Please turn on your JavaScript for this page to function normally.
CasaOS
CasaOS: Open-source home cloud based on the Docker ecosystem

For parents and families, the thought of someone gaining access to sensitive information can be nothing short of a nightmare. However, one group of developers are on a mission …

Log4j
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …

Kali Linux 2021.4
Kali Linux 2021.4 released: Wider Samba compatibility, The Social-Engineer Toolkit, new tools, and more!

Offensive Security released Kali Linux 2021.4, which comes with a number of improvements: wider Samba compatibility, switching package manager mirrors, enhanced Apple M1 …

xmgoat
XMGoat: Open-source pentesting tool for Azure

XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within …

Kafdrop
Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide

Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than …

Acra
Acra: Open-source database protection with field-level encryption and intrusion detection

Cossack Labs updated its flagship open-source product Acra database security suite to version 0.90.0 and made many of its core security features previously available only for …

python pi
Malicious Python packages employ advanced detection evasion techniques

JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …

Dependency Combobulator
Dependency Combobulator: Open source toolkit to combat dependency confusion attacks

Apiiro released Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The toolkit, available on GitHub, …

Hand
Trojan Source bugs may lead to extensive supply-chain attacks on source code

Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …

cube
Regulation fatigue: A challenge to shift processes left

Recent high-profile supply chain attacks have heightened the need for increased regulation of the open-source community. In the U.S., for example, President Biden’s …

UA-Parser-js
Popular npm package hijacked, modified to deliver cryptominers

Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …

ThreatMapper
ThreatMapper: Open source platform for scanning runtime environments

Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, …

Don't miss

Cybersecurity news