OWASP Threat Dragon is a threat modeling tool; great for both developers and defenders alike. Use on your desktop or as a web application.

Threagile enables teams to execute Agile Threat Modeling as seamless as possible, even highly-integrated into DevSecOps environments.

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that…

Compatibility:
Source: See Trivy website for details. Trivy is an all-in-one open source security scanner that can help you identify vulnerabilities and IaC misconfigurations, discover SBOMs, perform cloud scanni…

Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries.

Summary

What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms - has now seemingly become a

Here, you'll find a list of free, open-source cybersec tools that are ready to be added to your organization's arsenal.

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown - pushsecurity/saas-attacks

Download the Writeup Illustration Romain Flamand – Flamingo Studio – [email protected] Abstract Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest level of security evaluations that exists (Common Criteria) and are often considered inviolable, even in the worst-case attack scenarios. Hence, complex secure […]

We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.

Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending…

OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables.

A vulnerability in the popular open-source firewall software pfSense has been identified, allowing for remote code execution (RCE) attacks.

Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.

SSHamble helps security teams validate SSH implementations and test for uncommon but dangerous misconfigurations and software bugs.

Traceeshark is a plugin for Wireshark that enables security practitioners to quickly investigate security incidents.