More results...
A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide, by hosting over 60 malicious repositories containing hundreds of trojanized Python files. Discovered by the ReversingLabs thre…
The Sysdig TRT has uncovered critical vulnerabilities in the GitHub Actions workflows of several high-profile open source projects, including those maintained by MITRE and Splunk. GitHub Actions, a popular platform for automating CI/CD pipelines, offer…
This article showcases free, open-source security tools that support your organization’s teams in red teaming, threat hunting, incident response, vulnerability scanning, and cloud security. Autorize: Burp Suite extension for automatic authorization enf…
A newly identified threat actor known as Water Curse has been linked to a sprawling campaign utilizing at least 76 GitHub accounts to distribute weaponized repositories packed with multistage malware. This financially motivated group leverages the inhe…
Managing endpoints and responding to security incidents in Microsoft Defender for Endpoint (MDE) can be time-consuming and complex. MDEAutomator is an open-source tool designed to make that easier. MDEAutomator is a modular, serverless solution for IT …
A sophisticated and increasing wave of cyberattacks now targets software developers through a little-known yet legitimate GitHub feature: the OAuth 2.0 Device Code Flow. Security experts, notably from Praetorian, have warned that threat actors are leve…
OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, s…
fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might point to malware, phishing, or other threats. fiddleitm features “I c…
Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated with the email address ischhfd83[at]rambler[.]ru. Initially sparked by a customer inquiry into the Sa…
Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive information in documents and apply security labels automatically. The tool uses cust…