Over two dozen organizations built a shared platform to triage vulnerabilities, fix them, and secure the software before patches arrive.
The post Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure appeared first on SecurityWeek.
IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
Project Lightwell is designed to fix vulnerabilities without breaking what is already in production.
The post IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” appeared first on SecurityWeek.
Cisco Releases Open Source Tool for AI Model Provenance
The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident response.
The post Cisco Releases Open Source Tool for AI Model Provenance appeared first on SecurityWeek.
Telnyx Targeted in Growing TeamPCP Supply Chain Attack
Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux.
The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek.
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
Hackers published a malicious scanner release and replaced tags to point to information-stealer malware.
The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek.
Tech Giants Invest $12.5 Million in Open Source Security
Anthropic, AWS, Google, Microsoft, and OpenAI fund the Linux Foundation’s long-term security initiatives focused on open source software.
The post Tech Giants Invest $12.5 Million in Open Source Security appeared first on SecurityWeek.
OpenAI Rolls Out Codex Security Vulnerability Scanner
Codex Security, formerly Aardvark, has found hundreds of critical vulnerabilities in tested software in the past month.
The post OpenAI Rolls Out Codex Security Vulnerability Scanner appeared first on SecurityWeek.
RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool
Quantickle is a browser-based tool designed for creating visual representations of threat research.
The post RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool appeared first on SecurityWeek.
From Open Source to OpenAI: The Evolution of Third-Party Risk
From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting.
The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek.
$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits
Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities.
The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek.
