ActiveState Unifies 79M Components to Launch World's Largest Secure Open Source Catalog

ActiveState, a global leader in open source language solutions and secure software supply chain management, today announced it has grown its catalog of secure open source components to 79 million, ...
The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...
InfoWorld

Beyond NPM: What you need to know about JSR

NPM, the Node Package Manager, hosts millions of packages and serves billions of downloads annually. It has served well over the years but has its shortcomings, including with TypeScript build ...

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
The Hacker News

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Malicious StripeApi.Net package on NuGet mimicked Stripe.net, logged 180,000 downloads, and stole Stripe API tokens before removal.

The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web

OpenClaw has sparked heavy Telegram and dark web chatter, but Flare's data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills ...
CSO Online

Open source maintainers being targeted by AI agent as part of ‘reputation farming’

“Once contribution and reputation building can be automated, the attack surface moves from the code to the governance process around it. Projects that rely on informal trust and maintainer intuition ...
Game Rant

ARC Raiders Players Find Yet Another Game-Breaking Exploit

After completing a degree in Film, Television, and Cultural Studies at Manchester Metropolitan University, I decided to pursue my love of writing and video games by entering the world of video game ...
CSO Online

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.
ZDNet

10 open-source apps I recommend every Windows user download - for free

If Windows is your preferred operating system, consider these open-source apps. There are numerous open-source apps available for almost any task. These are all free to install and use on Windows.
The Hill

Why 7 GOP senators voted against bill to keep government open past Friday

Seven Republican senators on Thursday voted against advancing a six-bill funding package to keep the government open past Friday, citing concerns about the ballooning federal deficit and what they saw ...
The Hill

GOP senators open to splitting off DHS funding to pass other key spending bills

A group of Republican senators is open to splitting the Homeland Security appropriations measure off from a six-bill government funding package that needs to pass by Friday to avoid a partial ...