Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
47 articles

#Open Source

All CosmicBytez Labs articles tagged #Open Source, across news, security advisories, how-to guides, and projects.

  • NewsJul 14, 2026

    Turning the Tables on Email Scammers With 'ScamBuster'

    An open-source, AI-driven system called ScamBuster adopts victim personas to actively engage with phishing attackers — gathering intelligence on criminal operations while consuming the scammer's time and attention.

  • NewsJul 6, 2026

    North Korean Hackers Target Open Source Developers in Supply Chain Attacks

    The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer...

  • NewsJul 5, 2026

    Flipper Zero Firmware Development Continues With Community Help

    Flipper Devices is downsizing its internal development team but confirms that Flipper Zero firmware development will continue, with greater reliance on...

  • NewsJul 3, 2026

    In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting

    A roundup of security stories you may have missed: an Anonymous-linked Canadian hacker receives a prison sentence, a researcher drops zero-days in open...

  • NewsJul 2, 2026

    Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.

    IBM and Red Hat announced Project Lightwell — a $5 billion commitment to secure open-source supply chains using Anthropic's Mythos AI model, which found...

  • ProjectJul 1, 2026

    OWASP DefectDojo: Self-Hosted Vulnerability Management Platform

    Aggregate, deduplicate, and track security findings from 100+ scanners in a unified dashboard. Build a production-grade vulnerability management pipeline...

  • NewsJun 30, 2026

    Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

    Security researchers have found that classic Bash shell techniques — some dating back decades — can bypass the safeguards in most open-source AI coding...

  • NewsJun 28, 2026

    Linux Foundation Unveils New Open Source Security Project Akrites

    The Linux Foundation has launched Akrites, a new open source security initiative designed to give the community standardized tools and channels to report,...

  • NewsJun 27, 2026

    New Initiative Tackles Security for End-of-Life Open Source Software

    The Open Source Sustainability Initiative launches to help enterprises manage and secure aging open source projects, addressing the growing compliance and...

  • NewsJun 25, 2026

    25-Year-Old Vulnerability Patched in Curl

    Curl 8.21.0 patches 18 vulnerabilities including a 25-year-old mTLS connection reuse flaw (CVE-2026-8932) that could allow authentication bypass. With...

  • NewsJun 24, 2026

    Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

    Security researchers have disclosed a class of exploitable flaws in CI/CD pipeline configurations that allow unauthenticated attackers to take full...

  • NewsJun 21, 2026

    How Software Development's Speed Obsession Enabled TeamPCP's Chaos Crusade

    TeamPCP's remarkable success attacking open-source software was no accident — it exploited a cultural vulnerability baked into modern development: the...

  • ProjectJun 17, 2026

    Building a SOAR Platform with Shuffle in Your Homelab

    Deploy Shuffle, the open-source SOAR platform, to automate security workflows and orchestrate your homelab tools — from Wazuh alerts to enrichment lookups...

  • NewsJun 6, 2026

    OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

    OWASP has launched CVE Lite CLI, a free open-source command line tool that scans software projects in seconds to identify packages with known CVE…

  • NewsJun 5, 2026

    EU Unveils Tech Sovereignty Package to Cut Reliance on US and Chinese Suppliers

    The European Commission has unveiled a sweeping technology sovereignty package combining a Chips Act 2.0, a Cloud and AI Development Act (CADA), an Open…

  • NewsJun 4, 2026

    Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

    Researchers have uncovered a large-scale SEO poisoning campaign that uses fake open-source and freeware project sites to funnel victims through a Traffic…

  • NewsMay 28, 2026

    IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under "Project Lightwell"

    IBM and Red Hat unveil Project Lightwell, a $5B commitment to securing open-source supply chains by fixing vulnerabilities without breaking production.

  • NewsMay 27, 2026

    Apple Open-Sources Quantum-Resistant Encryption Code

    Apple has open-sourced its implementations of two NIST-standardized quantum-secure algorithms — ML-KEM and ML-DSA — including formal verification tooling that.

  • NewsMay 27, 2026

    CrowdStrike Dismantles Glassworm Botnet Targeting Open-Source Supply Chain

    CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet, stripping operators of infrastructure used to inject malware into OSS packages.

  • NewsMay 27, 2026

    Gitea Vulnerability Exposes Private Container Images without Authentication

    A Gitea flaw lets unauthenticated remote attackers pull private container images from self-hosted deployments with no account or credentials required.

  • NewsMay 27, 2026

    GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

    CrowdStrike, Google, and Shadowserver simultaneously disrupted GlassWorm C2 channels, ending a supply-chain campaign targeting developers via packages.

  • NewsMay 27, 2026

    Open Source DockSec Uses AI to Cut Through Vulnerability

    DockSec, an OWASP incubator project, combines multiple container security scanners with AI-generated plain-English remediation guidance and exact Dockerfile.

  • NewsMay 26, 2026

    The Hackers Behind Shai-Hulud: Lucky or Skilled?

    TeamPCP's Shai-Hulud worm inflicted serious damage on the open source ecosystem — but a close look at their operations raises the question of whether their.

  • NewsMay 23, 2026

    npm Adds 2FA-Gated Publishing and Package Install Controls

    GitHub has rolled out new security controls for npm including staged publishing with 2FA approval requirements and package install policies, giving...

  • NewsMay 21, 2026

    Socket Raises $60 Million at $1 Billion Valuation

    Supply chain security startup Socket has raised $60 million in a new funding round, valuing the company at $1 billion. The capital will expand Socket's...

  • NewsMay 18, 2026

    Shai-Hulud Worm Clones Spread After Code Release

    The public release of the Shai-Hulud worm source code by TeamPCP has triggered a wave of copycat variants appearing across the npm ecosystem. Security...

  • NewsMay 14, 2026

    PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours

    Threat actors began exploiting CVE-2026-44338, a missing authentication flaw in the PraisonAI multi-agent orchestration framework, within just four hours...

  • NewsMay 12, 2026

    Worm Redux: Fresh Mini Shai-Hulud Infections Bite npm

    Hundreds of npm packages in the TanStack open source ecosystem have been infected by a fresh wave of Mini Shai-Hulud worm activity from TeamPCP — the same...

  • NewsMay 9, 2026

    JDownloader Site Hacked to Replace Installers with Python

    The official website for JDownloader, one of the most widely-used open-source download managers, was compromised to distribute malicious Windows and Linux...

  • NewsMay 1, 2026

    Cisco Releases Open Source Tool for AI Model Provenance

    Cisco has released a new open source toolkit designed to track and verify the provenance of AI models throughout the supply chain, addressing risks from...

  • NewsApr 29, 2026

    Hackers Exploit RCE Flaws in Qinglong Task Scheduler for Cryptomining

    Threat actors are actively exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptomining...

  • SecurityApr 25, 2026

    CVE-2026-41478: Saltcorn SQL Injection Allows Full Database

    A critical SQL injection vulnerability in Saltcorn's mobile-sync routes allows any authenticated low-privilege user with read access to a single table to...

  • SecurityApr 23, 2026

    CVE-2026-33656: EspoCRM Formula Engine Attachment sourceId

    A critical improper access control vulnerability in EspoCRM's built-in formula scripting engine allows authenticated administrators to overwrite the...

  • SecurityApr 23, 2026

    CVE-2026-39987: Marimo Pre-Auth Remote Code Execution

    A critical pre-authorization remote code execution vulnerability in Marimo, the open-source reactive Python notebook, allows unauthenticated attackers to...

  • SecurityApr 23, 2026

    CVE-2026-41167: Jellystat Authenticated SQL Injection in Multiple API Endpoints (CVSS 9.1)

    A critical SQL injection vulnerability in Jellystat, the open-source statistics app for Jellyfin, allows authenticated users to execute arbitrary SQL...

  • SecurityApr 23, 2026

    CVE-2026-41228 — Froxlor Path Traversal via def_language

    A critical path traversal vulnerability in Froxlor's Customers.update and Admins.update API endpoints allows authenticated low-privilege users to traverse...

  • SecurityApr 23, 2026

    CVE-2026-41229 — Froxlor PHP Code Injection via MySQL

    A critical PHP code injection vulnerability in Froxlor allows an admin with change_serversettings permission to inject arbitrary PHP code via unescaped...

  • SecurityApr 17, 2026

    CVE-2026-40259 — SiYuan Knowledge Management Authorization

    A high-severity authorization bypass in SiYuan versions 3.6.3 and below allows attackers with RoleReader publish-service tokens to call a privileged...

  • NewsApr 9, 2026

    Microsoft Suspends Dev Accounts for High-Profile Open

    Microsoft has suspended developer accounts used to maintain several prominent open-source projects without prior notice or a quick reinstatement path,...

  • NewsApr 3, 2026

    Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

    The rebuilt Chainguard Factory platform adds deeper security automation designed to continuously reconcile open source artifacts across containers,...

  • NewsMar 31, 2026

    Claude Code Source Code Accidentally Leaked in NPM Package

    Anthropic accidentally published the source code for Claude Code — its normally closed-source AI coding assistant — inside an npm package. The company...

  • SecurityMar 24, 2026

    CVE-2026-33478: AVideo CloneSite Plugin Unauthenticated RCE

    A critical chain of vulnerabilities in WWBN AVideo's CloneSite plugin allows fully unauthenticated attackers to achieve remote code execution via key...

  • NewsMar 15, 2026

    Betterleaks: New Open-Source Secrets Scanner Built to Replace Gitleaks

    Betterleaks is a new open-source tool that scans directories, files, and git repositories for valid secrets — and validates them against live APIs before...

  • HOWTOMar 13, 2026

    How to Deploy Wazuh SIEM/XDR for Unified Security Monitoring

    Step-by-step guide to deploying Wazuh as an open-source SIEM and XDR platform. Covers server installation, agent deployment across Windows and Linux,...

  • NewsFeb 23, 2026

    Cline CLI Supply Chain Attack Installs Unauthorized

    A compromised npm publish token was used to inject a malicious postinstall script into Cline CLI version 2.3.0 on February 17, 2026, silently installing...

  • ProjectFeb 1, 2026

    Build Your Own SIEM with Open-Source Tools

    Step-by-step project guide for building a functional SIEM using Wazuh, Elastic, and Grafana. Perfect for homelabs and small businesses.

  • NewsJan 18, 2026

    Supply Chain Attack Discovered in Popular NPM Packages

    Security researchers have discovered malicious code injected into several popular NPM packages with millions of weekly downloads. Developers urged to...