GitHub

Evilginx: Open-source man-in-the-middle attack framework

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Evilginx: Open-source man-in-the-middle attack framework 2024-12-23 at 07:37 By Mirko Zorz Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards. “Back in 2017, I was experimenting with extracting cookies from one browser and importing them into another. I realized this technique could effectively […]

React to this headline:

Loading spinner

Evilginx: Open-source man-in-the-middle attack framework Read More »

Vanir: Open-source security patch validation for Android

Android, Don't miss, GitHub, Google, Hot stuff, News, open source, patch, software /

Vanir: Open-source security patch validation for Android 2024-12-18 at 06:34 By Help Net Security Google’s open-source tool Vanir enables Android developers to quickly scan custom platform code for missing or applicable security patches. By automating patch validation, Vanir helps OEMs deliver critical security updates faster, enhancing the security of the Android ecosystem. Vanir uses source-code-based

React to this headline:

Loading spinner

Vanir: Open-source security patch validation for Android Read More »

MUT-1244 targeting security researchers, red teamers, and threat actors

Checkmarx, cryptojacking, data theft, Datadog, Don't miss, GitHub, Hot stuff, News, phishing, WordPress /

MUT-1244 targeting security researchers, red teamers, and threat actors 2024-12-16 at 17:33 By Zeljka Zorz A threat actor tracked as MUT-1244 by DataDog researchers has been targeting academics, pentesters, red teamers, security researchers, as well as other threat actors, in order to steal AWS access keys, WordPress account credentials and other sensitive data. MUT-1244 has

React to this headline:

Loading spinner

MUT-1244 targeting security researchers, red teamers, and threat actors Read More »

Trapster Community: Open-source, low-interaction honeypot

Don't miss, GitHub, honeypots, News, open source, software /

Trapster Community: Open-source, low-interaction honeypot 2024-12-16 at 06:33 By Mirko Zorz Trapster Community is an open-source, lightweight, low-interaction honeypot designed for deployment within internal networks. It enhances network security by creating a deceptive layer that monitors and detects suspicious activities. “Our reengineered approach leverages the asyncio library, breaking away from the norm of Twisted, to

React to this headline:

Loading spinner

Trapster Community: Open-source, low-interaction honeypot Read More »

FuzzyAI: Open-source tool for automated LLM fuzzing

CyberArk, Don't miss, GitHub, News, open source, software /

FuzzyAI: Open-source tool for automated LLM fuzzing 2024-12-13 at 07:36 By Help Net Security FuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, like guardrail bypassing and harmful output generation. FuzzyAI offers organizations a systematic approach to testing AI models against various adversarial inputs,

React to this headline:

Loading spinner

FuzzyAI: Open-source tool for automated LLM fuzzing Read More »

Keycloak: Open-source identity and access management

access management, Don't miss, GitHub, Hot stuff, identity management, News, open source, software /

Keycloak: Open-source identity and access management 2024-12-12 at 06:04 By Help Net Security Keycloak is an open-source project for identity and access management (IAM). It provides user federation, strong authentication, user management, authorization, and more. Keycloak is based on standard protocols and supports OpenID Connect, OAuth 2.0, and SAML. Single Sign-On: Users authenticate through Keycloak

React to this headline:

Loading spinner

Keycloak: Open-source identity and access management Read More »

Neosync: Open-source data anonymization, synthetic data orchestration

anonymity, Don't miss, GitHub, News, open source, Privacy, software /

Neosync: Open-source data anonymization, synthetic data orchestration 2024-12-10 at 06:37 By Help Net Security Neosync is an open-source, developer-centric solution designed to anonymize PII, generate synthetic data, and synchronize environments for improved testing and debugging. What you can do with Neosync Safely test code with production data: Anonymize sensitive production data to safely use it

React to this headline:

Loading spinner

Neosync: Open-source data anonymization, synthetic data orchestration Read More »

SafeLine: Open-source web application firewall (WAF)

Don't miss, firewall, GitHub, Hot stuff, News, open source, software, web application security /

SafeLine: Open-source web application firewall (WAF) 2024-12-04 at 07:38 By Mirko Zorz SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. “SafeLine WAF was created to protect web applications for small and medium-sized enterprises from cyber threats by monitoring and filtering HTTP/HTTPS traffic. More importantly, with the widespread

React to this headline:

Loading spinner

SafeLine: Open-source web application firewall (WAF) Read More »

The shocking speed of AWS key exploitation

automation, AWS, Clutch Security, credentials, Don't miss, GitHub, Hot stuff, News, security practices /

The shocking speed of AWS key exploitation 2024-12-02 at 21:19 By Zeljka Zorz It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to see just

React to this headline:

Loading spinner

The shocking speed of AWS key exploitation Read More »

Data scientists create tool to spot fake images

GitHub, News, research, software /

Data scientists create tool to spot fake images 2024-12-02 at 06:02 By Help Net Security Pixelator v2 is a tool to spot fake images. It uses a new combination of image veracity techniques with capability beyond what can be seen by the human eye. It can identify subtle differences in images with greater accuracy than

React to this headline:

Loading spinner

Data scientists create tool to spot fake images Read More »

Cybercriminals used a gaming engine to create undetectable malware loader

Check Point, Don't miss, GitHub, Hot stuff, Linux, macOS, Malware, malware detection, News, software development, Windows /

Cybercriminals used a gaming engine to create undetectable malware loader 2024-11-27 at 20:33 By Zeljka Zorz Threat actors are using an ingenious new way for covertly delivering malware to a wide variety of operating systems and platforms: they have created a malware loader that uses Godot Engine, an open-source game engine. The loader – dubbed

React to this headline:

Loading spinner

Cybercriminals used a gaming engine to create undetectable malware loader Read More »

Hottest cybersecurity open-source tools of the month: November 2024

cybersecurity, Don't miss, GitHub, News, open source, software /

Hottest cybersecurity open-source tools of the month: November 2024 2024-11-27 at 06:03 By Help Net Security This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. ScubaGear ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations

React to this headline:

Loading spinner

Hottest cybersecurity open-source tools of the month: November 2024 Read More »

Deploy a SOC using Kali Linux in AWS

AWS, cybersecurity, GitHub, Kali Linux, News, open source, SOC, Terraform /

Deploy a SOC using Kali Linux in AWS 2024-11-25 at 07:04 By Mirko Zorz The Kali SOC in AWS project enables the deployment of a Security Operations Center (SOC) in AWS, utilizing the Kali Linux toolset for purple team activities. This environment is ideal for honing skills in security operations, threat detection, incident response, and

React to this headline:

Loading spinner

Deploy a SOC using Kali Linux in AWS Read More »

AxoSyslog: Open-source scalable security data processor

cybersecurity, Don't miss, GitHub, News, open source, software /

AxoSyslog: Open-source scalable security data processor 2024-11-21 at 08:52 By Mirko Zorz AxoSyslog is a syslog-ng fork, created and maintained by the original creator of syslog-ng, Balazs Scheidler, and his team. “We first started by making syslog-ng more cloud-ready: we packaged syslog-ng in a container, added helm charts, and made it more suitable for use

React to this headline:

Loading spinner

AxoSyslog: Open-source scalable security data processor Read More »

GitHub Secure Open Source Fund: Project maintainers, apply now!

Don't miss, education, GitHub, Hot stuff, News, open source, software development /

GitHub Secure Open Source Fund: Project maintainers, apply now! 2024-11-20 at 15:42 By Zeljka Zorz GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software. The program is funded by companies (AmEx

React to this headline:

Loading spinner

GitHub Secure Open Source Fund: Project maintainers, apply now! Read More »

Open-source and free Android password managers that prioritize your privacy

authentication, cybersecurity, Don't miss, GitHub, News, open source, password manager, passwords, software /

Open-source and free Android password managers that prioritize your privacy 2024-11-19 at 06:47 By Anamarija Pogorelec We’re often told to use strong, unique passwords, especially for important accounts like email, banking, and social media. However, managing different passwords for numerous accounts can be challenging. Password managers simplify this by securely storing all your passwords so

React to this headline:

Loading spinner

Open-source and free Android password managers that prioritize your privacy Read More »

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps

CISA, Don't miss, GitHub, Hot stuff, News, open source /

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps 2024-11-18 at 06:32 By Mirko Zorz ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear analyzes an organization’s M365 tenant configuration, offering actionable insights and recommendations to help

React to this headline:

Loading spinner

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps Read More »

GoIssue phishing tool targets GitHub developer credentials

cybercrime, GitHub, News, phishing /

GoIssue phishing tool targets GitHub developer credentials 2024-11-13 at 15:49 By Mirko Zorz Researchers discovered GoIssue, a new phishing tool targeting GitHub users, designed to extract email addresses from public profiles and launch mass email attacks. Marketed on a cybercrime forum, GoIssue allows attackers to send bulk emails while keeping their identity hidden using proxies.

React to this headline:

Loading spinner

GoIssue phishing tool targets GitHub developer credentials Read More »

Powerpipe: Open-source dashboards for DevOps

DevOps, Don't miss, GitHub, Hot stuff, News, open source, software /

Powerpipe: Open-source dashboards for DevOps 2024-11-12 at 07:03 By Help Net Security Powerpipe is an open-source solution designed to streamline DevOps management with powerful visualization and compliance tools, making it simple to track, assess, and act on key data for smarter decision-making and continuous compliance monitoring. Dynamic dashboards and reports Powerpipe’s high-level dashboards offer an

React to this headline:

Loading spinner

Powerpipe: Open-source dashboards for DevOps Read More »

Am I Isolated: Open-source container security benchmark

containers, Don't miss, Edera, GitHub, Hot stuff, Kubernetes, News, open source, software /

Am I Isolated: Open-source container security benchmark 2024-11-08 at 07:30 By Mirko Zorz Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to improve users’

React to this headline:

Loading spinner

Am I Isolated: Open-source container security benchmark Read More »

Scroll to Top