open source
Malicious Python packages found on PyPI
Researchers have uncovered another batch of malicious Python libraries hosted on Python Package Index (PyPI). The malicious packages PyPI is the official third-party software …
1 in 10 open source components downloaded in 2018 had a known security vulnerability
This year’s Sonatype report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past, it …
OpenSSH adds protection against Spectre, Meltdown, RAMBleed
OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow …
Offensive Security unveils Kali Linux roadmap
Offensive Security unveiled much of the 2019-2020 roadmap for the open source Kali Linux project, the most popular operating system used by penetration testers and ethical …
GitHub introduces Dependabot-powered automated security fixes
GitHub, the largest code-hosting site in the world, has announced many new features and changes at the 2019 GitHub Satellite conference that took place last week in Berlin. …
Open source security: The risk issue is unpatched software, not open source use
Many of the trends in open source use that have presented risk management challenges to organizations in previous years persist today. However, new data also suggest that an …
Framing supply chain attacks
The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development …
Patched Apache flaw is a serious threat for web hosting providers
Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via …
Meet the new generation of white hats
The past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the …
NSA unveils Ghidra reverse engineering tool at RSA Conference 2019
The National Security Agency (NSA) has released Ghidra, a free and cross-platform software reverse engineering tool suite used internally by the intelligence agency. They are …
OSSPatcher: Automated mobile application patching for bugs in open source libraries
Researchers from the Georgia Tech and Peking University are working on OSSPatcher, a system for automatic patching of vulnerable open source libraries included in mobile …
Building security into cloud native apps with NGINX
Companies like Airbnb, Uber and DoorDash, which have a cloud-based software infrastructure as one of their main enablers, are disrupting the hospitality, transportation and …
Featured news
Resources
Don't miss
- NTLM relay attacks are back from the dead
- Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future
- Google open-sources privacy tech for age verification
- You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code
- Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)