Hosted on MSN

Trellix just admitted hackers broke into its own source-code repository — exposing the cybersecurity firm’s internal tools to outsiders

A cybersecurity company trusted to guard some of the largest networks in the country has confirmed that hackers penetrated its own source-code repository. Trellix, whose endpoint detection and ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Benzinga.com

China's DeepSeek To Open-Source Key Code Repositories In A Bid For Full Transparency

AI startup DeepSeek announced plans to open-source five of its code repositories, a move aimed at fostering transparency and community-driven innovation. A code repository is a centralized storage ...
TechCrunch

DeepSeek to open source parts of online services code

Chinese AI lab DeepSeek plans to open source portions of its online services’ code as part of an “open source week” event next week. DeepSeek will open source five code repositories that have been ...

Why automated open source scans don't guarantee license compliance

Hannah Dacayanan of UnitedLex discusses ways in which automated software composition analysis tools identify open source ...
Ars Technica

Supply-chain attacks on open source software are getting out of hand

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious ...
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of ...