Online source code repository SourceForge has apparently started taking over inactive accounts for popular software, and adding bundle-ware installers to the software packages.
Github repositories of many entities, projects, and even one government could have been compromised and used to deliver malicious code due to the owners' use of easily crackable SSH keys.
If you're a Windows user and you're connecting securely to remote machines, you've probably heard about WinSCP.
Netflix has open sourced FIDO (Fully Integrated Defense Operation), a system for automatically analyzing security events and responding to security incidents that the company has been successfully using for over 4 years.
A bug in an older version of AFNetworking, an open source library widely used for adding networking capabilities to iOS and OS X apps, can allow attackers to intercept and decrypt HTTPS traffic between apps and servers, effectively revealing all the sensitive information exchanged, such as passwords, bank account information, and so on.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.