A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
Benzinga.com

China's DeepSeek To Open-Source Key Code Repositories In A Bid For Full Transparency

AI startup DeepSeek announced plans to open-source five of its code repositories, a move aimed at fostering transparency and community-driven innovation. A code repository is a centralized storage ...
Guru3D.com

Malicious VS Code Extension Linked to Theft of 3,800 GitHub Repositories

A reported software supply chain attack involving a malicious Visual Studio Code extension has exposed the growing security risks surrounding modern development environments. According to published ...
TechCrunch

DeepSeek to open source parts of online services code

Chinese AI lab DeepSeek plans to open source portions of its online services’ code as part of an “open source week” event next week. DeepSeek will open source five code repositories that have been ...