A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack.

A growing body of academic research warns that AI-assisted “vibe coding,” where language models assemble software from open-source components with minimal human oversight, is creating hidden costs for the projects it depends on.

While Cisco breaches often center around hardware and legacy vulnerabilities, a 2024 attack saw an actor download certain files from a developer-facing environment belonging to Cisco. Source code, API tokens, certificates, and internal documents were swiped in the breach, affecting a limited set of CX Professional Services.

The open source software that the vast majority of organizations include in their critical applications is vulnerable to exploitation from threat actors taking part in its creation. That's the message from security professionals who point to the nature of ...