Skip to main content

Tag: open source

44 articles

Diverse group gathered around workbench with Flipper Zero device and electronics.

Flipper Zero Firmware Evolves with Community-Driven Model

The Flipper Zero firmware is getting a boost from its vibrant community, with Flipper Devices shifting to a community-driven model to keep up with the demand from over a million users. This change will allow the company to focus on building innovative new devices while still supporting the official firmware.

Analyst 207
Cluttered home office workspace with laptop and scattered notes.

Researcher Releases Zero-Day Exploits, Bypassing Disclosure Norms

A pseudonymous security researcher, known as "bikini," has made a bold move by releasing over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects, sparking both interest and concern in the cybersecurity community. The researcher behind the Exploitarium GitHub repository is urging users to explore these vulnerabilities for research purposes only.

Analyst 207
Dimly lit server room with rows of computer servers, cables, and softly glowing screens displaying code amidst shadows.

Weak RSA Keys Exposed in Widespread Use

Meet the badkeys project, an open-source service that scans public keys for vulnerabilities, which recently uncovered a surprising pattern of weak RSA keys in widespread use. By analyzing a massive dataset of real-world public keys, the team discovered a substantial number of keys with a suspicious structure, featuring regularly spaced blocks of zero bits and random data.

Analyst 207
Cluttered home office desk with Linux workstation, notes, and technical books.

Arch Linux Cracks Down on Malicious Commits in User Repository

Malicious hackers have launched a massive assault on the Arch User Repository, compromising over 1,500 user-submitted packages and forcing the Arch Linux team to temporarily halt new account signups to contain the damage. The attack has been mitigated, but not before highlighting the vulnerability of community-run package repositories.

Analyst 207
Developer workspace with Windows laptop, notes, and coding materials, displaying a command-line interface with mixed…

Microsoft Brings Linux Commands to Windows with Coreutils Release

Microsoft just made life easier for developers who juggle Windows and Linux, releasing Coreutils for Windows, a package that brings commonly used Linux commands to Windows as native apps. This game-changing move eliminates frustrating workarounds and context switching, letting devs focus on what matters most - coding.

Analyst 207
Dimly lit server room with rows of computer servers, one server highlighted with a faint red glow.

Gogs Vulnerability Exposes Open-Source Git Service to RCE Attacks

A critical vulnerability in Gogs, an open-source Git service, has been exposed, leaving users open to remote code execution (RCE) attacks - and an exploit module is already available. The flaw was reported as early as March, but shockingly, the project's maintainers have failed to respond to the researcher ever since.

Analyst 207
A Flipper One device sits on a workbench surrounded by development tools and engineering notes.

Flipper Devices Seeks Community Help to Build Open Linux Platform

Join the mission to revolutionize hardware experimentation with Flipper Devices' new Linux platform, Flipper One, a high-performance tool for networking, AI, and radio analysis that's getting a boost from community collaboration. By pooling their expertise, the community can help bring this game-changing platform to life.

Analyst 207
Person working at computer workstation surrounded by Linux notes and documentation.

AI-Powered Bug Hunters Overwhelm Linux Security List

If you're using AI tools to find bugs, make sure to go the extra mile by creating a patch and adding real value to your report, rather than just sending a superficial notice. Don't be a drive-by reporter - take the time to understand the issue and contribute meaningfully.

Analyst 207
Generic computer server or network equipment rack in a data center setting.

NGINX Vulnerability Exposes Servers to DoS, Potential Code Execution

A critical vulnerability, CVE-2026-42945, has been lurking in NGINX's code for 18 years, exposing servers to potential DoS attacks and code execution - and affecting a staggering third of the top-ranked websites. This heap buffer overflow flaw, rated 9.2 in severity, is a wake-up call for NGINX users to take immediate action.

Analyst 207
Software development workspace with laptop, tools, and notes, set against a blurred cityscape with natural light.

Malware Infects Hundreds of Open-Source Packages in Supply-Chain Attack

A massive supply-chain attack, dubbed "mini Shai-Hulud," has infected hundreds of open-source packages with credential-stealing malware, putting millions of developers and users at risk. The malicious code has been embedded in widely-used libraries and projects, including TanStack's React Router, which alone has over 12 million weekly downloads.

Analyst 207
Developer workstation with code on laptop, coffee, and notes, with a large open-source project repository in the blurred…

Anthropic's Mythos AI Falls Short in Bug-Hunting Test

Anthropic's highly-hyped Mythos AI failed to impress in a recent bug-hunting test against cURL's codebase, with results that were largely dismissed as overhyped marketing. The limited test, run by cURL developer Daniel Stenberg, revealed that Mythos fell short of expectations.

Analyst 207
A tablet sits on a neutral surface with a blurred cityscape in the background.

EU Backs Open-Source Age Verification Tool to Protect Minors Online

The European Commission is taking a major step to safeguard minors online, recommending that EU member states adopt an open-source age verification tool that's easy for online platforms to implement. This move aims to shield kids from harmful content, building on the Digital Markets Act and Digital Services Act to hold big tech accountable.

Analyst 207
Cluttered computer workstation with laptop, cables, and mining equipment, faint code visible on screen.

ClawHub Skills Co-opt AI Agents in Secret Crypto Mining Operation

Meet ClawSwarm, a mysterious crypto mining operation that masquerades as a collection of harmless OpenClaw skills, with 9,800 downloads and counting. Researchers uncovered thirty suspicious skills published by a single user, "imaflytok", on ClawHub, a registry and marketplace for OpenClaw skills.

Analyst 207
Person holding a blueprint of a bank vault in a modern office setting.

Cal.com Shifts Away From Open Source Amid AI-Driven Security Concerns

Cal.com is ditching open source, citing AI-driven security risks that make transparent code a liability. Its CEO claims open source is dead, as AI tools empower attackers to exploit published code like never before.

Analyst 207
Older computer network card centered on a neutral surface with soft ambient light.

Linux Kernel Faces Large-Scale Device Support Cuts

The Linux kernel is set for a major overhaul, with plans to cut support for dozens of outdated devices, including ancient network cards and legacy parallel-port hardware, freeing up thousands of lines of code and reducing the maintenance burden. This could slash nearly 30,000 lines of code, just from Ethernet device removals alone.

Analyst 207
Speaker at podium in conference setting with blurred audience and gradient visuals on screen.

Open Source Models Challenge Dominance in Automated Bug Finding

The impressive performance of Anthropic's Mythos in automated bug finding, which uncovered 271 Firefox flaws, has been called into question by Ari Herbert-Voss, who argues that open-source models can be just as effective. Herbert-Voss suggests that Mythos's success can be attributed to its ability to detect both simple and complex vulnerabilities, thanks to a phenomenon he terms "supralinear scaling".

Analyst 207
Dark scene with broken padlock, circuit boards, and laptop screen displaying malicious model file in shadows.

SGLang Flaw Enables Remote Code Execution via Malicious Model Files

A single malicious file can become a powerful gateway for attackers to run arbitrary commands on vulnerable machines - and a newly disclosed flaw in SGLang, CVE-2026-5760, reveals just how easily this can happen through specially crafted GGUF model files. This highly severe vulnerability, scoring 9.8 out of 10.0, enables remote code execution on systems that trust it.

Analyst 207

OpenAI Rushes Updates for Mac Apps After Axios Hack Compromise

OpenAI recently issued urgent updates for its Mac apps after a developer tool inadvertently pulled in a malicious library, highlighting the risks of supply-chain vulnerabilities. Fortunately, the company assured that its systems and software integrity remained intact despite the incident.

Analyst 207
Diverse group of open-source developers blocked by a faceless figure at a locked gate.

Microsoft Abruptly Bans Top Open-Source Developers

Imagine being a leading open-source developer, only to be suddenly and silently locked out of your Microsoft developer account, with no warning, no emails, and no human contact - just automated blocks and a lengthy appeal wait. This is what recently happened to the creators of VeraCrypt and WireGuard, leaving their critical projects in limbo.

Analyst 207
Locked rusty gate in front of ominous tech company HQ at dusk with scattered, wilting open-source symbols nearby.

Microsoft Disrupts Open-Source Projects with Sudden Account Suspensions

Microsoft's sudden suspension of developer accounts has left maintainers of popular open-source projects locked out, unable to publish crucial security patches and software updates for Windows users. This abrupt move has sparked concern, with many wondering who will keep the digital roof fixed when the people who make the essential tools are shut out.

Analyst 207
Linux Kernel Vulnerability Poses Critical Threat

Linux Kernel Vulnerability Poses Critical Threat

A critical vulnerability in the Linux kernel has been uncovered, putting users at risk of a denial of service attack, and experts are warning of potentially far-reaching consequences. This shocking flaw, found in the ATI Rage 128 driver, highlights the importance of staying vigilant in the face of evolving cybersecurity threats.

Analyst 207
consulting GitLab instance: Must-Have Risky Breach Fixes

consulting GitLab instance: Must-Have Risky Breach Fixes

Red Hat confirmed that an unauthorized party accessed a consulting GitLab instance and exfiltrated data, spotlighting how even non-core environments can expose customers to serious risk. Act now: audit access logs, rotate credentials and secrets, isolate consulting projects, and enforce least-privilege and stronger identity controls to stop lateral attacks.

Analyst 207
Red Hat repositories Exclusive Critical Leak

Red Hat repositories Exclusive Critical Leak

Red Hat is scrambling after a hacking group called the Crimson Collective claims to have leaked roughly 570 GB from about 28,000 private repositories — including source code, internal notes and customer documents — a breach that could upend supply chains and privacy protections. If confirmed, assume exposure: rotate credentials, audit CI/CD and follow Red Hat’s guidance while investigators work to assess the full scope.

Analyst 207
Cyber Resilience Act: Must-Have or Risky Regulation

Cyber Resilience Act: Must-Have or Risky Regulation

Linux maintainer Greg Kroah‑Hartman pushes back on doomsday takes about the EU’s Cyber Resilience Act, arguing it’s unlikely to upend everyday open‑source work — but adds the real risk comes from fuzzy definitions and heavy‑handed implementation. If regulators carve out volunteers and focus on commercial actors, the CRA could boost software safety without choking the collaborative culture that powers so much of the internet.

Analyst 207