Ars Technica

Winamp deletes entire GitHub source code repo after a rocky few weeks

Winamp, through its Belgian owner Llama Group, posted the source for its “Legacy Player Code” on September 24 so that developers could “contribute their expertise, ideas, and passion to help this ...
CSOonline

Open source package entry points could be used for command jacking

Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, ...

I've tried nearly every Linux package manager - these remain my favorite

We're now veering into the realm of universal package managers, which are named as such because they work on nearly any Linux ...
Dark Reading

Malicious Python Package Relies on Steganography to Download Malware

Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files. The malicious package was available on PyPI, a package index ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...
Wired

The Tricky Aftermath of Source Code Leaks

The Lapsus$ digital extortion group is the latest to mount a high-profile data-stealing rampage against major tech companies. And among other things, the group is known for grabbing and leaking source ...