Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining

Apr 27, 2026 By Julia Kinday In Snyk
In early February 2026, users of Qinglong (青龙), a popular open source timed task management platform with over 19,000 GitHub stars, began reporting that their servers were maxing out CPU usage. The cause was a cryptominer binary called.fullgc, deployed through two authentication bypass vulnerabilities that allowed unauthenticated remote code execution. The attacks went largely unnoticed in the English-speaking security community.
Read Post

Episode 13 - Battle-Hardened Research: Navigating the Intersection of AI and Open Source

Apr 23, 2026 By Corelight In Corelight
Richard Bejtlich sits down with Ali Islam to pull back the curtain on how a security research lab functions within a modern security company. Moving beyond the "ivory tower" of academia, Ali explains why researchers must be battle-hardened by real-world threat actor techniques to remain effective in the field. The conversation dives into Corelight’s unique commitment to the open source community through the direct funding of Zeek and Suricata developers, ensuring that community-driven tools can scale to meet massive enterprise traffic demands.
View Video
MyClaw Detailed Review: Is This OpenClaw Managed Hosting Worth It?

MyClaw Detailed Review: Is This OpenClaw Managed Hosting Worth It?

Apr 22, 2026 By SecuritySenses In SecuritySenses
I've been working in the AI tools space for a while now, and one thing that comes up repeatedly is the gap between open-source AI frameworks and the actual effort required to run them. OpenClaw is a great example - powerful, flexible, and genuinely useful for building AI agents. But getting it deployed and keeping it running? That's a different story. That's what led me to try MyClaw AI. Here's an honest look at what the platform actually offers, who it's for, and whether it's worth the cost.
Read Post
datadog

Introducing our open source AI-native SAST

Apr 10, 2026 By Julien Delange In Datadog
Static application security testing (SAST) tools help developers quickly catch potential vulnerabilities as they code. However, these tools rely on inflexible rules that often generate a high number of false positives, reducing trust in their accuracy and slowing adoption. To help developers access context-aware vulnerability detection, we’ve released an open source AI-native SAST solution. This tool scans code changes incrementally and surfaces security issues in real time.
Read Post
Zenity

OpenClaw Needs Real Security Controls; We Built Them Open Source

Mar 23, 2026 By Dina Durutlic In Zenity
AI agent adoption and development are evolving quickly. The tooling used to build agents is improving fast, but the security controls around those agents are often rigid, opaque, or difficult to adapt to real environments. As more teams experiment with OpenClaw, one challenge becomes clear: developers need ways to inspect what agents are doing, evaluate risky behavior, and intervene when necessary.
Read Post
cloudflare

Fixing request smuggling vulnerabilities in Pingora OSS deployments

Mar 9, 2026 By Edward Wang In Cloudflare
In December 2025, Cloudflare received reports of HTTP/1.x request smuggling vulnerabilities in the Pingora open source framework when Pingora is used to build an ingress proxy. Today we are discussing how these vulnerabilities work and how we patched them in Pingora 0.8.0. The vulnerabilities are CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836. These issues were responsibly reported to us by Rajat Raghav (xclow3n) through our Bug Bounty Program.
Read Post
knowbe4

What Is OSINT?

Mar 7, 2026 By James Dyer In KnowBe4
OSINT stands for open-source intelligence. It is the collection, analysis, and dissemination of information from publicly available sources, such as social media, government reports, newspapers, and other public documents. OSINT is commonly used by intelligence agencies, private investigators, and law enforcement to gather information about an individual or organization. The OSINT framework showcases the multiple ways in which organizations can gather intelligence.
Read Post
Snyk

The 89% Problem: How LLMs Are Resurrecting the "Dormant Majority" of Open Source

Mar 4, 2026 By Noa Yaffe-Ermoza In Snyk
AI coding assistants are quietly resurrecting millions of abandoned open source packages. For the last decade, developers relied on a simple heuristic for open source security: Prevalence \= Trust. If a package was downloaded millions of times a week (lodash, react, requests), we assumed it was "safe enough" because thousands of eyes were on it. If it was obscure, we approached with caution.
Read Post
sentrium

Disclosure: XWiki CSS Injection (CVE-2026-26000)

Feb 19, 2026 By Tom Keech In Sentrium
During independent security research, a CSS injection vulnerability (CVE-2026-26000) was identified in the XWiki platform. XWiki is an open-source enterprise wiki and collaboration platform commonly used for internal documentation and knowledge management. According to XWiki, the platform has over 8,000 active installations and is used by organisations such as Lenovo and Amazon, meaning vulnerabilities can affect a large and diverse user base.
Read Post
veracode

Open Source Supply Chain Security: Best Practices

Feb 17, 2026 By Natalie Tischler In Veracode
Open-source components are the building blocks of modern software, enabling your team to innovate and deliver features faster. This reliance, however, introduces a significant challenge: your application’s security is now tied to a vast and complex supply chain of code you didn’t write. The risks are escalating, with attackers targeting open-source libraries to launch widespread breaches.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.