Open Source

This tag covers the security and sustainability of the open-source software (OSS) ecosystem. It tracks the vulnerabilities, maintenance challenges, and supply-chain risks inherent in the code that powers the modern world. From core library audits to the "long-tail" risks of legacy code in community-maintained projects, this category focuses on the transparency and collective defense of open software.

Minimalist vector of a white Python-style symbol on a slate background, broken by a red chain link with cyan and white data pixels falling, symbolizing a breach.

Cyber Attacks

PyPI Package with 1.1M Monthly Downloads Hacked to Push Infostealer

A popular PyPI-hosted Python package, which pulls over 1.1 million downloads per month, has been hijacked by attackers who pushed a malicious update that silently installs the Windows-based W4SP infostealer on developer workstations. The malware harvests credentials, browser cookies, and Discord tokens, marking one of the largest supply chain

Minimalist white art on crimson showing a ladder with a dot at the base ascending into a solid circle, representing local privilege escalation from user to root.

Vulnerabilities

Pack2TheRoot (CVE-2026-41651): Cross-Distro Linux LPE in PackageKit

A 12-year-old TOCTOU bug in the Linux PackageKit daemon, now dubbed Pack2TheRoot (CVE-2026-41651), allows local users to silently install system packages and escalate to full root on many default-install Linux desktops and servers. BONN, GERMANY — Security researchers from Deutsche Telekom’s Red Team have disclosed a high-severity local privilege escalation