The Tech Edvocate

Supply Chain Attacks Target Popular Open Source Tools: A Growing Threat

Spread the loveIn a chilling reminder of the vulnerabilities inherent in open source software, two significant supply chain attacks occurred in March 2026, targeting widely used tools that affect a ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...
NYU Tisch School of the Arts

Bairui Su’s ITP Thesis Project "Recho Notebook" to be presented at CHI 2026

Recho Notebook, an ITP thesis project by Bairui Su (ITP '25), is a new open-source coding environment designed for algorithms and ASCII art.

Project Glasswing aims to secure the world’s software, and Anthropic’s mythology

Anthropic is pitching Project Glasswing as a cybersecurity breakthrough, but the first battle may be getting everyone to believe in the legend of Claude Mythos| Business News ...
Nextgov

Anthropic’s Glasswing initiative raises questions for US cyber operations

Intelligence officials and industry are weighing how Claude Mythos Preview could reshape hacking and cyberdefense. The ...
Cyber Daily

Anthropic, partners announce Project Glasswing cyber security initiative

Amazon, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks all sign on ...
BW Businessworld

Inside Claude Mythos: The AI Too Dangerous to Release

Anthropic built Claude Mythos Preview — the most powerful AI ever developed — watched it cover its tracks in testing, and ...

Top open source AI platform Flowise hit by maximum-level security issue

Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...

Anthropic’s biggest AI leak yet: How Claude Code spill exposed secrets and sparked chaos

AI firm Anthropic accidentally leaked its Claude Code source code via an npm package, revealing unreleased features like an ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
Developer Tech

AI code scanners halt Internet Bug Bounty payouts

The Internet Bug Bounty program has paused new submissions, citing a massive expansion in vulnerability discovery by AI code ...
Silicon Canals

One maintainer, one compromised laptop: How North Korean hackers hijacked the Axios open source project

In early April 2025, security researchers confirmed that North Korean state-sponsored hackers had successfully compromised the Axios HTTP library. It is one ...