open source - Security Ticks

Open source has a malware problem, and it’s getting worse

cybersecurity, Don't miss, Malware, News, open source, PyPI, report, Sonatype / SecurityTicks

Open source has a malware problem, and it’s getting worse 2025-07-10 at 08:27 By Help Net Security Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204. […]

React to this headline:

Open source has a malware problem, and it’s getting worse Read More »

Kanvas: Open-source incident response case management tool

cybersecurity, Don't miss, GitHub, Hot stuff, Incident Response, MITRE, News, open source, software, WithSecure / SecurityTicks

Kanvas: Open-source incident response case management tool 2025-07-09 at 07:31 By Mirko Zorz Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet of Doom) or similar files, so they can handle key tasks without jumping between different

React to this headline:

Kanvas: Open-source incident response case management tool Read More »

ParrotOS 6.4 lands with key tool updates and kernel upgrade

Linux, News, open source, software / SecurityTicks

ParrotOS 6.4 lands with key tool updates and kernel upgrade 2025-07-08 at 11:32 By Anamarija Pogorelec ParrotOS, known for its emphasis on security, privacy, and development, is widely used by cybersecurity professionals and enthusiasts alike. Version 6.4 delivers a host of updates and community-driven enhancements. The update is expected to be the final release in

React to this headline:

ParrotOS 6.4 lands with key tool updates and kernel upgrade Read More »

Aegis Authenticator: Free, open-source 2FA app for Android

2FA, Android, authentication, Don't miss, GitHub, News, open source, software / SecurityTicks

Aegis Authenticator: Free, open-source 2FA app for Android 2025-07-07 at 08:34 By Help Net Security Aegis Authenticator is an open-source 2FA app for Android that helps you manage login codes for your online accounts. The app features strong encryption and the ability to back up your data. It supports both HOTP and TOTP, so it

React to this headline:

Aegis Authenticator: Free, open-source 2FA app for Android Read More »

Google open-sources privacy tech for age verification

cybersecurity, Don't miss, GitHub, Google, identity verification, News, open source, Privacy / SecurityTicks

Google open-sources privacy tech for age verification 2025-07-03 at 18:47 By Sinisa Markovic Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which raises privacy and security concerns. In response, Google has open-sourced a cryptographic solution that

React to this headline:

Google open-sources privacy tech for age verification Read More »

GitPhish: Open-source GitHub device code flow security assessment tool

Don't miss, GitHub, News, open source, Praetorian, red team, software / SecurityTicks

GitPhish: Open-source GitHub device code flow security assessment tool 2025-07-03 at 09:30 By Help Net Security GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interface. GitPhish can be accessed via a

React to this headline:

GitPhish: Open-source GitHub device code flow security assessment tool Read More »

Secretless Broker: Open-source tool connects apps securely without passwords or keys

CyberArk, Don't miss, GitHub, News, open source, software / SecurityTicks

Secretless Broker: Open-source tool connects apps securely without passwords or keys 2025-07-02 at 08:01 By Mirko Zorz Secretless Broker is an open-source connection broker that eliminates the need for client applications to manage secrets when accessing target services like databases, web services, SSH endpoints, or other TCP-based systems. Secretless Broker features “We created Secretless Broker

React to this headline:

Secretless Broker: Open-source tool connects apps securely without passwords or keys Read More »

RIFT: New open-source tool from Microsoft helps analyze Rust malware

code analysis, Don't miss, GitHub, Malware, Microsoft, News, open source, rust / SecurityTicks

RIFT: New open-source tool from Microsoft helps analyze Rust malware 2025-06-30 at 13:01 By Mirko Zorz Microsoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming more popular for its speed and memory safety, those same qualities make malware

React to this headline:

RIFT: New open-source tool from Microsoft helps analyze Rust malware Read More »

Vulnerability Exposed All Open VSX Repositories to Takeover

Account Takeover, open source, Open VSX, Vulnerabilities, vulnerability / SecurityTicks

Vulnerability Exposed All Open VSX Repositories to Takeover 2025-06-27 at 11:47 By Ionut Arghire A vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository. The post Vulnerability Exposed All Open VSX Repositories to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Vulnerability Exposed All Open VSX Repositories to Takeover Read More »

Google’s Gemini CLI brings open-source AI agents to developers

Artificial Intelligence, generative AI, GitHub, Google, News, open source / SecurityTicks

Google’s Gemini CLI brings open-source AI agents to developers 2025-06-26 at 10:01 By Anamarija Pogorelec Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. The tool, simply named Gemini CLI,

React to this headline:

Google’s Gemini CLI brings open-source AI agents to developers Read More »

Kanister: Open-source data protection workflow management tool

Cloud Native Computing Foundation, Data Protection, Don't miss, GitHub, Kubernetes, News, open source, software / SecurityTicks

Kanister: Open-source data protection workflow management tool 2025-06-26 at 08:04 By Help Net Security Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way to

React to this headline:

Kanister: Open-source data protection workflow management tool Read More »

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

Don't miss, Hot stuff, News, open source, PoC, vulnerability / SecurityTicks

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) 2025-06-26 at 00:15 By Zeljka Zorz A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details

React to this headline:

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) Read More »

Reconmap: Open-source vulnerability assessment, pentesting management platform

Don't miss, GitHub, News, open source, reconnaissance, software / SecurityTicks

Reconmap: Open-source vulnerability assessment, pentesting management platform 2025-06-24 at 08:03 By Help Net Security Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to finish. The platform simplifies tasks and makes it easier for teams to work together,

React to this headline:

Reconmap: Open-source vulnerability assessment, pentesting management platform Read More »

Amazon Linux 2023 achieves FIPS 140-3 validation

Amazon, Linux, News, open source / SecurityTicks

Amazon Linux 2023 achieves FIPS 140-3 validation 2025-06-20 at 10:52 By Help Net Security Amazon Linux 2023 (AL2023) has earned FIPS 140-3 Level 1 validation for several of its cryptographic modules. This means it’s now approved for use in systems that need to meet U.S. and Canadian government standards for encryption. FIPS (Federal Information Processing

React to this headline:

Amazon Linux 2023 achieves FIPS 140-3 validation Read More »

35 open-source security tools to power your red team, SOC, and cloud security

Android, cybersecurity, GitHub, Linux, macOS, News, open source, software, Windows / SecurityTicks

35 open-source security tools to power your red team, SOC, and cloud security 2025-06-18 at 08:31 By Help Net Security This article showcases free, open-source security tools that support your organization’s teams in red teaming, threat hunting, incident response, vulnerability scanning, and cloud security. Autorize: Burp Suite extension for automatic authorization enforcement detection Autorize is

React to this headline:

35 open-source security tools to power your red team, SOC, and cloud security Read More »

Free AI coding security rules now available on GitHub

Artificial Intelligence, GitHub, LLMs, News, open source, Secure Code Warrior / SecurityTicks

Free AI coding security rules now available on GitHub 2025-06-17 at 16:47 By Sinisa Markovic Developers are turning to AI coding assistants to save time and speed up their work. But these tools can also introduce security risks if they suggest flawed or unsafe code. To help address that, Secure Code Warrior has released a

React to this headline:

Free AI coding security rules now available on GitHub Read More »

MDEAutomator: Open-source endpoint management, incident response in MDE

cybersecurity, Don't miss, GitHub, Hot stuff, Microsoft, News, open source, software / SecurityTicks

MDEAutomator: Open-source endpoint management, incident response in MDE 2025-06-16 at 08:36 By Help Net Security Managing endpoints and responding to security incidents in Microsoft Defender for Endpoint (MDE) can be time-consuming and complex. MDEAutomator is an open-source tool designed to make that easier. MDEAutomator is a modular, serverless solution for IT and security teams looking

React to this headline:

MDEAutomator: Open-source endpoint management, incident response in MDE Read More »

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools

Don't miss, Hot stuff, Kali Linux, News, OffSec, open source, penetration testing, software / SecurityTicks

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools 2025-06-14 at 12:17 By Zeljka Zorz OffSec has released Kali Linux 2025.2, the most up-to-date version of the widely used penetration testing and digital forensics platform. KDE Plasma 6.3 in Kali Linux 2025.2 (Source: OffSec) New in Kali Linux 2025.2 As per usual, the newest

React to this headline:

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools Read More »

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment

cybersecurity, Don't miss, GitHub, News, open source, OWASP, scanning, software, vulnerability assessment / SecurityTicks

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment 2025-06-11 at 09:01 By Mirko Zorz OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It

React to this headline:

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment Read More »

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic

Don't miss, GitHub, News, open source, software / SecurityTicks

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic 2025-06-09 at 08:00 By Mirko Zorz fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might point to malware, phishing, or other threats. fiddleitm features “I created fiddleitm

React to this headline:

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic Read More »