Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
PyRIT
PyRIT: Open-source framework to find risks in generative AI systems

Python Risk Identification Tool (PyRIT) is Microsoft’s open-source automation framework that enables security professionals and machine learning engineers to find risks …

Vigil LLM security scanner
Vigil: Open-source LLM security scanner

Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models (LLMs). Prompt injection arises when …

Google package
Google delivers secure open source software packages

Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev …

Python
A closer look at malicious packages targeting Python developers

In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique …

Python
Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in …

Phishing PyPI users: Attackers compromise legitimate projects to push malware

PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …

AWS keys
Python packages with malicious code expose secret AWS credentials

Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and …

package
Hijacking of popular ctx and phpass packages reveals open source security gaps

The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …

snake, threat
Attackers employ novel methods to backdoor French organizations

An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. How the …

python pi
Malicious Python packages employ advanced detection evasion techniques

JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …

Hand
Trojan Source bugs may lead to extensive supply-chain attacks on source code

Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …

Software
Panther for AWS allows security teams to monitor their AWS infrastructure in real-time

Panther Labs announced Panther for AWS security, a security logging solution designed for AWS security teams. Now, AWS security teams will have a single platform for …

Don't miss

Cybersecurity news