Tools

Security tooling releases, open-source projects, and defensive utilities.

15 items

Vulnerabilities Malware Campaigns Supply Chain Policy Tools

NAKIVO v11.2 Adds Ransomware Defenses as Backup Vendors Race to Harden Against Attack Surface Expansion

NAKIVO released v11.2 with enhanced ransomware detection capabilities, faster replication, and support for vSphere 9 and Proxmox VE 9.0. This reflects the broader industry trend of backup vendors integrating proactive threat detection as ransomware operators increasingly target backup infrastructure.

19 April 2026NAKIVO Backup & Replication, VMware vSphere environments, Proxmox VE deployments

mediumToolActive

Edge Browser Update Introduces Regression Breaking Teams Chat Functionality

A recent Microsoft Edge update introduced a bug that disables right-click paste functionality in Microsoft Teams desktop client chats, degrading user productivity across organisations relying on both products.

19 April 2026Microsoft Edge, Microsoft Teams

informationalToolActive

Google deploys Gemini to raise the cost of ad fraud, but adversary adaptation remains the defining challenge

Google is expanding its use of Gemini AI models to detect and block malicious ads across its advertising platforms as threat actors refine evasion techniques. This represents an incremental defensive improvement in an ongoing arms race rather than a structural shift in ad ecosystem security.

17 April 2026Google Ads, Google Display Network, Google advertising platforms

highToolResolved

FBI-Indonesian coordination dismantles W3LL phishing platform, signalling escalated enforcement against phishing kit infrastructure

US and Indonesian authorities shut down the W3LL phishing service and arrested its developer in the first joint enforcement action targeting a phishing kit provider. This represents a shift toward coordinated international takedowns of infrastructure that enables mass credential theft campaigns.

14 April 2026Users of platforms targeted by W3LL phishing campaigns

criticalToolActive

EvilTokens Weaponises Device Code Flow for At-Scale Account Hijacking

EvilTokens is a commercialised malicious service that automates Microsoft device code phishing attacks, enabling attackers to steal authentication tokens and compromise corporate accounts at scale without requiring passwords.

2 April 2026Microsoft Entra ID (Azure AD), Microsoft 365 accounts, Office 365

informationalToolActive

Honeypot Session Telemetry Reveals Automated Bot Fingerprinting and Evasion Patterns

DShield Cowrie honeypot analysis shows that session duration, command count, and disconnect patterns can distinguish automated attacks from manual reconnaissance. Defenders can use these signals to identify fingerprinting attempts and refine threat intelligence collection.

30 March 2026DShield Cowrie Honeypot, SSH servers, Telnet servers

informationalToolEmerging

RSAC 2026 vendor announcements reflect incremental security tooling advances without transformative breakthroughs

Multiple security vendors announced new products and features at RSAC 2026 (days 3-4), representing typical conference-cycle releases rather than responses to critical threats or novel attack patterns.

27 March 2026

informationalToolActive

GitHub's AI-augmented vulnerability detection reshapes the economics of static analysis

GitHub is integrating machine learning-based bug detection into Code Security alongside CodeQL, extending vulnerability coverage to languages and frameworks not fully addressed by pattern-matching SAST. This represents a shift in how platforms approach detection breadth at scale.

26 March 2026GitHub, developers using GitHub Code Security

informationalToolEmerging

Betterleaks emerges as community-driven alternative to Gitleaks for secrets detection

Betterleaks, a new open-source secrets scanner, offers an alternative to Gitleaks for identifying hardcoded credentials in code repositories and files. This reflects ongoing community demand for robust secret detection tooling in DevSecOps pipelines.

16 March 2026Development teams using git repositories, Organizations relying on secrets scanning, DevSecOps practitioners

highToolActive

Classic Outlook Sync Failures Signal Broader Email Infrastructure Instability

Microsoft is investigating widespread synchronization and connection failures in classic Outlook desktop client, affecting email delivery and user productivity across enterprise deployments.

14 March 2026Microsoft Outlook (Classic Desktop Client)

criticalToolEmerging

CyberStrikeAI Exploitation in Fortinet Breach Highlights AI-Driven Threats

Hackers have adopted CyberStrikeAI, an open-source AI security testing platform, to breach Fortinet FortiGate firewalls, demonstrating a significant shift in attack methodologies leveraging advanced AI tools.

3 March 2026Fortinet FortiGate

informationalToolResolved

Google Launches Open-Source AI-Powered Fuzzing Platform for Critical Software

Google open-sourced an AI-powered fuzzing platform that has already discovered over 300 vulnerabilities in critical open-source software, offering automated vulnerability discovery capabilities to the broader security community.

28 November 2025Open-source software projects, security researchers

mediumToolEmerging

DeepSeek AI Raises Security and Privacy Concerns After Rapid Adoption

The rapid rise of Chinese AI lab DeepSeek's open-source models has sparked significant security and data privacy concerns, with researchers identifying exposed databases and questionable data handling practices.

29 January 2025DeepSeek API users, DeepSeek mobile app users

mediumToolEmerging

Google Chrome's Text Fragment Feature Enhances PDF Sharing Capabilities

Google is introducing the Text Fragment feature in Chrome's PDF reader, allowing users to share specific parts of long PDFs more easily. This could potentially lead to improved collaboration but may also introduce new attack vectors if not properly secured.

4 January 2025Google Chrome

highToolActive

Massive Outage of Nessus Agents Due to Buggy Plugin Updates

Tenable's buggy differential plugin updates caused global outages of Nessus vulnerability scanner agents, requiring manual upgrades for revival.

3 January 2025Nessus Vulnerability Scanner