open source
The Risks of Running an End Of Life OS – And How To Manage It
EOL operating systems no longer receive critical security updates, leaving them highly vulnerable to evolving cybersecurity threats. End-of-life OSs often struggle to run modern software and hardware, resulting in compatibility issues, reduced ...
We wrote the code, and the code won
By Tjaden Hess Earlier this week, NIST officially announced three standards specifying FIPS-approved algorithms for post-quantum cryptography. The Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) is one of these standardized algorithms. The Trail ...
Critical Exim Vulnerability Threatens Millions of Email Servers
Exim is a widely used, open-source mail transfer agent (MTA) for Unix and Unix-like operating systems. A critical vulnerability has been discovered in Exim that could allow attackers to bypass security filters ...
Auditing the Ask Astro LLM Q&A app
Today, we present the second of our open-source AI security audits: a look at security issues we found in an open-source retrieval augmented generation (RAG) application that could lead to chatbot output ...
Addressing Node.js Vulnerabilities in Ubuntu
Node.js is an open-source, cross-platform JavaScript runtime environment built on the powerful V8 engine from Chrome. It allows you to run JavaScript code outside a web browser, making it popular for building ...
Multiple OpenJDK Vulnerabilities Addressed in Ubuntu
OpenJDK, a widely used open-source implementation of Java, recently had several security vulnerabilities patched in Ubuntu. These issues could allow attackers to steal sensitive information or crash systems. In this article, we ...
Open Source Licensing 101: Everything You Need to Know
With the right license, you can protect your open-source project and ensure proper usage. This article provides a clear overview of open-source licensing for developers and users ...
Reflecting on 10 Years of Kubernetes: A Decade of Innovation
Since Kubernetes turns ten this year, I spent some time reflecting on how Kubernetes completely redefined my career. Eight years ago, I was racking servers, running Puppet (poorly), and struggling to make ...
CISA Alert: Urgent Update Needed for Apache Flink Vulnerability
Attention Apache Flink users! The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added an Apache Flink vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting evidence of its active exploitation. Apache Flink ...
Critical Fluent Bit Vulnerability Affects Major Cloud Providers
Researchers have identified a critical memory corruption vulnerability in Fluent Bit, a popular logging and metrics utility. Dubbed Linguistic Lumberjack, this flaw exists in Fluent Bit’s embedded HTTP server, specifically in the ...
