InfoWorld

Open source maintainers are being targeted by AI agent as part of ‘reputation farming’

“Once contribution and reputation building can be automated, the attack surface moves from the code to the governance process around it. Projects that rely on informal trust and maintainer intuition ...

Google patches first Chrome zero-day exploited in attacks this year

Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the ...
Decrypt

OpenClaw Creator Gets Big Offers to Acquire AI Sensation—Will It Stay Open Source?

Peter Steinberger's open-source AI agent OpenClaw hit 180,000 GitHub stars and spawned MoltBook chaos. Now Meta and OpenAI want to buy it, but he's determined to keep it free.

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
The New York Times

Democrats Reach Spending Deal With Trump, Seeking to Rein In ICE

Democrats and the White House agreed to fund the Department of Homeland Security for two weeks while they negotiate restrictions on an immigration crackdown. Senators said they hoped to vote on the ...
The Hacker News

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of ...
The Hill

GOP senators open to splitting off DHS funding to pass other key spending bills

A group of Republican senators is open to splitting the Homeland Security appropriations measure off from a six-bill government funding package that needs to pass by Friday to avoid a partial ...
thecyberexpress

Malicious Open Source Software Packages Neared 500,000 in 2025

Malicious open source software packages have become a critical problem threatening the software supply chain. That’s one of the major takeaways of a new report titled “State of the Software Supply ...
Business Insider

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

CAMBRIDGE, Mass., Jan. 27, 2026 (GLOBE NEWSWIRE) -- ReversingLabs (RL), the trusted name in file and software security, today released its fourth annual Software Supply Chain Security Report. The 2026 ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...
CBS News

Sen. Angus King says he won't vote for package with ICE funding, but "we don't have to have a shutdown"

Washington — Independent Sen. Angus King of Maine said Sunday that he won't vote for a package to fund the government if it includes funding for ICE, as lawmakers scramble to pass a slate of funding ...
The Hacker News

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, ...