open source
Linux Kernel 6.8 Released: New Features and Hardware Support
Linus Torvalds recently announced the release of Linux kernel 6.8, the latest stable version of the Linux kernel. This update brings a plethora of new features and improvements, making it a significant ...
Mitigating Lurking Threats in the Software Supply Chain
The first step to addressing software supply chain vulnerabilities and threats is to understand the most common attacks. Here's where to start ...
New SSH-Snake Worm-Like Tool Threatens Network Security
The Sysdig Threat Research Team (TRT) discovered that a threat actor is leveraging an open-source network mapping tool called SSH-Snake for malicious activities. This tool utilizes SSH credentials found on the compromised ...
Relishing new Fickling features for securing ML systems
By Suha S. Hussain We’ve added new features to Fickling to offer enhanced threat detection and analysis across a broad spectrum of machine learning (ML) workflows. Fickling is a decompiler, static analyzer, ...
How we applied advanced fuzzing techniques to cURL
By Shaun Mirani Near the end of 2022, Trail of Bits was hired by the Open Source Technology Improvement Fund (OSTIF) to perform a security assessment of the cURL file transfer command-line ...
CNCF Graduates Falco Project to Improve Linux Security
The Cloud Native Computing Foundation (CNCF) announced today that Falco, an open source tool for defining security rules in Linux environments, has officially graduated ...
Synopsys Report Exposes Extent of Open Source Software Security Risks
Synopsys found 74% of 1,067 commercial codebases scanned contain open source components impacted by high-risk vulnerabilities ...
Several OpenJDK Vulnerabilities Fixed
Recently, several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking of sensitive data to log files, denial of service, or bypass of sandbox ...
Continuously fuzzing Python C extensions
By Matt Schwager Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in ...
Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi
Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault ...