open source

OSPS Baseline: Practical security best practices for open source software projects

OSPS Baseline: Practical security best practices for open source software projects 2025-02-28 at 14:49 By Help Net Security The Open Source Security Foundation (OpenSSF), a cross-industry initiative by the Linux Foundation, has announced the initial release of the Open Source Project Security Baseline (OSPS Baseline), a tiered framework of security practices that evolve with the […]

React to this headline:

Loading spinner

OSPS Baseline: Practical security best practices for open source software projects Read More »

Hottest cybersecurity open-source tools of the month: February 2025

Hottest cybersecurity open-source tools of the month: February 2025 2025-02-27 at 07:31 By Help Net Security This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Kunai: Open-source threat hunting tool for Linux Kunai is an open-source tool that provides deep and precise event monitoring for Linux

React to this headline:

Loading spinner

Hottest cybersecurity open-source tools of the month: February 2025 Read More »

OpenSSF Releases Security Baseline for Open Source Projects

OpenSSF Releases Security Baseline for Open Source Projects 2025-02-26 at 13:45 By Eduard Kovacs The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects. The post OpenSSF Releases Security Baseline for Open Source Projects appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

OpenSSF Releases Security Baseline for Open Source Projects Read More »

Dalfox: Open-source XSS scanner

Dalfox: Open-source XSS scanner 2025-02-26 at 08:20 By Mirko Zorz DalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, analyzing parameters, and verifying vulnerabilities faster and easier. “The uniqueness of Dalfox lies in its speed and ability to easily

React to this headline:

Loading spinner

Dalfox: Open-source XSS scanner Read More »

Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy

Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy 2025-02-25 at 15:18 By Help Net Security Hyperscalers have perpetuated the narrative that open-source solutions cannot compete at scale. This perception has influenced funding priorities, shaped policy discussions, and reinforced organizational reliance on Big Tech. With the launch of Hub

React to this headline:

Loading spinner

Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy Read More »

Misconfig Mapper: Open-source tool to uncover security misconfigurations

Misconfig Mapper: Open-source tool to uncover security misconfigurations 2025-02-24 at 07:33 By Mirko Zorz Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security risks

React to this headline:

Loading spinner

Misconfig Mapper: Open-source tool to uncover security misconfigurations Read More »

PRevent: Open-source tool to detect malicious code in pull requests

PRevent: Open-source tool to detect malicious code in pull requests 2025-02-20 at 16:52 By Zeljka Zorz Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static

React to this headline:

Loading spinner

PRevent: Open-source tool to detect malicious code in pull requests Read More »

Kunai: Open-source threat hunting tool for Linux

Kunai: Open-source threat hunting tool for Linux 2025-02-19 at 08:19 By Mirko Zorz Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. “What sets Kunai apart is its ability to go beyond simple event generation. While most security monitoring tools rely on syscalls or kernel function hooking, Kunai takes

React to this headline:

Loading spinner

Kunai: Open-source threat hunting tool for Linux Read More »

Orbit: Open-source Nuclei security scanning and automation platform

Orbit: Open-source Nuclei security scanning and automation platform 2025-02-17 at 07:50 By Mirko Zorz Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a SvelteKit-based web frontend and a Go-powered backend, with Terraform and Ansible handling infrastructure and automation. “I built

React to this headline:

Loading spinner

Orbit: Open-source Nuclei security scanning and automation platform Read More »

Beelzebub: Open-source honeypot framework

Beelzebub: Open-source honeypot framework 2025-02-10 at 06:30 By Mirko Zorz Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats. It features a low-code design for seamless deployment and leverages AI to emulate the behavior of a high-interaction honeypot. “I created Beelzebub because my research activities require

React to this headline:

Loading spinner

Beelzebub: Open-source honeypot framework Read More »

Ghidra 11.3 released: New features, performance improvements, bug fixes

Ghidra 11.3 released: New features, performance improvements, bug fixes 2025-02-07 at 07:53 By Help Net Security NSA’s Research Directorate released version 11.3 of Ghidra, an open-source software reverse engineering (SRE) framework. It offers advanced analysis tools, enabling users to dissect and examine compiled code across multiple platforms, including Windows, macOS, and Linux. Ghidra 11.3 is

React to this headline:

Loading spinner

Ghidra 11.3 released: New features, performance improvements, bug fixes Read More »

OpenNHP: Cryptography-driven zero trust protocol

OpenNHP: Cryptography-driven zero trust protocol 2025-02-05 at 07:01 By Mirko Zorz OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data. OpenNHP offers the following benefits: Reduces attack surface by hiding infrastructure Prevents unauthorized network reconnaissance Mitigates vulnerability exploitation Stops phishing via encrypted DNS Protects

React to this headline:

Loading spinner

OpenNHP: Cryptography-driven zero trust protocol Read More »

BadDNS: Open-source tool checks for subdomain takeovers

BadDNS: Open-source tool checks for subdomain takeovers 2025-02-03 at 07:03 By Mirko Zorz BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname – Check for dangling CNAME records and interrogate them for subdomain takeover opportunities ns – Check for dangling NS records and

React to this headline:

Loading spinner

BadDNS: Open-source tool checks for subdomain takeovers Read More »

ExtensionHound: Open-source tool for Chrome extension DNS forensics

ExtensionHound: Open-source tool for Chrome extension DNS forensics 2025-01-30 at 07:03 By Mirko Zorz Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions. ExtensionHound

React to this headline:

Loading spinner

ExtensionHound: Open-source tool for Chrome extension DNS forensics Read More »

BloodyAD: Open-source Active Directory privilege escalation framework

BloodyAD: Open-source Active Directory privilege escalation framework 2025-01-28 at 07:00 By Mirko Zorz BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege escalation techniques within Active Directory environments. Features “I created this tool because I do a lot of internal testing

React to this headline:

Loading spinner

BloodyAD: Open-source Active Directory privilege escalation framework Read More »

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST 2025-01-27 at 17:20 By Kevin Townsend Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool. The post Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST Read More »

Don’t let these open-source cybersecurity tools slip under your radar

Don’t let these open-source cybersecurity tools slip under your radar 2025-01-27 at 07:07 By Help Net Security This article showcases free, open-source cybersecurity tools that help you identify and address vulnerabilities, detect intrusion, protect websites from cyber attacks, monitor and detect suspicious activities across your network. Am I Isolated: Open-source container security benchmark Am I

React to this headline:

Loading spinner

Don’t let these open-source cybersecurity tools slip under your radar Read More »

GUI frontends for GnuPG, the free implementation of the OpenPGP standard

GUI frontends for GnuPG, the free implementation of the OpenPGP standard 2025-01-24 at 07:20 By Help Net Security GnuPG is a free and comprehensive implementation of the OpenPGP standard. It enables encryption and signing of data and communications, featuring a key management system and support for public key directories. While primarily a command-line tool, GnuPG

React to this headline:

Loading spinner

GUI frontends for GnuPG, the free implementation of the OpenPGP standard Read More »

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning 2025-01-23 at 07:03 By Help Net Security The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception. The scanner, developed by Maximilian Hildebrand, offers extensive support for various web cache poisoning and deception techniques. It features

React to this headline:

Loading spinner

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning Read More »

Stratoshark: Wireshark for the cloud – now available!

Stratoshark: Wireshark for the cloud – now available! 2025-01-22 at 20:33 By Help Net Security Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network visibility to the cloud, providing users with a standardized approach to cloud observability. Stratoshark incorporates much of Wireshark’s codebase, including its user interface elements. The interface and workflows will

React to this headline:

Loading spinner

Stratoshark: Wireshark for the cloud – now available! Read More »

Scroll to Top