All CosmicBytez Labs articles tagged #Open Source Security, across news, security advisories, how-to guides, and projects.
The popular jscrambler npm package was hijacked in version 8.14.0, silently dropping and executing a cross-platform Rust-based infostealer via a malicious...
The Miasma supply chain malware family — an evolution of Mini Shai-Hulud and linked to the Hades worm — has compromised hundreds of npm packages, abused...
OpenAI has released GPT-5.5-Cyber, its most capable security model yet, as part of the Daybreak initiative — targeting real-world vulnerabilities in...
GitHub has announced that npm version 12 will disable install scripts by default as a breaking change aimed at combating software supply chain attacks...
A new supply chain attack campaign dubbed BufferZoneCorp has been observed using sleeper packages in RubyGems and Go module registries to push...
Threat actors compromised the popular Python PyPI package 'Lightning' — used for PyTorch model training — pushing malicious versions 2.6.2 and onward to...
Security researchers discovered a remote code execution vulnerability in Apache ActiveMQ Classic that went undetected for 13 years, allowing attackers to...
The Axios HTTP client post-mortem reveals North Korean threat actors used a ClickFix-style fake Microsoft Teams error message to socially engineer a...
Chainguard's first-ever State of Trusted Open Source report reveals critical insights into open source consumption patterns across container images,...