GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
heise online

Vibe Coding endangers the material basis for open-source projects

Given the vibe-coding boom, a study recommends a drastic step: open-source software should only be available for a fee. The ever-increasing use of Vibe Coding endangers the Open-Source Principle (OSS) ...