Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
31 articles

#Open Source

All CosmicBytez Labs articles tagged #Open Source, across news, security advisories, how-to guides, and projects.

  • NewsMay 28, 2026

    IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under "Project Lightwell"

    IBM and Red Hat unveil Project Lightwell, a $5B commitment to securing open-source supply chains by fixing vulnerabilities without breaking production.

  • NewsMay 27, 2026

    Apple Open-Sources Quantum-Resistant Encryption Code

    Apple has open-sourced its implementations of two NIST-standardized quantum-secure algorithms — ML-KEM and ML-DSA — including formal verification tooling that.

  • NewsMay 27, 2026

    CrowdStrike Dismantles Glassworm Botnet Targeting Open-Source Supply Chain

    CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet, stripping operators of infrastructure used to inject malware into OSS packages.

  • NewsMay 27, 2026

    Gitea Vulnerability Exposes Private Container Images without Authentication

    A Gitea flaw lets unauthenticated remote attackers pull private container images from self-hosted deployments with no account or credentials required.

  • NewsMay 27, 2026

    GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

    CrowdStrike, Google, and Shadowserver simultaneously disrupted GlassWorm C2 channels, ending a supply-chain campaign targeting developers via packages.

  • NewsMay 27, 2026

    Open Source DockSec Uses AI to Cut Through Vulnerability

    DockSec, an OWASP incubator project, combines multiple container security scanners with AI-generated plain-English remediation guidance and exact Dockerfile.

  • NewsMay 26, 2026

    The Hackers Behind Shai-Hulud: Lucky or Skilled?

    TeamPCP's Shai-Hulud worm inflicted serious damage on the open source ecosystem — but a close look at their operations raises the question of whether their.

  • NewsMay 23, 2026

    npm Adds 2FA-Gated Publishing and Package Install Controls

    GitHub has rolled out new security controls for npm including staged publishing with 2FA approval requirements and package install policies, giving...

  • NewsMay 21, 2026

    Socket Raises $60 Million at $1 Billion Valuation

    Supply chain security startup Socket has raised $60 million in a new funding round, valuing the company at $1 billion. The capital will expand Socket's...

  • NewsMay 18, 2026

    Shai-Hulud Worm Clones Spread After Code Release

    The public release of the Shai-Hulud worm source code by TeamPCP has triggered a wave of copycat variants appearing across the npm ecosystem. Security...

  • NewsMay 14, 2026

    PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours

    Threat actors began exploiting CVE-2026-44338, a missing authentication flaw in the PraisonAI multi-agent orchestration framework, within just four hours...

  • NewsMay 12, 2026

    Worm Redux: Fresh Mini Shai-Hulud Infections Bite npm

    Hundreds of npm packages in the TanStack open source ecosystem have been infected by a fresh wave of Mini Shai-Hulud worm activity from TeamPCP — the same...

  • NewsMay 9, 2026

    JDownloader Site Hacked to Replace Installers with Python

    The official website for JDownloader, one of the most widely-used open-source download managers, was compromised to distribute malicious Windows and Linux...

  • NewsMay 1, 2026

    Cisco Releases Open Source Tool for AI Model Provenance

    Cisco has released a new open source toolkit designed to track and verify the provenance of AI models throughout the supply chain, addressing risks from...

  • NewsApr 29, 2026

    Hackers Exploit RCE Flaws in Qinglong Task Scheduler for

    Threat actors are actively exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptomining...

  • SecurityApr 25, 2026

    CVE-2026-41478: Saltcorn SQL Injection Allows Full Database

    A critical SQL injection vulnerability in Saltcorn's mobile-sync routes allows any authenticated low-privilege user with read access to a single table to...

  • SecurityApr 23, 2026

    CVE-2026-33656: EspoCRM Formula Engine Attachment sourceId

    A critical improper access control vulnerability in EspoCRM's built-in formula scripting engine allows authenticated administrators to overwrite the...

  • SecurityApr 23, 2026

    CVE-2026-39987: Marimo Pre-Auth Remote Code Execution

    A critical pre-authorization remote code execution vulnerability in Marimo, the open-source reactive Python notebook, allows unauthenticated attackers to...

  • SecurityApr 23, 2026

    CVE-2026-41167: Jellystat Authenticated SQL Injection in

    A critical SQL injection vulnerability in Jellystat, the open-source statistics app for Jellyfin, allows authenticated users to execute arbitrary SQL...

  • SecurityApr 23, 2026

    CVE-2026-41228 — Froxlor Path Traversal via def_language

    A critical path traversal vulnerability in Froxlor's Customers.update and Admins.update API endpoints allows authenticated low-privilege users to traverse...

  • SecurityApr 23, 2026

    CVE-2026-41229 — Froxlor PHP Code Injection via MySQL

    A critical PHP code injection vulnerability in Froxlor allows an admin with change_serversettings permission to inject arbitrary PHP code via unescaped...

  • SecurityApr 17, 2026

    CVE-2026-40259 — SiYuan Knowledge Management Authorization

    A high-severity authorization bypass in SiYuan versions 3.6.3 and below allows attackers with RoleReader publish-service tokens to call a privileged...

  • NewsApr 9, 2026

    Microsoft Suspends Dev Accounts for High-Profile Open

    Microsoft has suspended developer accounts used to maintain several prominent open-source projects without prior notice or a quick reinstatement path,...

  • NewsApr 3, 2026

    Chainguard Unveils Factory 2.0 to Automate Hardening the

    The rebuilt Chainguard Factory platform adds deeper security automation designed to continuously reconcile open source artifacts across containers,...

  • NewsMar 31, 2026

    Claude Code Source Code Accidentally Leaked in NPM Package

    Anthropic accidentally published the source code for Claude Code — its normally closed-source AI coding assistant — inside an npm package. The company...

  • SecurityMar 24, 2026

    CVE-2026-33478: AVideo CloneSite Plugin Unauthenticated RCE

    A critical chain of vulnerabilities in WWBN AVideo's CloneSite plugin allows fully unauthenticated attackers to achieve remote code execution via key...

  • NewsMar 15, 2026

    Betterleaks: New Open-Source Secrets Scanner Built to

    Betterleaks is a new open-source tool that scans directories, files, and git repositories for valid secrets — and validates them against live APIs before...

  • HOWTOMar 13, 2026

    How to Deploy Wazuh SIEM/XDR for Unified Security Monitoring

    Step-by-step guide to deploying Wazuh as an open-source SIEM and XDR platform. Covers server installation, agent deployment across Windows and Linux,...

  • NewsFeb 23, 2026

    Cline CLI Supply Chain Attack Installs Unauthorized

    A compromised npm publish token was used to inject a malicious postinstall script into Cline CLI version 2.3.0 on February 17, 2026, silently installing...

  • ProjectFeb 1, 2026

    Build Your Own SIEM with Open-Source Tools

    Step-by-step project guide for building a functional SIEM using Wazuh, Elastic, and Grafana. Perfect for homelabs and small businesses.

  • NewsJan 18, 2026

    Supply Chain Attack Discovered in Popular NPM Packages

    Security researchers have discovered malicious code injected into several popular NPM packages with millions of weekly downloads. Developers urged to...