Microsoft has cut off access to dozens of its open-source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code. Many of the affected projects…
CrowdStrike, working with Google and Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks, took down a botnet that cybercriminals used to push malware and steal passwords from open-source software developers. The…
In an ongoing cyberattack, hackers have compromised several popular open source projects that software developers all over the world rely on. On Tuesday, cybersecurity firms StepSecurity and SafeDep warned of the latest wave of supply-chain…
Grafana Labs, the maker of its eponymous popular open source web visualization software, confirmed it had been hacked but that it refused to pay the hackers who had threatened to release the company’s codebase. In…
Earlier this week, hackers hijacked several open source projects used by dozens of companies and pushed updates designed to spread malware. This is the latest in a string of recent so-called “supply chain” attacks targeting…
A North Korean cyberattack that last Monday briefly hijacked one of the most widely used open source projects on the web took weeks to carry out as part of a long-running campaign to target the…
Social community platform Discord is preparing to require users to verify their age by the second half of 2026, and users are concerned about the privacy of uploading a government ID or face scan to…
The developer of the popular open-source text editor Notepad++ has confirmed that hackers hijacked the software to deliver malicious updates to users over the course of several months in 2025. In a blog post published…
OpenSNP, a large open source repository for user-uploaded genetic data, will shut down and delete all of its data at the end of April, co-founder Bastian Greshake Tzovaras has confirmed. In a blog post, openSNP’s…
There are many metrics to track the prevalence of open source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases. Census III…