The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not…

The program comes as the tech industry races to secure software before similar AI-powered offensive capabilities become too much for defenders to handle.

Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims.

Attackers can exploit the defect in the widely deployed pac4j with relative ease, but researchers haven’t observed active exploitation in the wild.

Tom Cotton, R-Okla., cited Chinese and Russian involvement in open-source tech and the risks to government and defense systems.

A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.

The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.

Self-replicating malware has infected almost 500 open-source packages, exposing more than 26,000 GitHub repositories in less than 24 hours.

Malicious hackers have been attacking the development environment of an open-source AI framework, twisting its functions into a global cryptojacking bot for profit, according to researchers at…

The model, currently in beta mode, is designed to automatically scan, analyze and patch vulnerabilities in private and open-source code bases.