Open Source
NVIDIA’s Cosmos 3 Takes Physical AI From Infrastructure Play to Vertical Integration
Open-source foundation model targets $40 trillion robotics market with CUDA-style developer lock-in as unicorn valuations surge past $39 billion.
Longest-Running Supply Chain Poisoning Campaign Hits GitHub, 3,800 Repos Stolen
TeamPCP's self-replicating worm compromised seven waves of open-source infrastructure in nine weeks, evading every CVE scanner and provenance system in production.
Canonical’s 15-Hour DDoS Outage Exposes Critical Vulnerability in Open-Source Supply Chain
Attack on Ubuntu's security infrastructure blocked vulnerability patches across enterprise AI, DevOps, and cloud deployments worldwide.
DeepSeek V4 Release Exposes Limits of US Chip Export Controls as China Claims Frontier AI Parity at 1% of Cost
Open-source model running on Huawei chips challenges proprietary AI pricing while signaling strategic failure of semiconductor containment.
WordPress Plugin Supply Chain Attack Exposes Hundreds of Thousands of Sites
Attacker purchased 31 plugins through marketplace, planted backdoors, then waited eight months before activation—revealing critical gaps in open-source vendor vetting.
Marimo RCE Exploited in 10 Hours, Exposing AI-Accelerated Attack on Data Science Infrastructure
Critical pre-authentication vulnerability in open-source Python notebook weaponised within hours of disclosure, threatening ML pipelines and cloud credentials across enterprise data operations.
Axios npm Attack Exposes Critical Flaw in Open-Source Security Model
Compromised maintainer credentials bypassed GitHub protections to inject remote-access trojan into package with 100 million weekly downloads, revealing systemic npm governance failure.
Axios HTTP Library Compromised in Sophisticated npm Supply Chain Attack
Malicious versions of JavaScript's most-used HTTP client deployed cross-platform RAT to 83 million weekly downloads via hijacked maintainer account.
GitHub Reverses Developer Code Protection, Implements Opt-Out AI Training Starting April 24
Microsoft's subsidiary abandons 2021 commitment to exclude user code from Copilot training as AI profitability pressures mount and regulatory frameworks diverge.
LiteLLM Supply Chain Attack Exposes API Keys Across Enterprise AI Deployments
Compromise of widely-adopted Python package reveals systemic fragility in AI infrastructure as credential stealer reaches 97 million monthly installations.
GitHub’s Geopolitical Exposure Puts Open Source at Risk
Microsoft's ownership and US trade law compliance expose developers worldwide to sanctions and access restrictions, reviving questions about centralized code hosting.
AI Agents Turn Research Interns as Karpathy’s Autoresearch Drops Barrier to Entry
Single-GPU framework automates nanochat training experiments, compressing multi-day research cycles into five-minute runs on consumer hardware.