OpenSSF Notes Quarter of Growth with New Members, Added AI Security Resources, and Growing Community

The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Florida Python Challenge: Help protect Florida’s ecosystem

The annual Florida Python Challenge has returned, with registered participants competing for a share of $25,000 in prizes.
The Next Web

Project Glasswing partners can now share Mythos findings beyond the programme

Anthropic will allow Project Glasswing partners to share Mythos cybersecurity findings with other companies, regulators, open-source maintainers and the media, subject to responsible-disclosure norms.

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...