open-source software – Experimental News Clipping Site

Krebs on Security: 18 Popular Code Packages Hacked, Rigged to Steal Crypto

Sep 8, 2025

—

by

Source URL: https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/ Source: Krebs on Security Title: 18 Popular Code Packages Hacked, Rigged to Steal Crypto Feedly Summary: At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The…

Cloud Blog: How Baseten achieves 225% better cost-performance for AI inference (and you can too)

Sep 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/ai-machine-learning/how-baseten-achieves-better-cost-performance-for-ai-inference/ Source: Cloud Blog Title: How Baseten achieves 225% better cost-performance for AI inference (and you can too) Feedly Summary: Baseten is one of a growing number of AI infrastructure providers, helping other startups run their models and experiments at speed and scale. Given the importance of those two factors to its customers,…

Bulletins: Vulnerability Summary for the Week of August 25, 2025

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-245 Source: Bulletins Title: Vulnerability Summary for the Week of August 25, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown…

The Register: WhatsApp warns of ‘attack against specific targeted users’

Sep 1, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/01/infosec_in_brief/ Source: The Register Title: WhatsApp warns of ‘attack against specific targeted users’ Feedly Summary: PLUS: Microsoft ends no-MFA Azure access; WorkDay attack diverts payments; FreePBX warns of CVSS 10 flaw; and more Infosec In brief A flaw in Meta’s WhatsApp app “may have been exploited in a sophisticated attack against specific targeted…

Slashdot: Defense Department Reportedly Relies On Utility Written by Russian Dev

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://tech.slashdot.org/story/25/08/27/2026245/defense-department-reportedly-relies-on-utility-written-by-russian-dev?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Defense Department Reportedly Relies On Utility Written by Russian Dev Feedly Summary: AI Summary and Description: Yes Summary: The article highlights concerns over the fast-glob utility, widely used in Node.js applications, particularly within U.S. Department of Defense systems. Maintained by a Russian developer with ties to Yandex, the lack…

The Register: Putin on the code: DoD reportedly relies on utility written by Russian dev

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/27/popular_nodejs_utility_used_by/ Source: The Register Title: Putin on the code: DoD reportedly relies on utility written by Russian dev Feedly Summary: Fast-glob is widely used in government, security lab says A Node.js utility used by thousands of public projects – and more than 30 Department of Defense ones – appears to have a sole…

The Register: Nx NPM packages poisoned in AI-assisted supply chain attack

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/27/nx_npm_supply_chain_attack/ Source: The Register Title: Nx NPM packages poisoned in AI-assisted supply chain attack Feedly Summary: Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM…

Slashdot: Arch Linux Faces ‘Ongoing’ DDoS Attack

Aug 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://linux.slashdot.org/story/25/08/23/0513229/arch-linux-faces-ongoing-ddos-attack?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Arch Linux Faces ‘Ongoing’ DDoS Attack Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a DDoS attack on the Arch Linux community, emphasizing the security challenges faced by volunteer-driven projects and their reliance on external hosting and infrastructure. It highlights the ongoing mitigation efforts by the…

The Register: Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/19/apache_activemq_patch_malware/ Source: The Register Title: Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in Feedly Summary: Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux…

Slashdot: Google Says Its AI-Based Bug Hunter Found 20 Security Vulnerabilities

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/09/1947230/google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities Source: Slashdot Title: Google Says Its AI-Based Bug Hunter Found 20 Security Vulnerabilities Feedly Summary: AI Summary and Description: Yes Summary: Google’s Big Sleep, an LLM-based vulnerability researcher, reported 20 vulnerabilities in popular open-source software, marking a significant advancement in automated vulnerability discovery. This highlights the increasing efficacy of AI tools in…

Tag: open-source software