Ars Technica

Winamp deletes entire GitHub source code repo after a rocky few weeks

Winamp, through its Belgian owner Llama Group, posted the source for its “Legacy Player Code” on September 24 so that developers could “contribute their expertise, ideas, and passion to help this ...
CSOonline

Open source package entry points could be used for command jacking

Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, ...
Dark Reading

Malicious Python Package Relies on Steganography to Download Malware

Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files. The malicious package was available on PyPI, a package index ...