data collection framework

Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot …

NOVA
NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure

BlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The …

LiteLLM
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)

A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure …

DockSec
DockSec: Open-source AI-powered Docker security scanner

DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the …

AgentGG
AgentGG: Open-source agentic SAST scanner

Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG …

Agent Threat Rules
Agent Threat Rules: Open detection rule format for AI agent security threats

AI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, tool poisoning, …

Linux
KDE Linux security audit cuts kernel modules and unused packages

KDE Linux, the in-progress operating system from the KDE community, removed several kernel modules and software packages after a security audit of the components shipped with …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools