Security news aggregator

Latest coverage for Open Source

Open-source software enables code review and reuse, but known vulnerabilities and unmaintained dependencies can create cybersecurity risks.

116 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Open source is software whose source code is available under a license that permits use, inspection, modification, and redistribution. It may be developed by a community, an organization, or a small group of maintainers; “open” does not guarantee that the code is actively reviewed, supported, or secure.

For security teams, the main concerns are vulnerabilities in dependencies and the software supply chain: a maintainer account, release process, or package can be compromised, while an unmaintained component may retain known flaws. Public code can enable review and faster fixes, but visibility alone is not a control. Maintain an inventory or SBOM of open-source components, pin and verify versions or signatures where possible, monitor vulnerability advisories, and apply updates through a controlled process.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 116 Filtered view

Healthcare giant's maintainers handed May deadline to enact the change The UK's National Health Service (NHS) is ordering all of its technology leaders to temporarily wall off the organization's open source projects over concerns relating to advanced AI and Anthropic's Mythos.…

OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs Black Hat Asia Open source models can find bugs as effectively as Anthropic's Mythos, according to Ari Herbert-Voss, CEO of AI-powered security startup RunSybil and OpenAI's first security hire.…

Plus, the payload references 'TeamPCP/LiteLLM method' Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through developers' environments, and it shares significant overlap with the open source infections attributed to TeamPCP last month.…

Blames outfit called Context.ai, which reckons an agentic OAuth tangle caused the incident Vercel, the company that created the open source Next.js web development framework, has a data leak that led to compromise of some customer credentials, and blamed an outfit called Context.ai for the mess.…

Google Sites lure leads to bogus root certificate Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.…

Time to start dropping SBOMs FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from tens of thousands – if not more – organizations. We won't know the full blast radius for months.…

Just what FOSS developers need – a flood of AI-discovered vulnerabilities Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it, "an AI model that can generate zero-day vulnerabilities."…

Customizations are causing pain so new cloud will stick to upstream cuts of the open source stack LY Corporation, the Japanese web giant that dominates messaging, e-commerce and payments in many Asian countries, has revealed it is replacing a heavily-customized OpenStack cloud with a more conventional cut of the open source cloud stack – and making massive consolidations along the way.…

Crims 'creating a snowball effect' across open source projects RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.…

Loading more headlines...