The maker of ChatGPT wants to make open-source projects less of a security bargain

As AI tools flood open-source maintainers with low quality bug reports, OpenAI's new Patch the Planet initiative aims to ...
Israel Defense

Hundreds of Open Source Projects Exposed to CI/CD Attack Pattern

A new supply chain vulnerability pattern could be quietly affecting hundreds of open source projects, according to research from Israeli AI security start-up Novee Security.The firm has dubbed the ...
InfoWorld

OpenAI rolls out AI-led push to fix open-source software flaws

Patch the Planet’ pairs automated analysis with expert review to uncover and remediate vulnerabilities in core infrastructure ...
Cryptopolitan on MSN

Cordyceps flaws let anyone with a free GitHub account hijack CI/CD pipelines at Microsoft ...

Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories ...
Developer Tech

OpenAI deploys GPT-5.5-Cyber for open-source vulnerability fixes

OpenAI has deployed GPT-5.5-Cyber to execute automated open-source vulnerability remediation alongside security firm Trail of ...
Visual Studio Magazine

Open VSX 1.0.0 Puts Focus on Open Extension Registry for VS Code Ecosystem

Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.
OSTechNix

Linux Kernel 7.2 43 Million Lines of Code

Linux 7.2-rc1 hits 43 million source lines. We ran cloc, tokei, scc, and wc -l and explain exactly why each tool gives a ...

OpenAI: Yoo-hoo, look over here, we do that security stuff too!

Speaking of Codex: OpenAI on Monday released a Codex Security plugin⁠ that the company says “enables out-of-the-box defensive ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Opinion
Database Trends and ApplicationsOpinion

Chainguard Repository 2.0 Delivers Security and Compliance Updates

Chainguard is expanding Repository with new policy controls, malware and greyware scanning, and support for Java, Python, and container artifacts-helping organizations govern software consumption ...