Tag: open source
44 articles

Flipper Zero Firmware Evolves with Community-Driven Model
The Flipper Zero firmware is getting a boost from its vibrant community, with Flipper Devices shifting to a community-driven model to keep up with the demand from over a million users. This change will allow the company to focus on building innovative new devices while still supporting the official firmware.

Researcher Releases Zero-Day Exploits, Bypassing Disclosure Norms
A pseudonymous security researcher, known as "bikini," has made a bold move by releasing over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects, sparking both interest and concern in the cybersecurity community. The researcher behind the Exploitarium GitHub repository is urging users to explore these vulnerabilities for research purposes only.

Weak RSA Keys Exposed in Widespread Use
Meet the badkeys project, an open-source service that scans public keys for vulnerabilities, which recently uncovered a surprising pattern of weak RSA keys in widespread use. By analyzing a massive dataset of real-world public keys, the team discovered a substantial number of keys with a suspicious structure, featuring regularly spaced blocks of zero bits and random data.

Arch Linux Cracks Down on Malicious Commits in User Repository
Malicious hackers have launched a massive assault on the Arch User Repository, compromising over 1,500 user-submitted packages and forcing the Arch Linux team to temporarily halt new account signups to contain the damage. The attack has been mitigated, but not before highlighting the vulnerability of community-run package repositories.

Microsoft Brings Linux Commands to Windows with Coreutils Release
Microsoft just made life easier for developers who juggle Windows and Linux, releasing Coreutils for Windows, a package that brings commonly used Linux commands to Windows as native apps. This game-changing move eliminates frustrating workarounds and context switching, letting devs focus on what matters most - coding.

Gogs Vulnerability Exposes Open-Source Git Service to RCE Attacks
A critical vulnerability in Gogs, an open-source Git service, has been exposed, leaving users open to remote code execution (RCE) attacks - and an exploit module is already available. The flaw was reported as early as March, but shockingly, the project's maintainers have failed to respond to the researcher ever since.

Flipper Devices Seeks Community Help to Build Open Linux Platform
Join the mission to revolutionize hardware experimentation with Flipper Devices' new Linux platform, Flipper One, a high-performance tool for networking, AI, and radio analysis that's getting a boost from community collaboration. By pooling their expertise, the community can help bring this game-changing platform to life.

AI-Powered Bug Hunters Overwhelm Linux Security List
If you're using AI tools to find bugs, make sure to go the extra mile by creating a patch and adding real value to your report, rather than just sending a superficial notice. Don't be a drive-by reporter - take the time to understand the issue and contribute meaningfully.

NGINX Vulnerability Exposes Servers to DoS, Potential Code Execution
A critical vulnerability, CVE-2026-42945, has been lurking in NGINX's code for 18 years, exposing servers to potential DoS attacks and code execution - and affecting a staggering third of the top-ranked websites. This heap buffer overflow flaw, rated 9.2 in severity, is a wake-up call for NGINX users to take immediate action.

Malware Infects Hundreds of Open-Source Packages in Supply-Chain Attack
A massive supply-chain attack, dubbed "mini Shai-Hulud," has infected hundreds of open-source packages with credential-stealing malware, putting millions of developers and users at risk. The malicious code has been embedded in widely-used libraries and projects, including TanStack's React Router, which alone has over 12 million weekly downloads.

Anthropic's Mythos AI Falls Short in Bug-Hunting Test
Anthropic's highly-hyped Mythos AI failed to impress in a recent bug-hunting test against cURL's codebase, with results that were largely dismissed as overhyped marketing. The limited test, run by cURL developer Daniel Stenberg, revealed that Mythos fell short of expectations.

EU Backs Open-Source Age Verification Tool to Protect Minors Online
The European Commission is taking a major step to safeguard minors online, recommending that EU member states adopt an open-source age verification tool that's easy for online platforms to implement. This move aims to shield kids from harmful content, building on the Digital Markets Act and Digital Services Act to hold big tech accountable.

ClawHub Skills Co-opt AI Agents in Secret Crypto Mining Operation
Meet ClawSwarm, a mysterious crypto mining operation that masquerades as a collection of harmless OpenClaw skills, with 9,800 downloads and counting. Researchers uncovered thirty suspicious skills published by a single user, "imaflytok", on ClawHub, a registry and marketplace for OpenClaw skills.

Cal.com Shifts Away From Open Source Amid AI-Driven Security Concerns
Cal.com is ditching open source, citing AI-driven security risks that make transparent code a liability. Its CEO claims open source is dead, as AI tools empower attackers to exploit published code like never before.

Linux Kernel Faces Large-Scale Device Support Cuts
The Linux kernel is set for a major overhaul, with plans to cut support for dozens of outdated devices, including ancient network cards and legacy parallel-port hardware, freeing up thousands of lines of code and reducing the maintenance burden. This could slash nearly 30,000 lines of code, just from Ethernet device removals alone.

Open Source Models Challenge Dominance in Automated Bug Finding
The impressive performance of Anthropic's Mythos in automated bug finding, which uncovered 271 Firefox flaws, has been called into question by Ari Herbert-Voss, who argues that open-source models can be just as effective. Herbert-Voss suggests that Mythos's success can be attributed to its ability to detect both simple and complex vulnerabilities, thanks to a phenomenon he terms "supralinear scaling".

SGLang Flaw Enables Remote Code Execution via Malicious Model Files
A single malicious file can become a powerful gateway for attackers to run arbitrary commands on vulnerable machines - and a newly disclosed flaw in SGLang, CVE-2026-5760, reveals just how easily this can happen through specially crafted GGUF model files. This highly severe vulnerability, scoring 9.8 out of 10.0, enables remote code execution on systems that trust it.
OpenAI Rushes Updates for Mac Apps After Axios Hack Compromise
OpenAI recently issued urgent updates for its Mac apps after a developer tool inadvertently pulled in a malicious library, highlighting the risks of supply-chain vulnerabilities. Fortunately, the company assured that its systems and software integrity remained intact despite the incident.

Microsoft Abruptly Bans Top Open-Source Developers
Imagine being a leading open-source developer, only to be suddenly and silently locked out of your Microsoft developer account, with no warning, no emails, and no human contact - just automated blocks and a lengthy appeal wait. This is what recently happened to the creators of VeraCrypt and WireGuard, leaving their critical projects in limbo.

Microsoft Disrupts Open-Source Projects with Sudden Account Suspensions
Microsoft's sudden suspension of developer accounts has left maintainers of popular open-source projects locked out, unable to publish crucial security patches and software updates for Windows users. This abrupt move has sparked concern, with many wondering who will keep the digital roof fixed when the people who make the essential tools are shut out.

Linux Kernel Vulnerability Poses Critical Threat
A critical vulnerability in the Linux kernel has been uncovered, putting users at risk of a denial of service attack, and experts are warning of potentially far-reaching consequences. This shocking flaw, found in the ATI Rage 128 driver, highlights the importance of staying vigilant in the face of evolving cybersecurity threats.

consulting GitLab instance: Must-Have Risky Breach Fixes
Red Hat confirmed that an unauthorized party accessed a consulting GitLab instance and exfiltrated data, spotlighting how even non-core environments can expose customers to serious risk. Act now: audit access logs, rotate credentials and secrets, isolate consulting projects, and enforce least-privilege and stronger identity controls to stop lateral attacks.

Red Hat repositories Exclusive Critical Leak
Red Hat is scrambling after a hacking group called the Crimson Collective claims to have leaked roughly 570 GB from about 28,000 private repositories — including source code, internal notes and customer documents — a breach that could upend supply chains and privacy protections. If confirmed, assume exposure: rotate credentials, audit CI/CD and follow Red Hat’s guidance while investigators work to assess the full scope.

Cyber Resilience Act: Must-Have or Risky Regulation
Linux maintainer Greg Kroah‑Hartman pushes back on doomsday takes about the EU’s Cyber Resilience Act, arguing it’s unlikely to upend everyday open‑source work — but adds the real risk comes from fuzzy definitions and heavy‑handed implementation. If regulators carve out volunteers and focus on commercial actors, the CRA could boost software safety without choking the collaborative culture that powers so much of the internet.