The Euro-Office open source productivity app suite will be available with the first stable release of the software on June 9. Euro-Office was unveiled in March with the aim of providing a modern, open source alternative to Microsoft and Google software for European organizations increasingly wary of a dependence on US-based suppliers. Euro-Office consists of…
Tag: source
AI, Apps, Compliance, Global Security News, Network Security
IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise
Open source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But open source code is notoriously rife with vulnerabilities, and identifying and patching those bugs can be an endless battle for security teams. IBM and Red Hat are betting that…
AI, APAC, Apps, Data Breaches, Exploits, Global Security News, Network Security
Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects
A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues in using self-hosted code platforms from small maintainers. The hole is a critical argument injection vulnerability, discovered by a…
Global Security News
Attackers Move Past Typosquatting to Realistic Package Impersonation
Most malicious open source packages now mimic real code rather than rely on typosquatting
Global Security News
UK Visa Portal exposes passport and selfie photos of applicants
An anonymous source alerted TechCrunch to a security lapse on the UK Visa Portal website, stating that at least 100,000 documents, including passports and selfies, are exposed.
AI, Global Security News
The Hackers Behind Shai-Hulud: Lucky or Skilled?
TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it’s not necessarily due to skill alone.
AI, Apps, Compliance, Global Security News, Network Security
Google adds open source Agent Executor to support AI agents in production
Google has introduced Agent Executor, an open source runtime aimed at helping enterprises run AI agents more reliably at scale, as attention shifts from building agent prototypes to managing the operational challenges of putting them into production. To address those production-related challenges, the runtime, according to the company, comes with capabilities that are geared towards…
AI, Apps, Cybersecurity, Exploits, Global Security News
Drupal admins rushing to patch maximum severity SQL injection vulnerability
Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL injection vulnerability in the application’s core. While the vulnerability only affects websites that use the PostgreSQL database, there may be upstream issues with Symfony, a set of PHP packages and web…
Data Breaches, Global Security News
GitHub Confirms Breach, 4K Internal Repos Stolen
Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit.
Data Breaches, Global Security News
Grafana Labs Confirms Hackers Stole Source Code
Open source tool maker Grafana says hackers stole codebase via GitHub breach
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Risk Management
Shai-Hulud worm copycats emerge after source code leak
Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on GitHub. Researchers had warned this would happen almost immediately, and they were…
AI, Global Security News
Shai-Hulud Worm Clones Spread After Code Release
The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.
AI, Apps, Cybersecurity, Data Breaches, Global Security News, Risk Management
Grafana confirms GitHub token breach cybercrime group claims the attack
Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…
Data Breaches, Global Security News
Grafana says stolen GitHub token let hackers steal codebase
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. […]
Global Security News
Grafana Says It Rejected Ransom Demand After Source Code Theft
Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected.
AI, Global Security News
TeamPCP hackers advertise Mistral AI code repos for sale
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. […]
AI, Global Security News
CERN’s open source KiCad library gives the world 17,000 circuit board components
CERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained by CERN’s Design Office, contains more than 17,000 electronic components in the form of schematic symbols and printed circuit board footprints. Layout of a printed circuit board made using…
Exploits, Global Security News
Sandyaa: Open-source autonomous security bug hunter
Source code auditing has traditionally relied on static analyzers that flag long lists of potential issues, leaving engineers to sort bugs from noise. A new open-source project from offensive-security firm SecureLayer7 takes a different route, using LLMs to read a codebase, trace how data moves through it, and produce working exploit code for the vulnerabilities…
AI, Global Security News
Trellix source code breach claimed by RansomHouse hackers
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. […]
AI, Cybersecurity, Global Security News, malware
AI Software Leak Lets Scammers Add Malware and Steal Data and Your Money
AI Leak Fuels Malware Scams. Company source code is proprietary and typically held as top secret. However, a recent software leak accident by Anthropic has led to a cascade of nefarious behaviours by hackers. Anthropic is the well-known creator of Claude AI, and the accidental leak of the source code has allowed scammers to create…
Global Security News
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don’t Check.
Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. […]
AI, Data Breaches, Exploits, Global Security News, Risk Management
Trellix discloses the breach of a code repository
Trellix disclosed a security breach affecting part of its source code repository, however, the company says there’s no sign of code misuse. Trellix revealed a breach that allowed unauthorized access to part of its source code repository. The company said it quickly launched an investigation with forensic experts and notified law enforcement. While the exact…
AI, Global Security News
Warp open sources its AI terminal client
Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the founding sponsor of the repository. An agent-first contribution model Warp is steering contributions through Oz, its cloud agent orchestration platform. Agents handle the bulk…
AI, Global Security News
SUSE Strengthens Open Source Offerings with AI Partnerships and Agentic Product Innovations at SUSECON 2026
Enterprise open source leader helps enterprises build, deploy and scale Sovereign AI while maintaining control across increasingly complex and regulated environments
AI, Global Security News, privacy
Tails 7.6.2 patches vulnerability that could expose saved files
The Tails Project released Tails v7.6.2, an emergency release of the popular open source secure portable operating system. What is Tails? Tails, which is based on Debian GNU/Linux, is aimed at users who want to preserve their online privacy and anonymity. The OS is installed on a dedicated USB stick and when plugged into a…
AI, Global Security News, Risk Management
Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab
Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning GitHub and GitLab environments and reporting policy violations across organizations, repositories, members, and CI/CD runner groups.…
Global Security News
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation’s the bottleneck, which bounties don’t fund.
AI, Exploits, Global Security News, Risk Management
Claude Code is still vulnerable to an attack Anthropic has already fixed
The leak of Claude Code’s source is already having consequences for the tool’s security. Researchers have spotted a vulnerability documented in the code. The vulnerability, revealed by AI security company Adversa, is that if Claude Code is presented with a command composed of more than 50 subcommands, then for subcommands after the 50th it will…
Cybersecurity, Exploits, Global Security News, malware
Claude Code source leak exploited to spread malware
A source code leak involving Anthropic’s Claude Code tool quickly escalated into a cybersecurity threat, as attackers seized on the exposed files to lure developers into downloading malware disguised as “unlocked” versions of the software. Leaked Claude Code source code used as lure On March 31, 2026, Anthropic accidentally exposed online the source code of…
AI, Global Security News
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.
Exploits, Global Security News, malware
Claude Code leak used to push infostealer malware on GitHub
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. […]
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
Anthropic employee error exposes Claude Code source
An Anthropic employee accidentally exposed the entire proprietary source code for its AI programming tool, Claude Code, by including a source map file in a version of the tool posted on Anthropic’s open npm registry account, a risky mistake, says an AI expert. “A compromised source map is a security risk,” said US-based cybersecurity and…
Global Security News
Claude Code source code accidentally leaked in NPM package
Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. […]
AI, Data Breaches, Global Security News, Venture
Anthropic accidentally leaks Claude Code
Anthropic accidentally exposed Claude Code source via npm, causing the code to quickly spread online after discovery. Anthropic accidentally leaked the source code of its Claude Code tool after a large debug file was included in a public npm release. The file exposed over 500,000 lines of code, which were quickly discovered, shared, and analyzed…
Global Security News
PolyShell attacks target 56% of all vulnerable Magento stores
Attacks leveraging the ‘PolyShell’ vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. […]
AI, Global Security News
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular LiteLLM library, a unified interface that makes it easier for apps to switch between various LLMs:…
Global Security News
Trivy Supply Chain Attack Targets CI/CD Secrets
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.
AI, Data Breaches, Global Security News
Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach
LAPSUS$ claims it breached AstraZeneca, offering alleged source code, credentials, cloud configs, and employee data for sale in leaked samples.
Global Security News
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
A newly disclosed vulnerability dubbed ‘PolyShell’ affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover. […]
AI, Global Security News
TrendAI to secure enterprise adoption of agentic AI with NVIDIA
TrendAI to support NVIDIA OpenShell open source runtime to add security for autonomous AI agents
AI, Global Security News
VAST Data Introduces Foundation Stacks to Accelerate Enterprise Adoption of NVIDIA Blueprints
COMPANY NEWS: New open source library delivers production-ready implementations for scalable pipelines on the VAST AI Operating System
AI, Global Security News
Is your CRM missing key data? Auto-logging can fix that
GUEST OPINION: Is your CRM supposed to be the single source of truth, but it still feels like a patchwork of half-told stories? When key details live in inboxes, calendars, call notes, and chat threads, the CRM record becomes incomplete. That incompleteness quietly costs time, weakens forecasting, and makes follow-ups less personal than they should…
AI, Global Security News, malware
Chinese Cyber Threat Lurks In Critical Asian Sectors for Years
An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying.
Exploits, Global Security News
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape the VFS sandbox and achieve RCE), CVE-2025-31161 (the auth-bypass that handed over the…
AI, Apps, Global Security News, Risk Management
Open-source security debt grows across commercial software
Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk Analysis Report data shows that nearly all audited codebases contain open source components, with average component counts rising sharply over the past year. That growth brings a parallel increase in…
AI, Global Security News, Risk Management
Enterprises are racing to secure agentic AI deployments
AI assistants are tied into ticketing systems, source code repositories, chat platforms, and cloud dashboards across many enterprises. In some environments, these systems can open pull requests, query internal databases, book services, and trigger automated workflows with limited human involvement. The State of AI Security 2026 from Cisco places this level of access inside a…
AI, Apps, china, Exploits, Global Security News, Network Security, Risk Management
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’
The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author. Don Ho made the claim this week after the release of version 8.9.2 of Notepad++, which includes a double-lock verification that any download of the tool from this point…
AI, Global Security News
Notepad++ secures update channel in wake of supply chain compromise
Notepad++, the popular text and source code editor for Windows whose update mechanism was hijacked last year, The post Notepad++ secures update channel in wake of supply chain compromise appeared first on Help Net Security.
AI, Global Security News
Best Free and Open Source Software: January 2026 Updates
January 2026 updates to the largest compilation of recommended free and open source software available for Linux. The post Best Free and Open Source Software: January 2026 Updates appeared first on Linux Today.
Apps, Global Security News, Risk Management
Everyone uses open source, but patching still moves too slowly
Enterprise security teams rely on open source across infrastructure, development pipelines, and production applications, even when they do not track it as a separate category of technology. Open source has become a default building block in many environments, and the operational risks now look like standard enterprise security problems: patch delays, version sprawl, and aging…
AI, Global Security News
MOS: Open-source modular OS for servers and homelabs
A growing number of homelab builders and small server operators are testing an open source operating system that combines basic server management, storage control, and container services under a web interface. MOS is a free modular OS built on a Devuan base that provides a web UI and API for system monitoring, storage pooling, container…
agentic ai, AI, Cybersecurity, Don't miss, Global Security News, News
OpenClaw Scanner: Open-source tool detects autonomous AI agents
A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate environments. The OpenClaw Scanner identifies instances of OpenClaw, an autonomous AI assistant also known as MoltBot, that can execute tasks, access local files, and authenticate to internal systems without centralized oversight. OpenClaw gained usage in…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Network Security, Security, Vulnerabilities, Risk Management
Four new vulnerabilities found in Ingress NGINX
Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments. They can only be fixed by upgrading to the latest version. Of the four holes, two are more serious, because they carry CVSS scores of 8.8: CVE-2026-1580 is an improper input validation…
AI, Apps, Global Security News, Network Security, Risk Management
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we’re excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream…
AI, Apps, Exploits, Global Security News, Risk Management
Taming the Wild West of ML: Practical Model Signing with Sigstore
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST) In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the…