The “Mini Shai-Hulud” attack chained a GitHub Actions workflow misconfiguration, cache poisoning, and OIDC token extraction to publish malicious packages through legitimate CI/CD pipelines.
With Altered State arriving June 12 via Season of Mist, Tokyo death metal veterans Defiled are once again pushing the boundaries of extreme music. Rather than following the established rules of death metal, the band’s ninth studio album explores overlooked corners of the genre, blending old-school brutality with progressive rhythms, crossover thrash influences, and unconventional […]
The post…
By Nigel Douglas
By now a bunch of people in the OpenSSF community might already be aware of the Malicious Packages repository, but are you using it as part of your day-to-day software supply chain security?
The OpenSSF Malicious Packages repo is the first open source system for collecting and publishing cross-ecosystem reports of malicious packages – such as dependency and manifest…
Swedish modern metal outfit Self Deception are celebrating the release of their new album, One Of Us, out today (15) via Napalm Records, by teaming up with Metal Insider to highlight some of their favorite modern metal acts. Known for blending explosive modern metal, electronic textures, and massive hooks, the band is ready to move […]
The post Self Deception share 8 favorite modern metal acts…
New developers require a single, framework-independent resource to establish a baseline in secure coding practices.
Python is one of the most widely adopted programming languages in the world, powering everything from web applications and data pipelines to AI/ML systems and cloud infrastructure.
By Helen Woeste
**AIxCC Competition Background & Results: **
In 2023, DARPA announced a two-year long competition called the Artificial Intelligence Cyber Challenge (AIxCC) with the goal to safeguard open source software used in critical infrastructure throughout America. The intent is to hasten the development of open source AI tooling that can assist developers with finding and fixing bugs…
In the world of open source, trust is our most valuable currency. ONAP is a “collection of individual, semi-standalone network automation functions that provide design, orchestration, observability, and automation of network and edge services for operators, cloud providers, and enterprises” (per ONAP).
This post was contributed by Mordecai Etukudo and Bart Massey of Rust-Edu. As Rust-Edu is a community-led effort committed to supporting Rust education in the academic environment, the Rust Foundation…
By Devashri Datta, Independent Researcher, Software Supply Chain Security
Third-party notices (TPNs) are documents distributed to users that list open source third-party software components included in the product and key licensing information. Every time you buy a TV or router, you’ve probably seen them. Yet TPNs were never designed for the complexity, scale, and velocity of today’s software…
By Jonas Rosland
Security teams in 2026 have no shortage of data, alerts, or findings. In 2025 alone, 48,185 Common Vulnerabilities and Exposures (CVEs) were published, a 20.6% increase over 2024’s already record-breaking total of 39,962. That works out to roughly 130 new vulnerabilities disclosed every single day, and for seven consecutive years, the annual count has hit a new record high.
The…
By Tracy Ragan
Over the past decade, the IT community has made significant progress in improving pre-deployment vulnerability detection. Static analysis, Software Composition Analysis (SCA), container scanning, and dependency analysis are now standard components of modern CI/CD pipelines. These tools help developers identify vulnerable libraries and insecure code before software is…
Via Doloris, the solo-driven project of former Satyricon guitarist Gildas Le Pappe, has unveiled the debut album, Guerre et Paix, this past Friday (20th) via Season of Mist. The record takes a more atmospheric, melodic approach than the standard genre placement, featuring drummer Frost (Satyricon, 1349). To dive deeper into the album’s vision, Metal Insider […]
The post Via Doloris break down…
Vegas heavy outfit Annelida continue their momentum with the release of their new EP, Unencumbered, a strong follow-up to their 2024 record Garage Honey & The Bar Fly Mutiny. To celebrate the release, the group has teamed up with Metal Insider to reveal five heavy bands that helped shape the direction and energy behind their […]
The post Annelida highlight 5 influences behind new EP…
_Cross-post originally published on the Kusari Blog_
Open source software powers the modern world; securing it remains a shared responsibility.
The software supply chain is becoming more complex and more exposed with every release. Modern applications rely on vast ecosystems of open source components, dependencies, and increasingly AI-generated code. While this accelerates innovation, it also…
Open Source SecurityCon (evolved from Cloud Native SecurityCon) returns for its second event, co-located with KubeCon + CloudNativeCon Europe 2026. The conference advances innovation and collaboration across open source software security and cloud native security. It brings together creators, maintainers, operators, and consumers who are actively involved in securing the software ecosystem.
Swedish hard rock trio The Gems have unveiled their sophomore album, Year Of The Snake, today (13th) via Napalm Records. To celebrate the release, the band has teamed up with Metal Insider to break down the record with a track-by-track guide. WALLS Is about tearing down walls and take a step in to a new […]
The post Track-by-track: The Gems break down new album ‘Year Of The Snake’ first appeared…
Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.”
By Eddie Knight, Hannah Braswell, and Jenn Power
Software development has reached a point where traditional Governance, Risk, and Compliance (GRC) can no longer keep up. Compliance activities often exist only as a separate administrative layer, making it difficult for organizations to prove that security measures are in place long after the work is complete.
To tackle this problem head on, the…
UK death metal outfit Unburier released their new EP, As Time Awaits, on February 27, 2026. The band has teamed up with Metal Insider to give a track-by-track breakdown of the release. As Time Awaits marks a new chapter for our band. We have pushed our sound further than ever before while staying true to […]
The post Unburier break down new EP As Time Awaits in track-by-track guide first…
Over the past few years, the free and open source (FOSS) community has engaged deeply with the CRA, highlighting its significance and potential impact.
Space of Variations’ Dmytro Kozhukhar breaks down new album ‘Poisoned Art’ with track-by-track guide
Ukrainian metalcore outfit Space of Variations return with their new album, Poisoned Art, out now via Napalm Records (order here). Blending crushing heavy beats with raw emotional intensity, the band has delivered what is promised to be their most intense work to date. To give a deeper look inside the record, frontman Dmytro Kozhukhar has […]
The post Space of Variations’ Dmytro Kozhukhar breaks…
Portland, Oregon dark rockers Hoaxed have unveiled their sophomore full-length album, Death Knocks, out now via Relapse Records (order here). Marking a new chapter for the band, featuring Kat Keo, Kim Coffel, and new bassist/vocalist April Dimmick, the record arrives after three years of writing, touring, and refining their sound into something darker. To celebrate […]
The post Inside Death…
Italian blackened post-punk outfit Ponte Del Diavolo continue to evolve their dark, ritualistic sound with the arrival of their sophomore album, De Venom Natura. Emerging from Turin’s underground, the band has crafted a unique identity defined by their dual-bass attack, drawing on influences from doom, black metal, and post-punk. Now that the new record explores […]
The post Ponte del Diavolo’s…
OpenSSF’s new Compiler Annotations for C and C++ guide helps developers use compiler-specific annotations to communicate code intent to the compiler, improve diagnostics, improve optimizations, and provide stronger security and correctness guarantees.
Page 1