Collaborate Disseminate
Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password s… Continue reading Monocle: Open-source LLM for binary analysis search
The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014. Continue reading Millions of Apple Applications Were Vulnerable to CocoaPods Supply Chain Attack
Secator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to enhance the efficiency of pen testers and security researchers. Secator features Curated list of command… Continue reading Secator: Open-source pentesting Swiss army knife
The OpenSSH bug represents the latest high-profile vulnerability to affect the open-source software ecosystem.
The post Researchers uncover rare, difficult-to-exploit OpenSSH vulnerability appeared first on CyberScoop.
Continue reading Researchers uncover rare, difficult-to-exploit OpenSSH vulnerability
Analysts found that 52% of open-source projects are written in memory-unsafe languages like C and C++. Continue reading CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code
Portainer Community Edition is an open-source, lightweight service delivery platform for containerized applications. It enables the management of Docker, Swarm, Kubernetes, and ACI environments. It provides a smart GUI and a comprehensive API to manage… Continue reading Portainer: Open-source Docker and Kubernetes management
Most critical open source software contains code written in a memory unsafe language, US, Australian, and Canadian government agencies warn.
The post US, Allies Warn of Memory Unsafety Risks in Open Source Software appeared first on SecurityWeek.
Continue reading US, Allies Warn of Memory Unsafety Risks in Open Source Software
Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories. With more than 15 million Docker downloads, 16,200 GitHub stars, 7 million GitHub downloads, thousands of… Continue reading Gitleaks: Open-source solution for detecting secrets in your code
Credentials, API tokens, and passkeys – collectively referred to as secrets – from organizations around the globe were exposed for years, according to Aqua Security’s latest research. By scanning the most popular 100 organizations on GitHub, whic… Continue reading Developer errors lead to long-term exposure of sensitive data in Git repos
A number of open source tech tools have moved towards commercial licences. Thoughtworks says this creates “big headaches” for IT, who are scrambling to maintain compliance and find replacement tools. Continue reading Some Open Source Software Licences are Only ‘Open-ish,’ Says Thoughtworks