Security News

Secretive is an open-source, user-friendly app designed to store and manage SSH keys within the Secure Enclave. Typically, SSH keys are stored on disk with appropriate permissions, which is usually sufficient.

Cirrus is an open-source Python-based tool designed to streamline Google Cloud forensic evidence collection. It can streamline environment access and evidence collection in investigations involving Google Workspace and GCP. The tool simplifies incident response activities and enhances an organization's security posture.

Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their...

Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process.

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America, South America, and Oceania, including two unnamed Asia-Pacific intergovernmental organizations.

Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials tool. Find vulnerabilities for major operating system packages Find vulnerabilities for language-specific packages Ruby Java JavaScript Python Dotnet Golang PHP Rust.

SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It's simpler, produces better output, and has more fingerprints than other subdomain takeover tools.

Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It's designed to handle engagements of any size.

BunkerWeb is an open-source Web Application Firewall distributed under the AGPLv3 free license. The solution's core code is entirely auditable by a third party and the community.

Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors. Successful exploitation of the first three shortcomings could permit an attacker to execute arbitrary commands on the Gogs server, while the fourth flaw allows attackers to read arbitrary files such as source code, and configuration secrets.