UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat APT group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made...

Automated Generation of Cybersecurity Exercise Scenarios

There is a growing need for cybersecurity professionals with practical knowledge and experience to meet societal needs and comply with new standards and regulations. At the same time, the advances in software technology and artificial intelligence point towards a future where software agents will...

CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...

AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

From an Anthropic blog post: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates h...

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities

Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. Th...

Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet

Why the Exploit Window Has Collapsed and How CISOs Must Pivot to Survive For decades, cybersecurity was a game of time. We banked on the buffer between a vulnerability’s disclosure and its widespread exploitation. We relied on the forgiving internet, where human attackers needed days or weeks to...

Mysterious Elephant: a growing threat

Introduction Mysterious Elephant is a highly active advanced persistent threat APT group that we at Kaspersky GReAT discovered in 2023. It has been consistently evolving and adapting its tactics, techniques, and procedures TTPs to stay under the radar. With a primary focus on targeting government...

EUVD-2024-37246

Malicious code in bioql PyPI...

Reducing False Positives with Active Behavioral Analysis for Cloud Security

Rule-based cloud security posture management CSPM solutions are known to produce a lot of false positives based on the limited contextual understanding and dependence on static heuristics testing. This paper introduces a validation-driven methodology that integrates active behavioral testing in...

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

A Chinese-speaking advanced persistent threat APT actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talo...

BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation...

Exploit for CVE-2007-6750

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets. The project currently consists of two major components: a script invoking and aggregating the results of existing...

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker...

[SECURITY] Fedora 41 Update: open-vm-tools-12.5.2-1.fc41

The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and...

A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems

Digital twins DTs help improve real-time monitoring and decision-making in water distribution systems. However, their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service DoS, and unauthorized access. Small and medium-sized enterprises SMEs that manage these...

Top Open Source API Security Tools

The modern world relies on Application Programming Interfaces APIs. They allow applications to communicate with each other, servers, and consumers to facilitate data sharing and simplify application development. Without them, the internet would be unrecognizable. However, APIs also present a...

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversar...

CVE-2024-38285

Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools...

CVE-2024-38285 Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools...

Collaborative Scheduling: Enhancing Team Coordination With Open-Source Tools

By Uzair Amir In the rapidly evolving work environment of today, collaborative scheduling stands out as a foundational pillar for effective… This is a post from HackRead.com Read the original post: Collaborative Scheduling: Enhancing Team Coordination With Open-Source Tools...