10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...
InfoQOpinion

Leading Open Source Author Calls for Verification over Trust in Software Supply Chains

In a blog post published in March 2026, Daniel Stenberg, creator and lead developer of curl, makes the case that the software ...
New Scientist

NHS England rushes to hide software over AI hacking fears

National Health Service rules state that all software created with public money should be publicly available, but fears of ...

Microsoft open-sources “the earliest DOS source code discovered to date”

For students of early PC history, this isn’t even the first piece of 86-DOS history that has been newly rediscovered this ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

11 Free And Open-Source Apps Every Mac User Needs To Try

Major operating systems sometimes leave out features users love. That's where these free, open-source app selections come in ...
TMCnet

Chainguard Joins FINOS to Accelerate Trusted Open Source Adoption for Financial Services in the AI Era

Chainguard to contribute expertise in software supply chain security, governance, and secure open source adoption KIRKLAND, Wash., May 11, 2026 /PRNewswire/ -- Chainguard, the trusted source for open ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Sonatype and Package Registry Leaders Unite to Address Open Source Sustainability Crisis

Sonatype ®, the leader in AI-driven DevSecOps and steward of Maven Central, today announced its participation as a founding member of the newly-formed Sustaining Package Registries Working Group.