open source
cert-manager: Automatically provision and manage TLS certificates in Kubernetes
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters and simplifies the process of obtaining, renewing, and using those …
Apache Commons Text flaw is not a repeat of Log4Shell (CVE-2022-42889)
A freshly fixed vulnerability (CVE-2022-42889) in the Apache Commons Text library has been getting attention from security researchers these last few days, worrying it could …
Secure portable operating system Tails 5.5 released
Tails, based on Debian GNU/Linux, is a portable operating system that protects against surveillance and censorship, and version 5.5 is now available for download. When …
CISA releases RedEye open-source analytic tool
CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye, available on GitHub, allows an …
New security concerns for the open-source software supply chain
Open-source software is a critical element of the software supply chain in companies of all sizes, but there are new security concerns for the open-source software supply …
Constellation: Open-source, runtime-encrypted Kubernetes
Confidential Computing is a hardware-based technology that shields computer workloads from their environments and keeps data encrypted during processing. In this Help Net …
Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires …
Dissect: Open-source framework for collecting, analyzing forensic data
A game changer in cyber incident response, the Dissect framework enables data acquisition on thousands of systems within hours, regardless of the nature and size of the IT …
When transparency is also obscurity: The conundrum that is open-source security
Open-source software (OSS) has a lot of advocates. After all, why would we continuously try and write code that solves problems that others have already solved? Why not share …
SpyCast: Cross-platform mDNS enumeration tool
SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in passive mode by only listening to multicast …
The holy trifecta for developing a secure API
It’s hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes. Writing an API that sticks …
Wolfi Linux provides the control needed to fix modern supply chain threats
There’s been a massive push for supply chain security in the last few years: integrity protection, vulnerability management, and transparency. This push has left …
Featured news
Resources
Don't miss
- Signal blocks Microsoft Recall from screenshotting conversations
- The hidden gaps in your asset inventory, and how to close them
- CTM360 report: Ransomware exploits trust more than tech
- Lumma Stealer Malware-as-a-Service operation disrupted
- Data-stealing VS Code extensions removed from official Marketplace