open source Archives

Vulnerabilities

IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”

Project Lightwell is designed to fix vulnerabilities without breaking what is already in production.

SecurityWeek NewsMay 28, 2026

Artificial Intelligence

Cisco Releases Open Source Tool for AI Model Provenance

The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident response.

Eduard KovacsMay 1, 2026

Malware & Threats

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux.

Ionut ArghireMarch 30, 2026

Supply Chain Security

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Hackers published a malicious scanner release and replaced tags to point to information-stealer malware.

Ionut ArghireMarch 23, 2026

Cybersecurity Funding

Tech Giants Invest $12.5 Million in Open Source Security

Anthropic, AWS, Google, Microsoft, and OpenAI fund the Linux Foundation’s long-term security initiatives focused on open source software.

Ionut ArghireMarch 17, 2026

Artificial Intelligence

OpenAI Rolls Out Codex Security Vulnerability Scanner

Codex Security, formerly Aardvark⁠, has found hundreds of critical vulnerabilities in tested software in the past month.

Eduard KovacsMarch 10, 2026

Threat Intelligence

RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool

Quantickle is a browser-based tool designed for creating visual representations of threat research.

Eduard KovacsFebruary 10, 2026

Supply Chain Security

From Open Source to OpenAI: The Evolution of Third-Party Risk

From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting.

Nadir IzraelDecember 16, 2025

Cloud Security

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits

Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities.

Eduard KovacsDecember 12, 2025

Cybersecurity Funding

Chainguard Raises $280 Million in Growth Funding

Chainguard has raised $636 million in the past six months alone for its software supply chain security solutions.

Eduard KovacsOctober 27, 2025

Phishing

PyPI Warns Users of Fresh Phishing Campaign

Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites.

Ionut ArghireSeptember 25, 2025

Application Security

Seal Security Raises $13 Million to Secure Software Supply Chain

The open source security firm will use the investment to enhance go-to-market efforts and accelerate platform expansion.

Ionut ArghireJuly 29, 2025

Application Security

HeroDevs Raises $125 Million to Secure Deprecated OSS

HeroDevs has received a $125 million strategic growth investment from PSG to secure enterprise security stacks.

Ionut ArghireJuly 24, 2025

Vulnerabilities

Vulnerability Exposed All Open VSX Repositories to Takeover

A vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository.

Ionut ArghireJune 27, 2025

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.

Ionut ArghireMay 27, 2025

Application Security

Open Source Security Firm Hopper Emerges From Stealth With $7.6M in Funding

Hopper has emerged from stealth mode with a solution designed to help organizations manage open source software risk.

Eduard KovacsApril 22, 2025

Application Security

Google Releases Major Update for Open Source Vulnerability Scanner

Google has integrated OSV-SCALIBR features into OSV-Scanner, its free vulnerability scanner for open source developers.

Ionut ArghireMarch 18, 2025

Supply Chain Security

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.

Kevin TownsendMarch 11, 2025

Application Security

OpenSSF Releases Security Baseline for Open Source Projects

The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects.

Eduard KovacsFebruary 26, 2025

Application Security

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST

Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool.

Kevin TownsendJanuary 27, 2025

SECURITYWEEK NETWORK:

ICS:

All posts tagged "open source"

Vulnerabilities

IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”

Artificial Intelligence

Cisco Releases Open Source Tool for AI Model Provenance

Malware & Threats

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

Supply Chain Security

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Cybersecurity Funding

Tech Giants Invest $12.5 Million in Open Source Security

Artificial Intelligence

OpenAI Rolls Out Codex Security Vulnerability Scanner

Threat Intelligence

RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool

Supply Chain Security

From Open Source to OpenAI: The Evolution of Third-Party Risk

Cloud Security

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits

Cybersecurity Funding

Chainguard Raises $280 Million in Growth Funding

Phishing

PyPI Warns Users of Fresh Phishing Campaign

Application Security

Seal Security Raises $13 Million to Secure Software Supply Chain

Application Security

HeroDevs Raises $125 Million to Secure Deprecated OSS

Vulnerabilities

Vulnerability Exposed All Open VSX Repositories to Takeover

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Application Security

Open Source Security Firm Hopper Emerges From Stealth With $7.6M in Funding

Application Security

Google Releases Major Update for Open Source Vulnerability Scanner

Supply Chain Security

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

Application Security

OpenSSF Releases Security Baseline for Open Source Projects

Application Security

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST

Featured

ICS/OT

Iranian Cyber Group Handala Claims Cal Water Hack

Cybercrime

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

Incident Response

Alert Fatigue Is Becoming a Security Threat of Its Own

ICS/OT

Siemens Says Desigo CC Files Flagged as Malware by Security Engines

Vulnerabilities

Microsoft Patches Exploited Exchange Server Vulnerability

ICS/OT

Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers

Vulnerabilities

ServiceNow Patches Vulnerability Exploited Against Some Customers

Latest News

Artificial Intelligence

Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls

Management & Strategy

In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine

Artificial Intelligence

Industry Reactions to Claude Fable 5: Feedback Friday

Vulnerabilities

Ivanti Sentry Exploitation Attempts Hitting Honeypots

Vulnerabilities

Chrome 149 Update Patches 28 Vulnerabilities

Artificial Intelligence

Anthropic Disputes Fable 5 AI Jailbreak

Cybercrime

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

Daily Briefing Newsletter