10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...

Weaver E-cology critical bug exploited in attacks since March

Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since ...
The Manila Times

Sonatype and Package Registry Leaders Unite to Address Open Source Sustainability Crisis

New Linux Foundation initiative convenes registry leaders to develop shared approaches to funding, governance, and long-term ecosystem resilience.

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
ADTmag

JobRunr Introduces ClawRunr Open-Source Agent Runtime in Pure Java

JobRunr Introduces ClawRunr Open-Source Agent Runtime in Pure Java. By ADTMag.com Editors; May 5, 2026; JobRunr, a software company that develops an eponymous, open-source Java li ...

How to Install OpenAI Codex on Windows with Security Measures

Learn how to install OpenAI Codex on Windows, with essential security measures to protect your API keys, system, and ...
InfoQ

AI-First Software Delivery: Balancing Innovation with Proven Practices

Wes Reisz discusses the shift toward AI-first software delivery, emphasizing that agentic workflows are not one-size-fits-all ...
InfoQ

GitHub Enhances CodeQL with Declarative Security Modeling for Faster, More Flexible Analysis

GitHub has introduced a significant update to its CodeQL engine, enabling developers to define custom sanitizers and ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
MIT Technology Review

The Download: inside the Musk v. Altman trial, and AI for democracy

Plus: The Pentagon has struck sweeping AI deals for classified work. This is today's edition of The Download, our weekday ...
Graham Cluley

Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Meta’s smart glasses promise privacy “designed for you” – but everything they record was being beamed off to workers in ...
Twinfinite

Slime Seas Codes (May 2026)

For players just diving into the world of Slime Seas, the official Slime Seas Trello is the ultimate survival guide. It serves as a comprehensive roadmap for beginners, breaking down the core ...