Articles about Open Source

The latest OS Malware Index from Sonatype shows a 140 percent surge in open source malware as attackers target data and trusted dependencies.

The index is compiled from analysis of 34,319 open source malware packages discovered by Sonatype across major open source registries including npm, PyPI, Hugging Face, and more. This quarter’s count brings the total number of malicious packages Sonatype has discovered to 877,522 since 2019.

Continue reading →

Google has released information on a new AI-powered agent that automatically improves code security by fixing critical software vulnerabilities.

CodeMender has been built over the past six months and the company has already upstreamed 72 security fixes to open source projects, including some as large as 4.5 million lines of code.

Continue reading →

As more organizations scale up containerized workloads they’re also facing increasing security and compliance challenges.

Kim McMahon part of the leadership team at Sidero Labs to discuss the vulnerabilities enterprises are encountering when scaling up Kubernetes on traditional operating systems and what they can do to counter them.

Continue reading →

The Swiss have something of a reputation for being methodical -- particularly when it comes to things like banking -- so it’s no surprise that they take a similar approach to creating a large language model.

EPFL, ETH Zurich and the Swiss National Supercomputing Centre (CSCS) have today released Apertus, a large-scale, open, multilingual LLM. Apertus -- Latin for ‘open’ -- the name highlights its distinctive feature, that the entire development process, including its architecture, model weights, and training data and recipes, is openly accessible and fully documented.

Continue reading →

The Linux Foundation has released the 2025 World of Open Source Europe Report, describing open source as a strategic advantage for Europe but warning that a lack of cohesive strategy, leadership buy-in, and policy alignment could hold the continent back. The report, presented at the Open Source Summit Europe, draws on insights from more than 300 IT leaders.

The report found that open source is not just widely adopted but has become essential to Europe’s digital sovereignty. Despite this, the study warns that without deeper investment, stronger executive commitment, and policy frameworks that encourage innovation, Europe risks falling short of its potential to lead in global open innovation.

Continue reading →

Many of the concerns about artificial intelligence can be overcome through transparency. And it is in the name of transparency that Elon Musk has announced the open sourcing of its Grok 2.5 model.

More than this, the AI firm will also make the Grok 3 model open source is around six months.

Continue reading →

Microsoft has announced that it has plans to “truly open sourcing” WinUI, the user interface framework that is embedded in Windows. Although no specific timeframe has been mentioned, the company is “actively working toward it”.

Pointing out that making the WinUI repository open source is not just a “flip-the-switch moment” but a “deliberate process”, Microsoft lead software engineer Beth Pan says that the process is a complicated one. This is part of the reason for not being willing to commit to a specific end date for any particular milestone.

Continue reading →

According to Verizon’s 2025 Data Breach Investigations Report, API-related breaches have increased nearly 40 percent year-on-year, with broken authorization cited as one of the most exploited flaws.

Now though Intruder, a leader in attack surface management, has launched Autoswagger -- a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities.

Continue reading →

Mainstream developers and users are increasingly seeking alternatives to big tech’s centralized servers and cloud-based systems.

Issues like data breaches, censorship, and monopolization are driving this trend. We spoke to Mathias Buus Madsen, CEO of Holepunch, about why decentralization matters and how we can expect the trend to develop.

Continue reading →

Chaos RAT is back and causing trouble on Linux and Windows systems. This open source remote access tool was once pitched as a legitimate way to manage computers remotely. Now, it is being used to spy on users, steal data, and possibly set the stage for ransomware. But in an ironic twist, attackers are now turning the tables and exploiting Chaos RAT itself.

Originally written in Go and designed for cross platform compatibility, Chaos RAT has evolved from a basic tool into a very dangerous piece of malware. It has been spotted in real world attacks including a recent sample disguised as a Linux network utility. Victims were likely tricked into downloading a fake troubleshooting tool containing the malware.

Continue reading →

New research finds that 32 percent of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations. 68 percent are more realistic, noting they feel uncertain about achieving this near-impossible outcome.

The study from Lineaje, carried out among RSA attendees, also shows that while software bill of material (SBOM) regulations and guidelines continue to increase, organizations vary in their level of adoption.

Continue reading →

Armbian 25.5 is here, and it looks like a quality operating system release for anyone messing around with ARM-based boards. The Linux distribution brings better hardware support, smarter configuration tools, and more.

This update adds support for more single-board computers, including the TI SK-AM69, Banana Pi M2+, BeagleBone AI-64, BeaglePlay, and PocketBeagle2. That covers both newer devices and older ones that still have life left in them. Armbian’s not leaving legacy users behind, which is refreshing.

Continue reading →

Linus Torvalds has officially released version 6.15 of the Linux kernel. While this update doesn’t include anything flashy or headline-grabbing, it continues the steady evolution of the most important open source kernel in the world.

As usual, driver updates make up the bulk of changes. Linux 6.15 brings better support for modern hardware, including fixes for newer Lenovo and HP laptops, updates to Allwinner and Rockchip boards, and expanded controller support in the xpad driver.

Continue reading →

Memorial Day weekend is finally here! Most folks are obviously thinking about barbecues, beach trips, and most importantly, honoring members of the military that lost their lives defending this great nation.

However, there’s another way to celebrate freedom -- ditching Windows 11 for Linux. Yes, you can install something that actually respects your control and privacy. NixOS 25.05 “Warbler” has just landed (read full release notes here), and it’s a perfect excuse to finally make the switch.

Continue reading →

Runtime AI defense platform Operant AI is launching Woodpecker, an open-source, automated red teaming engine, that isn't for the birds but aims to make advanced security testing accessible to organizations of all sizes.

As organizations increasingly adopt complex cloud-native applications and AI technologies, security vulnerabilities have become more sophisticated and challenging to detect. Woodpecker is designed to help organizations proactively detect and address security vulnerabilities across AI systems, Kubernetes environments, and APIs.

Continue reading →