New Initiative Tackles Security for End-of-Life Open Source Software
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.
Stay informed on End of Life protocols for software & devices to enhance your information security. Learn the risks and best practices with our latest news.
Search across headline titles and summaries.
Background for this topic.
End of life (EOL) marks the point when a software or hardware product is retired by its developer or manufacturer, typically ending maintenance, security updates, and technical support. Organizations should distinguish EOL from end of support or other lifecycle dates because vendors may stop sales, standard support, or security fixes at different times. An EOL asset can continue to operate, but its risk profile changes once newly discovered vulnerabilities are no longer patched.
Security teams should identify EOL assets through inventory and vulnerability-management processes, prioritize replacement or supported upgrades, and verify that dependent applications and configurations remain compatible. Where immediate replacement is impractical, risk can sometimes be reduced with network isolation, restricted administration, least-privilege access, monitoring, and documented exceptions; these controls do not restore vendor fixes. EOL systems also require explicit consideration in incident-response plans and privacy or compliance assessments, particularly when they process sensitive data or provide externally reachable services.
Weekly headline count for the current query.
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.
Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. [...]
Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive requiring federal agencies to identify and remove network edge devices that no longer receive security updates from manufacturers. [...]
Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands.
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. [...]
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. [...]
D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. [...]
Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. [...]
A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network
Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. [...]
A new report from TeamViewer found that 40% of global endpoints still run Windows 10, just days before security updates and support ends for the operating system
Windows 10 reaches end-of-life on Oct. 14, which will triple the number of vulnerable enterprise systems and create a massive attack surface for cybercriminals.
Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos
In the past year, "Static Tundra," aka "Energetic Bear," has breached thousands of end-of-life Cisco devices unpatched against a 2018 flaw, in a campaign targeting enterprises and critical infrastructure.
Snarfing up config files for 'thousands' of devices…just for giggles, we're sure The FBI and security researchers today warned that Russian government spies exploited a seven-year-old bug in end-of-life Cisco networking devices to snoop around in American critical infrastructure networks and collect information on industrial systems.…
Forescout also observed a big rise in CVEs added to CISA’s KEV catalog, some of which impacted end-of-life products
Someone's OVERSTEPing the mark Unknown miscreants are exploiting fully patched, end-of-life SonicWall VPNs to deploy a previously unknown backdoor and rootkit, likely for data theft and extortion, according to Google's Threat Intelligence Group.…
A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP
Vulnerability Could Enable Remote Code Injection AttacksWhen the lights start flickering in homes equipped with Schneider Electric end-of-life smart switches, it could be hackers, now that the French company disclosed a remotely exploitable vulnerability that won't receive a patch. No hacking has been reported to date.