ActiveState Unifies 79M Components to Launch World's Largest Secure Open Source Catalog

The ActiveState catalog grew to 40 million components in mid 2025 when it introduced coverage for Java and R in addition to Python, Perl, Ruby, and Tcl. As of January 2026, the company has expanded ...
InfoWorld

Beyond NPM: What you need to know about JSR

NPM, the Node Package Manager, hosts millions of packages and serves billions of downloads annually. It has served well over the years but has its shortcomings, including with TypeScript build ...
Nature

Open-source AI tool beats giant LLMs in literature reviews — and gets citations right

Researchers have published the recipe for an artificial-intelligence model that reviews the scientific literature better than some major large language models (LLMs) are able to, and gets the ...
Bleeping Computer

Hackers exploit critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. On Windows, an ...
The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...
CoinDesk

Bitcoin miners get an open-source alternative as Tether launches MiningOS

Tether has released an open-source operating system for bitcoin mining, pitching it as a way to make running mining infrastructure simpler while reducing reliance on closed, vendor-controlled software ...
Bitcoin Magazine

Tether Launches Open-Source Bitcoin Mining Operating System

Tether has unveiled MiningOS (MOS) as part of a broader push to reduce the industry’s reliance on proprietary, vendor-controlled software. Tether has open-sourced a new operating system for bitcoin ...
decrypt

CrossCurve Threatens Legal Action After $3M Cross-Chain Bridge Exploit

Add Decrypt as your preferred source to see more of our stories on Google. CrossCurve said Sunday an attacker exploited a flaw in its bridge contracts and identified 10 Ethereum addresses that ...
Reuters

Open-source AI models vulnerable to criminal misuse, researchers warn

Thousands of servers run open-source LLMs outside major AI platforms security controls, researchers say Researchers identify removed guardrails in hundreds of open-source LLM instances LLMs can be ...
thecyberexpress

Malicious Open Source Software Packages Neared 500,000 in 2025

Malicious open source software packages have become a critical problem threatening the software supply chain. That’s one of the major takeaways of a new report titled “State of the Software Supply ...
Infosecurity-magazine.com

Researchers Uncover 454,000+ Malicious Open Source Packages

Security researchers have warned that the open source ecosystem has become a “structural risk,” after revealing another surge in malicious packages last year. Sonatype said in its 2026 State of the ...
Business Insider

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in ...

CAMBRIDGE, Mass., Jan. 27, 2026 (GLOBE NEWSWIRE) -- ReversingLabs (RL), the trusted name in file and software security, today released its fourth annual Software Supply Chain Security Report. The 2026 ...