Dark Reading

Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects

A pair of security vulnerabilities discovered in the GitHub environments of two very popular open source projects from Apache and Google could be used to stealthily modify project source code, steal ...
Morning Overview on MSN

Vibe coding’s downsides are piling up, especially for open-source projects

A growing body of academic research warns that AI-assisted “vibe coding,” where language models assemble software from ...
Bleeping Computer

Popular open source project Moq criticized for quietly collecting data

Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed on the NuGet software registry, Moq sees over ...

What Anthropic’s Massive 500,000-Line Source Code Leak Reveals About Claude

Leaked Claude Code internals detail Undercover Mode to hide AI commits and a YOLO classifier that decides when user approval is required.
Infosecurity-magazine.com

Majority of Critical Open Source Projects Contain Memory Unsafe Code

More than half (52%) of critical open source projects contain code written in a memory-unsafe language, according to a new analysis by the Cybersecurity and Infrastructure Security Agency (CISA) in ...
Bleeping Computer

CISA: Most critical open source projects not using memory safe code

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned ...