Security News

Raven is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed as one-off CVEs. Raven boosts the ability of security teams to implement secure software development practices, enabling them to work more strategically with DevOps teams while maturing their organization's ASPM capabilities.

Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings.

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible...

Opinion When I was in Bilbao recently for the Open Source Summit Europe event, the main topic of conversation was the European Union's Cyber Resilience Act. Why? Because pretty much everyone with an open source clue sees it as strangling open source software development.

One in eight open-source downloads today poses known and avoidable risks. Only 11% of open-source projects are 'actively maintained'.

A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit...

Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products. The libwebp library is used by a large number of projects for encoding and decoding images in the WebP format, including modern web browsers like Safari, Mozilla Firefox, Microsoft Edge, Opera, and the native Android web browsers, as well as popular apps like 1Password and Signal.

Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers.

Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns.

BinDiff is a binary file comparison tool to find differences and similarities in disassembled code quickly. You can also port symbols and comments between disassemblies of multiple versions of the same binary or use BinDiff to gather evidence for code theft or patent infringement.