Hacker hijacks Axios open-source project, used by millions, to push malware

A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack ...
Nextgov

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...
Bleeping Computer

Open VSX rotates access tokens used in supply-chain malware attack

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in a supply chain attack.
Ars Technica

Supply-chain attacks on open source software are getting out of hand

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious ...
ZDNet

Trump's AI plan says a lot about open source - but here's what it leaves out

As expected, President Donald Trump's administration recently unveiled Winning the Race: AI Action Plan went all in on liberating AI companies to do what they want to make sure "that the United States ...
Forbes

What Leaders Need To Know About Open-Source Vs. Proprietary Models

HONG KONG, CHINA - JANUARY 28: In this photo illustration, the DeepSeek logo is seen next to the Chat GPT logo on a phone on January 28, 2025 in Hong Kong, China. (Photo illustration by Anthony ...