Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
9 articles

#Open Source Security

All CosmicBytez Labs articles tagged #Open Source Security, across news, security advisories, how-to guides, and projects.

  • NewsJul 11, 2026

    Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

    The popular jscrambler npm package was hijacked in version 8.14.0, silently dropping and executing a cross-platform Rust-based infostealer via a malicious...

  • NewsJun 26, 2026

    Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

    The Miasma supply chain malware family — an evolution of Mini Shai-Hulud and linked to the Hades worm — has compromised hundreds of npm packages, abused...

  • NewsJun 23, 2026

    OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

    OpenAI has released GPT-5.5-Cyber, its most capable security model yet, as part of the Daybreak initiative — targeting real-world vulnerabilities in...

  • NewsJun 11, 2026

    GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

    GitHub has announced that npm version 12 will disable install scripts by default as a breaking change aimed at combating software supply chain attacks...

  • NewsMay 1, 2026

    Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

    A new supply chain attack campaign dubbed BufferZoneCorp has been observed using sleeper packages in RubyGems and Go module registries to push...

  • NewsApr 30, 2026

    PyTorch Lightning and Intercom-client Hit in Supply Chain

    Threat actors compromised the popular Python PyPI package 'Lightning' — used for PyTorch model training — pushing malicious versions 2.6.2 and onward to...

  • NewsApr 8, 2026

    13-Year-Old Bug in ActiveMQ Lets Hackers Remotely Execute

    Security researchers discovered a remote code execution vulnerability in Apache ActiveMQ Classic that went undetected for 13 years, allowing attackers to...

  • NewsApr 4, 2026

    Axios npm Hack Used Fake Teams Error Fix to Hijack

    The Axios HTTP client post-mortem reveals North Korean threat actors used a ClickFix-style fake Microsoft Teams error message to socially engineer a...

  • NewsApr 2, 2026

    The State of Trusted Open Source Report: Key Findings for 2025

    Chainguard's first-ever State of Trusted Open Source report reveals critical insights into open source consumption patterns across container images,...