Supply Chain Attacks Targeting GitHub Actions Increased in 2025
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
Researchers utilized prompts and large language models to develop an open-source AI framework capable of generating both vulnerability exploits and patches.
According to a recent Forescout analysis, open-source models were significantly less successful in vulnerability research than commercial and underground models.
Proofpoint researchers discovered a large-scale campaign using the open source penetration-testing framework that has targeted more than 80,000 Microsoft accounts.
Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.
Sysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar.
A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.
Researchers have uncovered one of the first examples of threat actors using artificial intelligence chatbots for malware creation, in a phishing attack spreading the open-source remote access trojan.
If security researchers can execute a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor, Google will make it worth their while.
Anyscale has dismissed the vulnerabilities as non-issues, according to researchers who reported the bugs to the company.
The open source object storage service was the target of a never-before-seen attack on corporate cloud services, which researchers said should put DevOps in particular on notice.
The new API incorporates threat intelligence research and employs machine learning to identify threats in the supply chain.
As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application.
New open source Cloud Hunter tool, developed through Lacework Labs research, helps customers get better visibility to reduce response times for incident investigations.
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?
The security research partnership will focus on developing new techniques and releasing them as open source.