Spread the loveIn a chilling reminder of the vulnerabilities inherent in open source software, two significant supply chain attacks occurred in March 2026, targeting widely used tools that affect a ...

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...

The open source community has already started toimprove the code Milla posted of the best AI memory system in the world. That ...

Recho Notebook, an ITP thesis project by Bairui Su (ITP '25), is a new open-source coding environment designed for algorithms and ASCII art.

Intelligence officials and industry are weighing how Claude Mythos Preview could reshape hacking and cyberdefense. The ...

A 10/10 Flowise bug was patched, but is now being abused in the wild.

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

The Internet Bug Bounty program has paused new submissions, citing a massive expansion in vulnerability discovery by AI code ...

In early April 2025, security researchers confirmed that North Korean state-sponsored hackers had successfully compromised the Axios HTTP library. It is one ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...