Tag

#open source

19 stories taggedopen source.

Full-frame photoreal editorial image of a modern developer's desk at dusk, two monitors glowing with abstract lines of code, one screen subtly tinted a cool blu
AI Security

When AI writes your code, your supply chain just got a new stranger in it

For years, defenders worried about which open-source parts sat inside their software. Now an AI assistant is quietly adding parts of its own, and nobody is quite sure who owns the risk.

4 min
Photoreal news-editorial style, 16:9 framing, full-frame edge-to-edge composition
Threat Intelligence

North Korean Hackers Poisoned Over 100 Open Source Packages to Spy on Developers

A campaign called PolinRider has quietly corrupted legitimate software building blocks used by developers worldwide, planting tools that steal data and leave a hidden door open for attackers.

3 min
A small orange handheld electronic gadget with a monochrome screen and a directional pad sitting on a cluttered workbench, surrounded by tangled wires, a solder
Opinion

Flipper Zero firmware goes into maintenance mode as company hands the wheel to volunteers

The pocket-sized hacking gadget's maker is shrinking its firmware team and letting the community vote on what gets built next.

4 min
A large, modern data center with rows of servers, blue and green LED indicators, and a focus on security measures
AI Security

IBM and Red Hat Launch $5 Billion Initiative to Secure Open-Source Software

IBM and Red Hat invest heavily in Project Lightwell to address open-source software vulnerabilities revealed by Anthropic's AI.

3 min
Vulnerabilities

Cordyceps Flaw Class Hands Attackers the Keys to 300+ GitHub Repos

A newly catalogued CI/CD weakness lets attackers hijack workflows at Microsoft, Google and Apache projects, researchers say.

2 min
Threat Intelligence

Microsoft Pulls GitHub Repos After 73 Open-Source Projects Get Stealer-Spiked

The 'Miasma' incident looks less like a novel supply-chain zero-day and more like classic account takeover hitting a soft target: the org's own open-source footprint.

3 min
Vulnerabilities

Six Flaws in protobuf.js Turn Serialized Schemas Into Execution Vectors

The JavaScript Protocol Buffers library — pulled 50 million times a week — ships patches for a cluster of CVEs that let attackers use schema metadata to run arbitrary code inside Node.js processes.

2 min
Vulnerabilities

RubyGems Adds Installation Cooldown to Bundler as Supply Chain Defense

A configurable delay before newly published gems install gives the community time to spot malicious code before it reaches developer machines.

2 min
Vulnerabilities

OWASP's CVE Lite CLI Puts Dependency Scanning in the Terminal

A new OWASP Incubator project lets developers scan project dependencies for known vulnerabilities from the command line — no dashboard, no subscription, no delay.

2 min
Vulnerabilities

One Bad Character in a Host Header Breaks Auth for Thousands of FastAPI Apps

A parsing gap in Starlette lets unauthenticated requests reach protected routes — and the blast radius runs deep into the AI inference stack.

3 min
Threat Intelligence

GlassWorm Is Down. The Repository Problem Isn't.

CrowdStrike, Google, and Shadowserver severed four C2 channels simultaneously. Meanwhile, 157 OSV false positives quietly eroded trust in the tools defenders depend on.

3 min
Vulnerabilities

IBM and Red Hat Launch Project Lightwell to Tackle Open Source Vulnerabilities

With a $5 billion investment, Project Lightwell aims to expedite vulnerability remediation in open source software.

2 min
Cloud Security

IBM and Red Hat Pledge $5 Billion to Lock Down Open Source Supply Chains via Project Lightwell

The initiative targets a deceptively hard problem: patching vulnerabilities in open source dependencies without breaking production workloads that millions of systems depend on.

2 min
Vulnerabilities

Account Takeover Flaw in Pretalx CFP Tool Let Attackers Accept Any Conference Talk

An account takeover vulnerability in the open-source call-for-papers platform Pretalx could allow an unauthenticated attacker to manipulate submission outcomes, researchers at Novee have found.

3 min
Vulnerabilities

Gitea Patches Unauthenticated Container Image Disclosure Flaw in 1.26.2

CVE-2026-27771 allowed anonymous pulls of private container images from all Gitea deployments prior to version 1.26.2, according to maintainers.

2 min
© 2026 Threat Vectr