open source
How to address the ongoing risk of Log4j exploitation and prepare for the future
“Vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer,” the Cyber Safety Review Board (CSRB) has concluded. …
Boards, CEOs demand software supply chain security improvements
Venafi announced the findings of a global study of 1,000 CIOs, in which 82% say their organizations are vulnerable to cyberattacks targeting software supply chains. The shift …
How to eliminate the weak link in public cloud-based multi-party computation
Secure multi-party computation (MPC) has seen steady evolution to tackle many scientific challenges. These include enabling the creation and tuning of AI or machine learning …
Hijacking of popular ctx and phpass packages reveals open source security gaps
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …
Kali Linux 2022.2 released: Desktop enhancements, tweaks for the terminal, new tools, and more!
Offensive Security has released Kali Linux 2022.2, the latest version of its popular penetration testing and digital forensics platform. Cosmetic changes Kali Linux 2022.2 …
A 10-point plan to improve the security of open source software
The Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a …
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)
Microsoft has unearthed two security vulnerabilities (CVE-2022-29799, CVE-2022-29800) in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many …
Principles for Kubernetes security and good hygiene
Traditional methods of software security are not a good fit for Kubernetes: a renewed set of security implementations are required to make it less vulnerable. What’s …
Ubuntu 22.04 LTS released, delivers enterprise-grade security
Canonical Ubuntu 22.04 LTS is now generally available, featuring significant leaps forward in cloud confidential computing, real-time kernel for industrial applications, and …
The state of open-source software supply chain security in 2022
In this video for Help Net Security, Donald Fischer, CEO at Tidelift, talks about the state of open-source software supply chain security in 2022. Open source is the modern …
Challenges development teams face when building applications with open source
Tidelift released a report providing critical insights into the state and practice of open source software supply chain management. This comprehensive study of nearly 700 …
81% of codebases contain known open source vulnerabilities
Synopsys released a report which examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, and …
Featured news
Resources
Don't miss
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)
- Threat actors are scanning your environment, even if you’re not
- GoSearch: Open-source OSINT tool for uncovering digital footprints
- Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
- Top must-visit companies at RSAC 2025