GitHub

AI is drowning software maintainers in junk security reports

AI, bug bounty, Don't miss, GitHub, Hot stuff, Linux, News, open source, vulnerability assessment, vulnerability disclosure /

AI is drowning software maintainers in junk security reports 2026-05-18 at 21:32 By Zeljka Zorz AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made the project’s […]

AI is drowning software maintainers in junk security reports Read More »

Lyrie: Open-source autonomous pentesting agent

agentic AI, AI, Don't miss, GitHub, News, open source, penetration testing, software /

Lyrie: Open-source autonomous pentesting agent 2026-05-18 at 09:42 By Sinisa Markovic Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase. The project reached version

Lyrie: Open-source autonomous pentesting agent Read More »

Microsoft’s WinUI agent plugin trims token use by over 70% during development

Claude Code, GitHub, Microsoft, News, programming, software development, Windows /

Microsoft’s WinUI agent plugin trims token use by over 70% during development 2026-05-14 at 18:25 By Sinisa Markovic Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX packaging. The WinUI agent plugin ships one agent, eight

Microsoft’s WinUI agent plugin trims token use by over 70% during development Read More »

Vector embedding security gap exposes enterprise AI pipelines

AI, cybersecurity, Data exfiltration, Don't miss, GitHub, Hot stuff, News, research /

Vector embedding security gap exposes enterprise AI pipelines 2026-05-14 at 08:30 By Mirko Zorz Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to embedding services and vector databases

Vector embedding security gap exposes enterprise AI pipelines Read More »

Rustinel: Open-source endpoint detection for Windows and Linux

Don't miss, Endpoint Security, GitHub, Hot stuff, Linux, News, open source, scanning, security telemetry, Windows /

Rustinel: Open-source endpoint detection for Windows and Linux 2026-05-11 at 08:51 By Mirko Zorz Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel, a

Rustinel: Open-source endpoint detection for Windows and Linux Read More »

One keypress is all it takes to compromise four AI coding tools

AI, Anthropic, Cursor, cybersecurity, DevSecOps, Don't miss, Features, GitHub, Google, Hot stuff, Microsoft, News, research, vulnerability /

One keypress is all it takes to compromise four AI coding tools 2026-05-08 at 01:14 By Mirko Zorz Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you

One keypress is all it takes to compromise four AI coding tools Read More »

Pipelock: Open-source AI agent firewall

agentic AI, AI, cybersecurity, Don't miss, firewall, GitHub, Hot stuff, News, open source /

Pipelock: Open-source AI agent firewall 2026-05-04 at 09:46 By Mirko Zorz AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security harness developed by Joshua Waldrep under

Pipelock: Open-source AI agent firewall Read More »

Brush shell 0.4.0 tightens script safety, widens platform support

GitHub, News, open source, software /

Brush shell 0.4.0 tightens script safety, widens platform support 2026-05-04 at 09:16 By Sinisa Markovic Rust-based alternatives to traditional Unix shells continue to attract users who want bash compatibility alongside built-in features like syntax highlighting and history-based suggestions. Brush, a bash- and POSIX-compatible shell written in Rust, sits in that group, and version 0.4.0 brings

Brush shell 0.4.0 tightens script safety, widens platform support Read More »

Open-source privacy proxy masks PII before prompts reach external AI services

data security, Dataiku, Don't miss, generative AI, GitHub, LLMs, News, open source, OpenAI, Privacy, software /

Open-source privacy proxy masks PII before prompts reach external AI services 2026-05-01 at 11:49 By Sinisa Markovic Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an

Open-source privacy proxy masks PII before prompts reach external AI services Read More »

Cisco releases open-source toolkit for verifying AI model lineage

AI, Cisco, Don't miss, enterprise, GitHub, News, open source, Python, Risk Management /

Cisco releases open-source toolkit for verifying AI model lineage 2026-04-30 at 16:02 By Mirko Zorz Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Security 2026

Cisco releases open-source toolkit for verifying AI model lineage Read More »

25 open-source cybersecurity tools that don’t care about your budget

AI, AWS, Compliance, GitHub, GitLab, Kubernetes, Linux, News, open source, OpenClaw, penetration testing, software, Trail of Bits /

25 open-source cybersecurity tools that don’t care about your budget 2026-04-27 at 10:30 By Anamarija Pogorelec Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respond

25 open-source cybersecurity tools that don’t care about your budget Read More »

OpenAI tackles a bad habit people have when interacting with AI

AI, GitHub, News, open source, OpenAI, Privacy /

OpenAI tackles a bad habit people have when interacting with AI 2026-04-23 at 12:17 By Sinisa Markovic Since people tend to paste personal data into AI tools such as ChatGPT, OpenAI has released Privacy Filter, an open-weight model designed to detect and redact personally identifiable information (PII) in text. The model is available under the

OpenAI tackles a bad habit people have when interacting with AI Read More »

Scenario: Open-source framework for automated AI app red-teaming

agentic AI, automation, Don't miss, framework, GitHub, LLMs, News, open source, red team, software /

Scenario: Open-source framework for automated AI app red-teaming 2026-04-23 at 09:47 By Mirko Zorz Enterprises running customer service bots, data analytics agents, and other AI-driven applications in production handle sensitive records and connect to core business systems every day. LangWatch has released Scenario, an open-source framework that runs automated red-team exercises against AI agents using

Scenario: Open-source framework for automated AI app red-teaming Read More »

PentAGI: Open-source autonomous AI penetration testing system

AI, automation, cybersecurity, Don't miss, GitHub, LLMs, News, open source, penetration testing, software /

PentAGI: Open-source autonomous AI penetration testing system 2026-04-22 at 10:09 By Anamarija Pogorelec Penetration testers have long relied on collections of specialized tools, manual coordination, and documented runbooks to work through a target assessment. PentAGI, an open-source project from VXControl, attempts to automate that entire workflow using a multi-agent AI system that plans, researches, and

PentAGI: Open-source autonomous AI penetration testing system Read More »

SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines

DevOps, Don't miss, GitHub, News, open source, software /

SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines 2026-04-20 at 09:14 By Mirko Zorz Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD infrastructure so engineering and security teams can see what an attacker would do in their specific environment. What the tool does SmokedMeat takes a flagged

SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines Read More »

GitHub lays out copyright liability changes and upcoming DMCA review for developers

GitHub, Government, News /

GitHub lays out copyright liability changes and upcoming DMCA review for developers 2026-04-16 at 10:31 By Mirko Zorz A U.S. Supreme Court ruling issued in March has settled a question that has circulated among platform operators and developers for years: whether a service provider can be held liable for copyright infringement committed by its users

GitHub lays out copyright liability changes and upcoming DMCA review for developers Read More »

Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab

Don't miss, GitHub, GitLab, Legit Security, News, open source, scanner, software /

Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab 2026-04-15 at 08:18 By Anamarija Pogorelec Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning

Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab Read More »

ZeroID: Open-source identity platform for autonomous AI agents

agentic AI, Artificial Intelligence, Don't miss, GitHub, Highflame, Hot stuff, News, open source, software /

ZeroID: Open-source identity platform for autonomous AI agents 2026-04-13 at 09:02 By Mirko Zorz ZeroID is an open-source identity platform that implements an identity and credentialing layer specifically for autonomous agents and multi-agent systems. The attribution problem The core issue ZeroID targets is attribution in agentic workflows. When an orchestrator agent spawns sub-agents to carry

ZeroID: Open-source identity platform for autonomous AI agents Read More »

Asqav: Open-source SDK for AI agent governance

agentic AI, cybersecurity, Don't miss, GitHub, News, open source, software /

Asqav: Open-source SDK for AI agent governance 2026-04-09 at 08:27 By Mirko Zorz AI agents are executing consequential tasks autonomously, often across multiple systems and with little record of what they did or why. Asqav, a Python SDK released under the MIT license, addresses that gap by attaching a cryptographic signature to each agent action

Asqav: Open-source SDK for AI agent governance Read More »

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure

Atlassian Jira, Cisco, GitHub, News, phishing, SaaS /

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure 2026-04-09 at 08:27 By Sinisa Markovic Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. “Because the emails are dispatched from the platform’s own infrastructure, they satisfy all standard

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure Read More »

Scroll to Top