10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...
New Scientist

Backlash builds over NHS plan to hide source code from AI hacking risk

NHS England is pulling its open-source software from the internet because of fears around computer-hacking AI models like ...
MIT Technology Review

The Download: inside the Musk v. Altman trial, and AI for democracy

Plus: The Pentagon has struck sweeping AI deals for classified work. This is today's edition of The Download, our weekday ...
Decrypt

Someone Built an Open-Source 'Theoretical Mythos' to Reverse-Engineer Anthropic's Most Dangerous AI

OpenMythos is a from-scratch attempt to reconstruct the architecture behind Claude Mythos, the model Anthropic refuses to ...

Linux vulnerability "Copy Fail" is already being attacked

The Linux "Copy Fail" vulnerability, which grants attackers root privileges, became known before the weekend. It is already ...
Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
TMCnet

SAS expands SAS Viya with governed AI assistants and agentic AI capabilities

SAS, a global leader in data and AI, today announced expansions to SAS ® Viya ® that advance the platform's agentic AI ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...