TeamPCP Trivy Compromise: European Commission AWS Breach Confirmed
CERT-EU confirms EC cloud breach via Trivy scanner. OpenClaw: 250K stars, 135K exposed. Sonatype: 454K malicious packages. 65% of CVEs have no severity score.
Can Artuc
The Field Is Optional. The Death Threats Were Not.
Fraudulent takeout orders. Mormon missionaries at the door. A Social Security number posted on an imageboard.
North Korea Hit Axios npm While TeamPCP Burned 1,000 Environments
North Korea's UNC1069 hit Axios npm (183M downloads) while TeamPCP compromised 1,000+ SaaS environments and Lapsus$ claimed 4TB from Mercor AI.
12.5 Million Downloads a Month. She's Never Seen Her Code on a Screen.
A visually impaired developer in Copenhagen maintains pypandoc, a top 1% Python package with 12.5M monthly downloads used by Adobe, Google, and Microsoft
95 Million Downloads. Poisoned by Its Own Security Scanner.
You never installed LiteLLM. CrewAI did. For 5 hours on March 24, every Python process on your machine was stealing your AWS keys, SSH credentials, and Kubernetes tokens.
Open Source & Linux Weekly - W13_2026
X11 died without a funeral. Canonical bets on post-quantum crypto and Rust. TeamPCP hacks four supply chain targets in ten days. Weekly OSS & Linux roundup.
Mozilla. WordPress. Now Manjaro. Open Source Keeps Dying the Same Way.
He fired the only person watching the money. Made himself treasurer. 2 years later, his own 50/50 business partner signed a public manifesto against him.
Every Line Looked Clean. The Malware Was Hiding in Characters No Editor on Earth Can Render.
You could stare at the infected file for hours and see nothing. The attack hit 200 Python repos, 151 JS/TS repos, 72 VS Code extensions, and 10 npm packages. A researcher traced 50 blockchain transactions spanning three months. Nobody noticed.
A Child Safety Nonprofit Filed Taxes as a Lemonade Stand. Then It Wrote Laws in 20 States.
86 lobbyists. 45 states. $2B in nonprofit grants. One company in the USA. A GitHub researcher pulled IRS filings, WHOIS records, and Senate disclosures.
27 Years, 50 Releases, 1 Breakup: How GNOME 50 Just Changed the Way Your Desktop Works
GNOME and X11 were together for 27 years and 50 releases. GNOME 50 Tokyo ended the relationship. Ubuntu and Fedora ship it next month. Here is who gets hurt.