Open Source

Open Source | News, how-tos, features, reviews, and videos

Latest from today

News
Image

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing credential stealing malware.

By Lucian Constantin
6 mins
CyberattacksCybercrimeOpen Source
News
Image

Internet Bug Bounty program hits pause on payouts

By Maxwell Cooter
2 mins
BugsOpen SourceVulnerabilities
News
Image

Stop using AI to submit bug reports, says Google

By Maxwell Cooter
2 mins
Artificial IntelligenceOpen SourceSoftware Development
News

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

By Taryn Plumb
5 mins
CyberattacksCybercrimeOpen Source
News

Compromised npm package silently installs OpenClaw on developer machines

By Taryn Plumb
5 mins
Artificial IntelligenceOpen SourceVulnerabilities
News

Open source maintainers being targeted by AI agent as part of ‘reputation farming’

By John E. Dunn
4 mins
Artificial IntelligenceOpen SourceRisk Management
News

Researchers unearth 30-year-old vulnerability in libpng library

By John Leyden
3 mins
Open SourceSecurityVulnerabilities
News

Spam flooding npm registry with token stealers still isn’t under control

By Howard Solomon
7 mins
Application SecurityDevelopment ToolsOpen Source
News

How GlassWorm wormed its way back into developers’ code — and what it says about open source security

By Taryn Plumb
6 mins
CybercrimeDevelopment ToolsMalware

Articles

news

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.

By Howard Solomon
Oct 30, 2025 6 mins
Open SourceSecuritySoftware Development
news

Warning: Hackers have inserted credential-stealing code into some npm libraries

‘This is a new frontier’ of malware in open source repositories, says one expert.

By Howard Solomon
Sep 16, 2025 6 mins
Application SecurityMalwareOpen Source
news analysis

Researchers uncover RCE attack chains in popular enterprise credential vaults

Open-source credential management systems HashiCorp Vault and CyberArk Conjur had flaws enabled remote code execution among other attacks.

By Lucian Constantin
Aug 6, 2025 9 mins
Identity and Access ManagementNetwork SecurityOpen Source
news

Supply chain attack compromises npm packages to spread backdoor malware

Phishing attacks on package maintainer accounts led to infected JavaScript type testing utilities.

By John E. Dunn
Jul 24, 2025 5 mins
MalwareOpen SourceSupply Chain
brandpostSponsored by CA Veracode

Get a Jump on Reducing Your Open Source Software Security Risks

Aug 31, 2018 5 mins
Open SourceSecurity
news

GitHub secrets: Deleted files still pose risks

By leveraging Git’s version control features, one can retrieve deleted files and the sensitive content within.

By Shweta Sharma
Apr 24, 2025 3 mins
Open SourceSecurityVulnerabilities
news

Thousands of open source projects at risk from hack of GitHub Actions tool

Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.

By Howard Solomon
Mar 17, 2025 1 min
Data BreachOpen SourceVersion Control Systems
news analysis

Python administrator moves to improve software security

The popular programming language has added a way to check for malware-laded packages.

By David Strom
Jan 23, 2025 5 mins
MalwareOpen SourceSoftware Development
news

Open source package entry points could be used for command jacking

Threat actors could use these supply chain attacks to compromise applications, says Checkmarx.

By Howard Solomon
Oct 14, 2024 7 mins
Open SourceSecurityVulnerabilities
news analysis

Malicious open-source software packages have exploded in 2024

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks.

By Lucian Constantin
Oct 14, 2024 6 mins
MalwareOpen SourceThreat and Vulnerability Management
feature

How CISOs can tackle the pernicious problem of poisoned packages

Primary code repositories are a godsend for software developers but offer easy access for threat actors to deliver malware. Experts say CISOs should scan for threats and be aware of the dangers.

By Cynthia Brumfield
Aug 20, 2024 8 mins
Cloud SecurityDevSecOpsOpen Source
news

New critical Apache OFBiz vulnerability patched as older flaw is actively exploited

Researchers discovered a new RCE flaw while analyzing the patch for a different flaw currently targeted by attackers. As the fifth critical flaw this year for the ERP framework, users are urged to update ASAP.

By Lucian Constantin
Aug 5, 2024 3 mins
Open SourceVulnerabilities
news

Docker re-fixes a critical authorization bypass vulnerability

Although a patch was issued for a previous version, subsequent versions did not include it, leading to regression.

By Shweta Sharma
Jul 25, 2024 3 mins
Open SourceVulnerabilities
View all

Resources

whitepaper

From migration to transformation: A fireside chat with Expedia and Santander

Moving to Atlassian cloud is just the beginning; the real value comes from what happens next. In this customer conversation, hear firsthand from Expedia and Santander.

The post From migration to transformation: A fireside chat with Expedia and Santander appeared first on Whitepaper Repository -.

By Atlassian
14 May 2026
Business OperationsCloudDigital Transformation
Image
whitepaper

A cloud platform built for every organization

By Atlassian
14 May 2026
Business OperationsCloudDigital Transformation
Image
whitepaper

Accelerate your cloud migration with Atlassian FastShift

By Atlassian
14 May 2026
Business OperationsCloudDigital Transformation
Image
View all

Video on demand

video

How to send Slack messages with R

In this episode of Do More With R, Sharon shows you how to send Slack messages using R. It may not seem helpful at first, but there's plenty of uses. You can even use it to notify yourself or others when a lengthy R script finishes running.

Jun 19, 2019 8 mins
JavaOpen Source
See all videos