Security news aggregator

Latest coverage for Open Source

Open-source software enables code review and reuse, but known vulnerabilities and unmaintained dependencies can create cybersecurity risks.

86 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Open source is software whose source code is available under a license that permits use, inspection, modification, and redistribution. It may be developed by a community, an organization, or a small group of maintainers; “open” does not guarantee that the code is actively reviewed, supported, or secure.

For security teams, the main concerns are vulnerabilities in dependencies and the software supply chain: a maintainer account, release process, or package can be compromised, while an unmaintained component may retain known flaws. Public code can enable review and faster fixes, but visibility alone is not a control. Maintain an inventory or SBOM of open-source components, pin and verify versions or signatures where possible, monitor vulnerability advisories, and apply updates through a controlled process.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 86 Filtered view

Open-source model impresses on tests but enterprise performance remains unprovenMoonshot AI's Kimi K3 has climbed AI benchmark leaderboards and challenged leading U.S. models on coding tasks. But benchmark scores offer only a narrow view of model performance, fueling calls for independent testing and enterprise evaluations before organizations make deployment decisions.

When You Consume AI, You Inherit Every Upstream Risk You Can't SeeMost enterprises don't build AI, they consume it through APIs, open-source models and orchestration frameworks. Each layer inherits upstream risk with little visibility. This piece maps the four-layer AI supply chain and the existing security disciplines that bring it under control.

Bank Info Security 1 month, 2 weeks ago

Glassworm Group: Software Supply-Chain Attackers Disrupted

Suspected Russian Crime Group Built Resilient Command-and-Control InfrastructureIn a joint operation, CrowdStrike, Google and Shadowserver Foundation disrupted infrastructure used by the Glassworm cybercrime group, cutting off attackers from victims. The group has wielded a remote access Trojan to repeatedly target developers of widely used open-source software.

Latest Mini Shai-Hulud Worm Steals Credentials, Includes Wiper, Now Open SourceA new Shai-Hulud variant has infected multiple npm repositories and jumped to other widely used JavaScript and Python packages. Designed to rapidly propagate, the worm steals over 100 different types of credentials and can wipe systems, including if developers try to delete it.

Bank Info Security 2 months, 2 weeks ago

Socket Buys Secure Annex to Expand Supply-Chain Visibility

Combined Platform Spans Dependencies, Extensions, Developer ToolsSocket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.

Bank Info Security 2 months, 2 weeks ago

Researchers Find 38 Flaws in OpenEMR. They've Been Fixed

AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity VulnerabilitiesResearchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems.

Bank Info Security 2 months, 3 weeks ago

Flurry of Supply-Chain Software Library Attacks

Continuous Integration Has Its DownsidesAs supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not only rely on code integrity tools, but also to introduce a delay before merging new repos, since unfolding attacks tend to get spotted in days, if not hours or minutes.

Bank Info Security 2 months, 3 weeks ago

Cloudsmith Raises $72M for Software Supply-Chain Security

Recent Package Compromises Pushed Software Component Trust to the Security AgendaCloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Veteran Hardware Hacker's Chip Facilitates More Trustworthy and Secure DevicesHow can we trust hardware to not betray us? Enter the Baochip-1x, a piece of largely open-source silicon created by Andrew "Bunnie" Huang, which he said is designed to give developers an affordable, security-focused and attestable chip, not least for building high-assurance, embedded devices.

Bank Info Security 14 Apr 2026, 10:30 a.m. Open Source

European Governments Grow Suspicious of Silicon ValleyFrench abandonment of American software for open-source alternatives continues apace, with all government ministries now facing a fall deadline for outlining plans to reduce their dependence on U.S. tech. France must "regain control of our digital destiny," said public action minister David Amiel.

Bank Info Security 3 months, 2 weeks ago

CISA Flags Critical Flaw in Grassroots DICOM Imaging Library

Researcher: If Exploited, Bug Could Crash Hospital Medical Imaging SystemsThe Cybersecurity Infrastructure and Security Agency is warning of a high severity in Grassroots DICOM, an open-source library commonly used for medical imaging products, that if exploited could allow an attacker to send a specially crafted file resulting in a denial-of-service situation.

Bank Info Security 5 months ago

OpenAI Snags OpenClaw Creator for Agent Push

Steinberger to Lead AI Giant's Multi-Agent Development TeamPeter Steinberger is joining OpenAI to lead development of personal agents, culminating weeks of viral attention paid to his OpenClaw open-source artificial intelligence assistant project. Security experts dubbed it a "dumpster fire" after hackers were quick to add malicious functions.

Bank Info Security 5 months, 1 week ago

OpenClaw AI Agent Sparks Global Security Alarm

Open-Source Tool Security 'Dumpster Fire,' Experts WarnAn open-source AI assistant that exploded in popularity over the past month is exposing users to data theft, malicious code and runaway costs. Users can add functions called "skills" that connect assistants with different services - and hackers have been quick to add malicious examples.

Bank Info Security 5 months, 2 weeks ago

Compromise of Notepad++ Equals Software Supply Chain Fallout

Hacked Infrastructure Delivered Chinese Nation-State Group's Backdoor, Experts WarnThe widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors.

Bank Info Security 5 months, 2 weeks ago

Outtake Gets $40M to Grow Automated Threat Response

Agents Fuel Digital Risk Protection, Open-Source Intel Adoption in Regulated SpacesOuttake will invest $40 million to grow its automated platform for digital risk protection and open-source threat intelligence. CEO Alex Dhillon says the New York-based startup's agent-led model stands apart by replacing manual labor with scalable AI workflows.

3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging FaceResearchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata.

Growing Third-Party Breach Trend Is Spreading to AI SuppliersIT organizations have built processes for reducing vendor risk, but in the AI era, that operating model is being dismantled. Modern AI environments are built on dynamic external foundational models, countless APIs, open-source components and continuous data pipelines that pose risks.

Bank Info Security 6 months, 2 weeks ago

RondoDox Botnet Exploiting Devices With React2Shell Flaw

The Campaign Compromises Open-Source Vulnerability to Hack IoT Devices at ScaleSecurity firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed, open-source React framework across a variety of devices since December. The security firm attributed the campaign to RondoDox.

Bank Info Security 6 months, 4 weeks ago

Senate Intel Chair Warns of Open-Source Security Risks

Top Lawmaker Urges White House to Review Foreign Influence in Open-Source CodeA top Republican in the U.S. Senate warned the White House that foreign adversaries are exploiting trusted open-source software used across federal networks and defense systems, urging the National Cyber Director to lead efforts to monitor contributors and reduce supply chain risk.

Loading more headlines...