Open Source Security Archives

Let’s Coordinate Before We Raise Another Billion Dollars

Alan Shimel | June 1, 2026 | cybersecurity coordination, cybersecurity funding, frontier AI, Jen Easterly, Open Source Security, open source sustainability, software supply chain, tech governance

The conversation around open source cybersecurity is rapidly shifting from raising awareness to managing an explosion of fragmented solutions. Jen Easterly’s proposal for a billion-dollar public-interest fund highlights the undeniable reality that ...

Security Boulevard

vulnerabilities, root cause, Microsoft Storm-1152 fake accounts CaaS

Anthropic’s Mythos Finds 10,000 Security Flaws, Exposes Patching Obstacles

Jeffrey Burt | May 25, 2026 | AI Security, Anthropic Claude, Anthropic Mythos, frontier AI models, Microsoft, Open Source Security, Oracle, Palo Alto Networks, Project Glasswing, vulnerability patching, WolfSSL

Anthropic says its much-talked-about Mythos Preview model was able to detect more than 10,000 high- and critical-severity flaws for the 50-plus members of the AI vendor's Project Glasswing, and that such capabilities ...

Security Boulevard

Project Glasswing: When AI Becomes the Ultimate Hacker—and Defender

Anthropic has introduced Project Glasswing, a cybersecurity initiative powered by an unreleased AI model called Claude Mythos. This system can identify zero-day vulnerabilities, generate exploits, and even help fix them—often without human ...

Shared Security Podcast

data, hack, application cyberwarfare firewall

The Arms Race is Already Over. You Just Don’t Know Which Side Won.

Alan LeFort | April 1, 2026 | AI-Driven Exploitation, Anthropic Claude 4.6, behavioral detection, Cybersecurity Economics, identity-based attacks, Open Source Security, prompt injection, , Synthetic Actors, Trust Layer Security, Vulnerability Remediation Gap., zero-day vulnerabilities

Anthropic’s Claude 4.6 found 500+ zero-days, but the real story is economic. As AI secures code, attackers are shifting to the "Trust Layer"—AI-driven social engineering and identity deception ...

Security Boulevard

NetRise Launches Provenance to Map Who Is Behind Open Source Components and How Risk Spreads

Techstrong Editorial | March 25, 2026 | NetRise, Open Source Security, RSAC 2026, SBOM security, software supply chain security

NetRise launched NetRise Provenance on March 24 at RSAC 2026, a new product that adds contributor-level visibility to software supply chain analysis. Where most supply chain tools stop at identifying components and ...

The Hidden Security Risks in Open-Source Dependencies Nobody Talks About

Oluwakorede Akinsete | March 19, 2026 | Application Security, Dependency Management, DevSecOps, Open Source Security, software supply chain, Vulnerabilities

Open-source dependencies introduce hidden risks, from transitive vulnerabilities to supply chain attacks. Learn how to reduce exposure ...

Security Boulevard

The Evolution of OSS Index in the Age of AI

Mitchell Johnson | March 3, 2026 | AI, Artificial Intelligence, dependencies, Development, open source, Open Source Security, oss index, Sonatype Guide

In the past 12 months, enterprise software development has changed faster than at any other point in our lifetime ...

2024 Sonatype Blog

Google Big Sleep AI LLM security vulnerability

The Myth of Linux Invincibility: Why Automated Patch Management is Key to Securing the Open Source Enterprise

Deepak Kumar | January 8, 2026 | Linux, linux security, Open Source Security, patch management, Vulnerability Management

Users and developers have hailed Linux as the operating system that “just works,” celebrating it for decades as a symbol of open source strength, speed, and security. Linux’s architecture and permissions model ...

Security Boulevard

PhantomRaven: npm Malware Evolves Again

Sonatype Security Research Team | October 31, 2025 | malicious code npm, Malware, Open Source Security, open-source malware

Published 3:00 p.m. ET on October 31, 2025; last updated 5:00 p.m. ET on October 31, 2025 This week, an open source malware campaign dubbed ‘PhantomRaven’ has run rampant, flooding the npm ...

2024 Sonatype Blog

Ultimate Guide to Open Source Security: Risks, Attacks & Defenses

Tiffany Jennings | October 28, 2025 | Application Security, Open Source Security

Explore top risks and proven open source security strategies ...

Mend

Open Source Security

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On