The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

A growing body of academic research warns that AI-assisted “vibe coding,” where language models assemble software from ...

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...

Designed by Yutani, the Saturnix is an open-source DIY camera project with a Raspberry Pi Zero 2W and Arducam IMX519 camera ...

More open-source developers are finding that, when used properly, AI can actually help current and long-neglected programs.

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Thinking about learning Python coding online? It’s a solid choice. Python is pretty straightforward to pick up, ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...

Mozilla AI has launched cq, an open-source platform described as Stack Overflow for AI agents, sparking immediate security ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...