Microsoft’s open source tools were hacked to steal passwords of AI developers

According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were some of the ...
InfoWorld

IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise

The $5 billion Project Lightwell initiative combines AI systems with 20,000 engineers to deliver validated fixes directly ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...
The Hacker News

The State of Trusted Open Source Report

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of ...
cybernews

100K stars in a day: Claw-code based on leaked Claude Code smashes GitHub record

Claw-code, a clean slate rewrite of leaked Claude Code, is now the fastest growing GitHub repository, reaching 100K stars in one day. Anthropic is trying to contain the genie released from the bottle, ...
the-decoder

OpenAI acquires Astral to bring Python's most popular dev tools into its Codex AI coding platform

OpenAI is acquiring Astral, the company behind the widely used Python tools Ruff, uv, and ty. Astral founder Charlie Marsh announced that his team is joining OpenAI's Codex team, the company's ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Ars Technica

AI can rewrite open source code—but can it rewrite the license, too?

Computer engineers and programmers have long relied on reverse engineering as a way to copy the functionality of a computer program without copying that program’s copyright-protected code directly.
theregister

Chardet dispute shows how AI will kill software licensing, argues Bruce Perens

Earlier this week, Dan Blanchard, maintainer of a Python character encoding detection library called chardet, released a new version of the library under a new software license. In doing so, he may ...
TechRadar

Best IDE for Python of 2026

We list the best IDE for Python, to make it simple and easy for programmers to manage their Python code with a selection of specialist tools. An Integrated Development Environment (IDE) allows you to ...