A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

Advancing Open Source Patent Protection: Preservation of OIN 2.0 Source Code

Open Invention Network (OIN), the only organization dedicated to mitigating patent risk in open source software (OSS), today announced the preservation of the source code that makes up OIN 2.0’s Linux ...
Hosted on MSN

10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Open-source repositories are collapsing under the strain of 10 trillion downloads annually. All the major repositories are joining together to tackle this problem. While a lack of funds is a major ...
Guru3D

Malicious VS Code Extension Linked to Theft of 3,800 GitHub Repositories

A reported software supply chain attack involving a malicious Visual Studio Code extension has exposed the growing security ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...

GitHub Hack Scare: Attackers Claim They Stole Internal Source Code, Thousands of Private Repositories Now Up for Sale

A major cyber scare has hit GitHub, with hackers from TeamPCP claiming they accessed nearly 4,000 private repositories, ...

Moderne Introduces Changelog to Bridge Source Control and Change Control for AI-Driven, Multi-Repository Software Engineering

Moderne, the Agent Tools company for AI-driven software engineering, today announced Moderne Changelog, a new capability that gives engineering teams and AI coding agents unified visibility over pull ...