Collaborate Disseminate
Certainly is an open-source offensive security toolkit designed to capture extensive traffic across various network protocols in bit-flip and typosquatting scenarios. Built-in protocols: DNS, HTTP(S), IMAP(S), SMTP(S). “The reason why we created … Continue reading Certainly: Open-source offensive security toolkit
Paid maintainers are 55% more likely to implement critical security and maintenance practices than unpaid maintainers and are dedicating more time to implementing security practices like those included in industry standards like the OpenSSF Scorecard a… Continue reading Paid open-source maintainers spend more time on security
Nextcloud has launched Nextcloud Hub 9, a significant update to its open-source cloud-based collaboration platform. It introduces several new features to improve user experience, performance, and security. Enhanced security in Nextcloud Hub 9 Nextcloud… Continue reading Nextcloud Hub 9 released: New features, more security, updated performance
92% of security leaders have concerns about the use of AI-generated code within their organization, according to Venafi. Tension between security and developer teams 83% of security leaders say their developers currently use AI to generate code, with 5… Continue reading Security leaders consider banning AI coding due to security risks
Crowdsec is an open-source solution that offers crowdsourced protection against malicious IPs. CrowdSec features For this project, the developers have two objectives: Provide free top-quality intrusion detection and protection software. There’s c… Continue reading CrowdSec: Open-source security solution offering crowdsourced protection
In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional sof… Continue reading Detecting vulnerable code in software dependencies is more complex than it seems
Explore four different large language models for free at Duck.ai. Having an existing account is not required. Continue reading DuckDuckGo Joins AI Chat, Promises Enhanced Anonymity
EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems. “EchoStrike allows you to generate binaries that, when executed, create an undetectable RevShell, which can be th… Continue reading EchoStrike: Generate undetectable reverse shells, perform process injection
A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are perilously high, function-level reachability analysis still offers the best value in … Continue reading Trends and dangers in open-source software dependencies
Minor updates break clients 94% of the time, while version upgrades cause issues 95% of the time, according to Endor Labs researchers. Continue reading Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds