software

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools 2025-06-14 at 12:17 By Zeljka Zorz OffSec has released Kali Linux 2025.2, the most up-to-date version of the widely used penetration testing and digital forensics platform. KDE Plasma 6.3 in Kali Linux 2025.2 (Source: OffSec) New in Kali Linux 2025.2 As per usual, the newest […]

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools Read More »

Security flaws in government apps go unpatched for years

Security flaws in government apps go unpatched for years 2025-06-13 at 08:02 By Help Net Security 78% of public sector organizations are operating with significant security debt, flaws left unaddressed for more than a year, according to Veracode. 55% are burdened with ‘critical’ security debt, representing long-standing vulnerabilities with severe risk potential. Public sector flaw

Security flaws in government apps go unpatched for years Read More »

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment 2025-06-11 at 09:01 By Mirko Zorz OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment Read More »

Android Enterprise update puts mobile security first

Android Enterprise update puts mobile security first 2025-06-10 at 21:04 By Mirko Zorz Google is rolling out new Android Enterprise features aimed at improving mobile security, IT management, and employee productivity. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. Many security incidents involve smartphones, often due to

Android Enterprise update puts mobile security first Read More »

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic 2025-06-09 at 08:00 By Mirko Zorz fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might point to malware, phishing, or other threats. fiddleitm features “I created fiddleitm

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic Read More »

Meta open-sources AI tool to automatically classify sensitive documents

Meta open-sources AI tool to automatically classify sensitive documents 2025-06-05 at 09:17 By Mirko Zorz Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive information in documents and apply security labels automatically. The tool uses customizable classification rules

Meta open-sources AI tool to automatically classify sensitive documents Read More »

Vet: Open-source software supply chain security tool

Vet: Open-source software supply chain security tool 2025-06-03 at 08:34 By Help Net Security Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet supports several ecosystems, including npm,

Vet: Open-source software supply chain security tool Read More »

Development vs. security: The friction threatening your code

Development vs. security: The friction threatening your code 2025-06-03 at 07:32 By Sinisa Markovic Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s critical that security doesn’t block or decelerate the development process or become a barrier

Development vs. security: The friction threatening your code Read More »

48% of security pros are falling behind compliance requirements

48% of security pros are falling behind compliance requirements 2025-06-02 at 07:07 By Help Net Security 32% of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations, according to Lineaje. Meanwhile, 68% are more realistic, noting they feel uncertain about achieving this near impossible outcome. Software compliance adoption varies across

48% of security pros are falling behind compliance requirements Read More »

Exchange 2016, 2019 support ends soon: What IT should do to stay secure

Exchange 2016, 2019 support ends soon: What IT should do to stay secure 2025-05-30 at 07:33 By Help Net Security Microsoft is ending support for Exchange Server 2016, Exchange Server 2019, and Outlook 2016 on October 14, 2025. That date might seem far off, but if you’re managing email systems or Office deployments, it’s worth

Exchange 2016, 2019 support ends soon: What IT should do to stay secure Read More »

Woodpecker: Open-source red teaming for AI, Kubernetes, APIs

Woodpecker: Open-source red teaming for AI, Kubernetes, APIs 2025-05-28 at 08:17 By Mirko Zorz Woodpecker is an open-source tool that automates red teaming, making advanced security testing easier and more accessible. It helps teams find and fix security weaknesses in AI systems, Kubernetes environments, and APIs before attackers can exploit them. Key features of Woodpecker

Woodpecker: Open-source red teaming for AI, Kubernetes, APIs Read More »

Hottest cybersecurity open-source tools of the month: May 2025

Hottest cybersecurity open-source tools of the month: May 2025 2025-05-28 at 07:03 By Help Net Security This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Vuls: Open-source agentless vulnerability scanner Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created

Hottest cybersecurity open-source tools of the month: May 2025 Read More »

LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks

LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks 2025-05-26 at 08:52 By Mirko Zorz LlamaFirewall is a system-level security framework for LLM-powered applications, built with a modular design to support layered, adaptive defense. It is designed to mitigate a wide spectrum of AI agent security risks including jailbreaking and indirect prompt injection,

LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks Read More »

AutoPatchBench: Meta’s new way to test AI bug fixing tools

AutoPatchBench: Meta’s new way to test AI bug fixing tools 2025-05-21 at 08:02 By Mirko Zorz AutoPatchBench is a new benchmark that tests how well AI tools can fix code bugs. It focuses on C and C++ vulnerabilities found through fuzzing. The benchmark includes 136 real bugs and their verified fixes, taken from the ARVO

AutoPatchBench: Meta’s new way to test AI bug fixing tools Read More »

Hanko: Open-source authentication and user management

Hanko: Open-source authentication and user management 2025-05-19 at 07:32 By Mirko Zorz Hanko is an open-source, API-first authentication solution purpose-built for the passwordless era. “We focus on helping developers and organizations modernize their authentication flows by migrating users towards passkeys, while still supporting all common authentication methods like email/password, MFA, OAuth, as well as SAML

Hanko: Open-source authentication and user management Read More »

Cerbos: Open-source, scalable authorization solution

Cerbos: Open-source, scalable authorization solution 2025-05-14 at 07:34 By Help Net Security Cerbos is an open-source solution designed to simplify and modernize access control for cloud-native, microservice-based applications. Instead of hardcoding authorization logic into your application, Cerbos lets you write flexible, context-aware access policies using a YAML syntax. These policies are managed separately from your

Cerbos: Open-source, scalable authorization solution Read More »

SPIRE: Toolchain of APIs for establishing trust between software systems

SPIRE: Toolchain of APIs for establishing trust between software systems 2025-05-12 at 08:00 By Help Net Security SPIRE is a graduated project of the Cloud Native Computing Foundation (CNCF). It’s a production-ready implementation of the SPIFFE APIs that handles node and workload attestation to securely issue SVIDs to workloads and verify the SVIDs of other

SPIRE: Toolchain of APIs for establishing trust between software systems Read More »

Analyze resource-based policy dependencies across your AWS Organizations accounts

Analyze resource-based policy dependencies across your AWS Organizations accounts 2025-05-09 at 08:02 By Help Net Security Managing multiple AWS accounts in an organization can get complicated, especially when trying to understand how services and permissions are connected. The Account Assessment for AWS Organizations open-source tool helps simplify this process by giving you a central place

Analyze resource-based policy dependencies across your AWS Organizations accounts Read More »

Autorize: Burp Suite extension for automatic authorization enforcement detection

Autorize: Burp Suite extension for automatic authorization enforcement detection 2025-05-07 at 08:02 By Help Net Security Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. Autorize installation To use Autorize, you’ll need Burp Suite and Jython. Here’s

Autorize: Burp Suite extension for automatic authorization enforcement detection Read More »

Vuls: Open-source agentless vulnerability scanner

Vuls: Open-source agentless vulnerability scanner 2025-05-05 at 07:33 By Help Net Security Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to solve the daily problems admins face when trying to keep servers secure. Many administrators choose not to use automatic software updates because they want to avoid

Vuls: Open-source agentless vulnerability scanner Read More »

Scroll to Top