SiliconANGLE

New repository aims to illuminate open-source package vulnerabilities and malicious code

The Open Source Security Foundation today launched its Malicious Packages Repository, an open-source system for collecting and publishing cross-ecosystem reports of malicious packages. Claimed to be ...
The Manila Times

Weaviate Launches Agent Skills to Empower AI Coding Agents

The new open-source repository delivers structured skills, slash commands, and production-ready cookbooks to reduce AI coding errors and speed up Weaviate-based application development.
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
Nextgov

Bypassing Procurement Can Introduce Some Unwanted Visitors

The federal IT procurement safety net may be developing some holes. Many federal developers are forgoing traditional software purchasing in favor of going directly to the source and downloading code ...
Bleeping Computer

Open-source repositories flooded by 144,000 phishing packages

Unknown threat actors have uploaded a massive 144,294 phishing-related packages on open-source package repositories, inluding NPM, PyPi, and NuGet. The large-scale attack resulted from automation, as ...