Open Source
WordPress Plugin Supply Chain Attack Exposes Hundreds of Thousands of Sites
Attacker purchased 31 plugins through marketplace, planted backdoors, then waited eight months before activation—revealing critical gaps in open-source vendor vetting.
Marimo RCE Exploited in 10 Hours, Exposing AI-Accelerated Attack on Data Science Infrastructure
Critical pre-authentication vulnerability in open-source Python notebook weaponised within hours of disclosure, threatening ML pipelines and cloud credentials across enterprise data operations.
Axios npm Attack Exposes Critical Flaw in Open-Source Security Model
Compromised maintainer credentials bypassed GitHub protections to inject remote-access trojan into package with 100 million weekly downloads, revealing systemic npm governance failure.
Axios HTTP Library Compromised in Sophisticated npm Supply Chain Attack
Malicious versions of JavaScript's most-used HTTP client deployed cross-platform RAT to 83 million weekly downloads via hijacked maintainer account.
GitHub Reverses Developer Code Protection, Implements Opt-Out AI Training Starting April 24
Microsoft's subsidiary abandons 2021 commitment to exclude user code from Copilot training as AI profitability pressures mount and regulatory frameworks diverge.
LiteLLM Supply Chain Attack Exposes API Keys Across Enterprise AI Deployments
Compromise of widely-adopted Python package reveals systemic fragility in AI infrastructure as credential stealer reaches 97 million monthly installations.
GitHub’s Geopolitical Exposure Puts Open Source at Risk
Microsoft's ownership and US trade law compliance expose developers worldwide to sanctions and access restrictions, reviving questions about centralized code hosting.
AI Agents Turn Research Interns as Karpathy’s Autoresearch Drops Barrier to Entry
Single-GPU framework automates nanochat training experiments, compressing multi-day research cycles into five-minute runs on consumer hardware.
Alibaba’s Qwen AI Division Hemorrhages Talent as Three Senior Leaders Exit in 90 Days
Just 24 hours after shipping its flagship Qwen 3.5 models to global acclaim, Alibaba's AI unit lost its tech lead and two researchers—raising existential questions about open-source strategy versus commercial pressure.
Emuko: Fast RISC-V Emulator in Rust Boots Linux, Showcases Open Architecture’s Growing Momentum
New JIT-compiled emulator demonstrates practical RISC-V development capabilities as the open-source architecture reaches 25% of new chip designs.
RetroTick Brings Windows 95-Era Gaming to the Browser Without Installation
Open-source x86 emulator launches with drag-and-drop support for classic executables, targeting gap between DOS emulators and full retro consoles.