InfoQ

Empower Your Developers: How Open Source Dependencies Risk Management Can Unlock Innovation

Celine Pypaert discusses the ubiquitous nature of open-source software and shares a blueprint for securing modern ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of ...
CPO Magazine

When Patching Becomes a Coordination Problem, Not a Technical One

Security leaders often assume patching failures stem from technical limitations. In reality, many of the most disruptive patching delays originate from coordination breakdowns across teams, tools, and ...
Sarasota Herald-Tribune

TuxCare Announces Strategic Expansion of its CVE Tracker for End-of-Life Open-Source Software

PALO ALTO, CA, UNITED STATES, March 19, 2026 /EINPresswire.com/ — TuxCare, a global innovator in securing open source, today announced a major expansion of its ...
winbuzzer.com

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

A supply chain attack campaign is spreading invisible malicious code across GitHub, npm, and the VS Code extension marketplace, with more than 151 compromised repositories identified so far. According ...
CSOonline

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace checks and silently installing malware onto developers’ systems. Threat ...
LinuxInsider

Open-Source Vulnerabilities Double as AI Coding Grows

The mean number of open-source vulnerabilities per codebase doubled in the past year, according to the annual Black Duck Open Source Software and Risk Analysis (OSSRA) report released Wednesday. The ...
Reuters

New Kusari Research Finds Security Teams Stuck in Reactive AppSec as Software Supply Chain Accountability Tightens

RIDGEFIELD, CT, February 18, 2026 (EZ Newswire) -- Kusari, opens new tab, a leading innovator in software supply chain security and SBOM management, today released "Application Security in Practice," ...
The New York Times

Deception and Dependency: Inside the Latest Epstein Files

This transcript was created using speech recognition software. While it has been reviewed by human transcribers, it may contain errors. Please review the episode audio before quoting from this ...
GitHub

Incompatibility with OkHttp 4.x since 1.52.0

Since v1.52.0, opentelemetry-exporter-sender-okhttp and opentelemetry-sdk-extension-jaeger-remote-sampler started to depend on okhttp 5.x. If my application still needs depend on okhttp 4.x, I will ...
GitHub

Superkunair/shai-hulud-inspector

Shai Hulud is a sophisticated worm that spread through over 1,000 npm packages, named after the sandworms from the Dune universe. This attack represents one of the largest supply chain attacks ...