This page collects WhisperX intelligence signals tagged #open-source security. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
The AxonOps go-audit library, a security-critical tool designed for regulated environments, currently operates without a formal vulnerability disclosure policy. This significant gap leaves security researchers with no documented, responsible channel to report potential security flaws, creating a blind spot for users wh...
A critical supply-chain attack has compromised the widely used Axios HTTP client library on the NPM registry, with malicious versions deploying a remote access trojan (RAT). This incident represents a direct infiltration of a foundational JavaScript package, posing an immediate and severe risk to countless applications...
AI recruiting startup Mercor has confirmed a security breach after an extortion-focused hacking group claimed responsibility for stealing data from the company's internal systems. The incident is directly tied to the compromise of the open-source LiteLLM project, a widely used library for unifying large language model ...
Security researchers have disclosed a critical remote code execution vulnerability in FreeBSD that remained unpatched for 21 years before disclosure. The flaw, tracked as CVE-2026-42511, affects multiple versions of the open-source operating system and could allow unauthenticated attackers to execute arbitrary code rem...
Microsoft has initiated an investigation into a compromised Python package uploaded to the Python Package Index (PyPI) under the Mistral AI branding. Security researchers have confirmed the malicious package, identified as version 2.4.6, is connected to the broader Mini Shai-Hulud supply chain campaign, highlighting th...