Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted…
github
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux
Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached storage, or on your own computer. It doesn’t create a full image of your mac…
LudusHound: Open-source tool brings BloodHound data to life
LudusHound is an open-source tool that takes BloodHound data and uses it to set up a working Ludus Range for safe testing. It creates a copy of an Active Directory environment using previously gathered BloodHound data. Red teams can use this lab to map…
North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware
The Trellix Advanced Research Center exposed a DPRK-linked espionage operation attributed to the Kimsuky group (APT43), targeting diplomatic missions in South Korea. Between March and July, at least 19 spear-phishing emails impersonated trusted diploma…
Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
Microsoft warns that a fake ChatGPT desktop app was used to deliver PipeMagic malware, linked to ransomware attacks…
Buttercup: Open-source AI-driven system detects and patches vulnerabilities
Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place in DARPA’s AI Cyber Challenge (AIxCC). Main components Buttercup is made up of…
Obot MCP Gateway: Open-source platform to securely manage the adoption of MCP servers
Obot MCP Gateway is a free, open-source gateway that enables IT organizations to securely manage and scale adoption of Model Context Protocol (MCP) servers. MCPs are becoming the standard for how AI agents interface with real-world systems. Without a c…
SmartLoader Malware Masquerades as Legitimate GitHub Repository to Infect Users
AhnLab Security Intelligence Center (ASEC) has uncovered a sophisticated campaign involving the massive dissemination of SmartLoader malware through GitHub repositories designed to mimic legitimate software projects. These repositories target users sea…
EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations
EntraGoat is a purpose-built tool that sets up a vulnerable Microsoft Entra ID environment to mimic real-world identity security issues. It’s designed to help security professionals practice spotting and exploiting common misconfigurations. The tool cr…
Concentric AI enhances data security with new platform integrations
Concentric AI announced new integrations that enhance the AI-driven capabilities of its Semantic Intelligence data security governance platform, expanding data governance functionality for organizations. Concentric AI’s new integration with Wiz, gives …