Apache OpenMeetings Vulnerabilities
Researcher discovered three vulnerabilities in the open source Web application Apache OpenMeetings application can be used together into an attack chain that allows threat actors to take over a user…
GitHub Push Protection
GitHub has moved push protection into general availability and made it free for all public repositories. Push protection helps detect secrets in code as changes are pushed. It is also…
Cisco Clam AV Bug leads to a RCE
A critical vulnerability in Cisco’s ClamAV open-source AV solution has been patched. This flaw could allow remote code execution on infected devices The vulnerability tracked as CVE-2023-20032 with a CVSS…
Grafana – Releases Open Source Tools
Grafana Labs is releasing two open-source tools designed to help developers make their applications more efficient and resolve software errors faster. Grafana, one of the most popular open-source platforms for…
Venomous Python bug affects millions of Open Source Projects
Researchers from Trellix said that they discovered a vulnerability in Python's tarfile module affecting 350,000 open source projects, which provides a way to read and write compressed bundles of files…
Google Paranoid
Google has announced the open sourcing of Paranoid, a project for identifying well-known weaknesses in cryptographic artifacts. The library includes support for testing multiple crypto artifacts, such as digital signatures,…
Ox4Shell – Log4Shell De-obfuscator
A Log4Shell de-obfuscation tool dubbed Ox4Shell, promises simple, rapid payload analysis without the risk of critical side effects has been showcased at Black Hat USA. The tool offers a potent…
Deepfence YaRadare – Open Source Threat Indicators Search
Deepfence YaRadare aka “Ya-Radar” which scans container photos, operating Docker containers, and filesystems to search out indicators of malware by using YARA ruleset and scans the assets to determine the presence of malware…