Code highlighting with Cursor AI for $500,000
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.
Open Source
Open source has a malware problem, and it’s getting worse
Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204. Compare…
Kanvas: Open-source incident response case management tool
Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet of Doom) or similar files, so they can handle key tasks without jumping betwe…
ParrotOS 6.4 lands with key tool updates and kernel upgrade
ParrotOS, known for its emphasis on security, privacy, and development, is widely used by cybersecurity professionals and enthusiasts alike. Version 6.4 delivers a host of updates and community-driven enhancements. The update is expected to be the fina…
Aegis Authenticator: Free, open-source 2FA app for Android
Aegis Authenticator is an open-source 2FA app for Android that helps you manage login codes for your online accounts. The app features strong encryption and the ability to back up your data. It supports both HOTP and TOTP, so it works with thousands of…
GitPhish: Open-source GitHub device code flow security assessment tool
GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interfa…
Secretless Broker: Open-source tool connects apps securely without passwords or keys
Secretless Broker is an open-source connection broker that eliminates the need for client applications to manage secrets when accessing target services like databases, web services, SSH endpoints, or other TCP-based systems. Secretless Broker features …
RIFT: New open-source tool from Microsoft helps analyze Rust malware
Microsoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming more popular for its speed and memory safety, those same qualities make malware …
Vulnerability Exposed All Open VSX Repositories to Takeover
A vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository.
The post Vulnerability Exposed All Open VSX Repositories to Takeover appeared first on SecurityWeek.
Google’s Gemini CLI brings open-source AI agents to developers
Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. The tool, simply named G…