Here, you'll find a list of free, open-source cybersec tools that are ready to be added to your organization's arsenal.

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown - pushsecurity/saas-attacks

Download the Writeup Illustration Romain Flamand – Flamingo Studio – [email protected] Abstract Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest level of security evaluations that exists (Common Criteria) and are often considered inviolable, even in the worst-case attack scenarios. Hence, complex secure […]

We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.

Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending…

OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables.

A vulnerability in the popular open-source firewall software pfSense has been identified, allowing for remote code execution (RCE) attacks.

Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.

SSHamble helps security teams validate SSH implementations and test for uncommon but dangerous misconfigurations and software bugs.

Traceeshark is a plugin for Wireshark that enables security practitioners to quickly investigate security incidents.

Discover all apps and their users using our free Shadow IT Scanner for Google Workspace and Microsoft 365.

Generate and verify signed attestations for anything you make with GitHub Actions.

This is a joint post with the Homebrew maintainers; read their announcement here! Last summer, we performed an audit of Homebrew. Our audit’s scope included Homebrew/brew itself (home of the brew CLI), and three adjacent repositories responsible for various security-relevant aspects of Homebrew’s operation: Homebrew/actions: a repository of custom GitHub Actions used […]

Australian businesses are paying untold amounts in ransom to hackers but the government hopes to regain some control with a landmark cybersecurity law.

CLIENTS,WEBSITE,CERTIFICATE,SSL CERTIFICATE.One of the crucial steps in the TLS handshake is for the server to prove its identity to the client. While there is plenty of content explaining the principles of the handshake, there's less informati