CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Google: Hackers used AI to develop zero-day exploit for web admin tool

Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
marktechpost

Meet GitNexus: An Open-Source MCP-Native Knowledge Graph Engine That Gives Claude Code and Cursor Full Codebase Structural Awareness

There is a quiet failure mode that lives at the center of every AI-assisted coding workflow. You ask Claude Code, Cursor, or Windsurf to modify a function. The agent does it confidently, cleanly, and ...
GitHub

AI can write. Trace can read.

Trace is an open-source static analyzer for AI-generated code. It detects the 24 failure patterns that only LLMs produce — hallucinated imports, credentials baked into source, exceptions silently ...
GitHub

A collection of the newest Claude Code open source

The raw leaked TypeScript source of Claude Code, preserved as-is from the original exposure on March 31, 2026. Contains 1,884 TypeScript/TSX files (packaged as src.zip) spanning the full src/ ...
Mashable

Google launches Gemma 4, a new open-source model: How to try it

Google just released its newest AI model Gemma 4, which is now both open and open source. Credit: Thomas Fuller/SOPA Images/LightRocket via Getty Images Google just released the latest version of its ...
SiliconANGLE

Anthropic accidentally exposes Claude Code source code in npm packaging error

Anthropic PBC has accidently exposed the source code for its Claude Code command-line interface tool through a packaging error that led to the inclusion of sensitive ...
Scientific American

Open-source software has an invisible vulnerability. Hackers have found it

The danger in the code came from characters that are invisible to the human eye. In early March researchers at several security firms examined what looked like empty space and found hidden Unicode ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As ...
Visual Studio Magazine

Going Local (& a Bit Loco) with Open-Source AI in VS Code

Running open-source AI locally in VS Code proved possible, but the path was more complicated than the polished model catalogs initially suggested. On a modest company laptop with 12 GB of RAM and no ...
Ars Technica

AI can rewrite open source code—but can it rewrite the license, too?

Computer engineers and programmers have long relied on reverse engineering as a way to copy the functionality of a computer program without copying that program’s copyright-protected code directly.