12 Jul, 2026

Genetic data site openSNP to close and delete data over privacy concerns

The openSNP project, a platform for sharing genetic and phenotypic data, will shut down on April 30, 2025, and delete all user submissions over privacy concerns and the risk of misuse by authoritarian governments. The decision was announced earlier this week by co-founder Bastian Greshake Tzovaras, who expressed concerns about how personal genomics data is […]

2 mins read

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. GRUB2 (GRand Unified Bootloader) is the default boot loader for most Linux distributions, including Ubuntu, while U-Boot and Barebox are commonly used in embedded and IoT devices. Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer […]

3 mins read

New npm attack poisons local packages with backdoors

Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. This way, even if the victim removes the malicious packages, the backdoor remains on their system. The new tactic was discovered by researchers at Reversing Labs, who warned about the risk it […]

2 mins read

GPU-powered Akira ransomware decryptor released on GitHub

Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. Nugroho developed the decryptor after being asked for help from a friend, deeming the encrypted system solvable within a week, based on how Akira generates encryption […]

3 mins read

New Chirp tool uses audio tones to send messages between devices

A new open-source tool named ‘Chirp’ transmits data, such as text messages, between computers (and smartphones) through different audio tones. The tool, developed by cybersecurity researcher solst/ICE, maps each character into a specific sound frequency and plays it along with real-time visualization. Other microphone-equipped computers running Chirp may capture the sound and translate the message back into […]

2 mins read

Open-source tool ‘Rayhunter’ helps users detect Stingray attacks

The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. Stingray devices mimic legitimate cell towers to trick phones into connecting, allowing them to capture sensitive data, accurately geolocate users, and potentially intercept communications. With the release […]

2 mins read

Apiiro unveils free scanner to detect malicious code merges

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two tools consist of a comprehensive ruleset for Semgrep and Opengrep designed to detect malicious code patterns with minimal false positives and PRevent, a GitHub-integrated scanner, […]

2 mins read

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks

OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. Qualys discovered both vulnerabilities and demonstrated their exploitability to OpenSSH’s maintainers. OpenSSH (Open Secure Shell) is a free, open-source implementation of the SSH (Secure Shell) protocol, which provides […]

3 mins read

PyPI adds project archiving system to stop malicious updates

The Python Package Index (PyPI) has announced the introduction of ‘Project Archival,’ a new system that allows publishers to archive their projects, indicating to the users that no updates are to be expected. The projects will still be hosted on PyPI, and users will still be able to download them but they will see a warning […]

3 mins read

Laravel admin package Voyager vulnerable to one-click RCE flaw

Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. The issues remain unfixed and can be exploited against an authenticated Voyager user that clicks on a malicious link. Vulnerability researchers at SonarSource, a code quality and security company, say that they tried to report the […]

3 mins read