Google said Tuesday that its OSS-Fuzz project has unearthed over 1,000 bugs, a quarter of them potential security vulnerabilities.

Google’s E2EMail Chrome extension brings OpenPGP encryption to Gmail users.

New file-sharing protocols and interfaces called Upspin have been released to open source. Built by Google, Upspin returns access control and data security to the user.

A local, race condition vulnerability in the af_packet implementation in Linux was patched this week. The bug allows a local attacker to execute code or crash a server.

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.

An audit of open source file and disk encryption software VeraCrypt wrapped up and a number of critical vulnerabilities uncovered in the assessment were patched.

OpenSSL patched a high-severity vulnerability in its deployment on the Online Certificate Status Protocol, and also mitigated the SWEET32 attack.

LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search for and spread between networked programmable logic controllers (PLCs). PLC-Blaster was designed to target Siemens SIMATIC...

The libarchive programming library was recently patched against three critical memory-related vulnerabilities that could be abused to execute code on computers running the vulnerable software. As is the case with most open source software packages, patching the core library is only half the battle; admins must now ensure that third-party software running the library is...

Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update. The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH...