A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues in using self-hosted code platforms from small maintainers.
The hole is a critical argument injection vulnerability, discovered by a researcher at Rapid7, that allows any authenticated user to remotely execute code on a Gogs server by creating a pull request with a malicious branch name during a merge operation.
Rapid7 published an analysis of the vulnerability today, after the maintainer of Gogs did not respond to a request for status updates or to an offer to defer disclosure after it first reported the hole over two months ago.
“This is a serious vulnerability in software that isn’t commonly exposed to the public internet,” Ryan Emmons, staff security researcher at Rapid7, said in an email.
“Gogs is typically used in an internal capacity; the most likely threat mode
Open source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But open source code is notoriously rife with vulnerabilities, and identifying and patching those bugs can be an endless battle for security teams.
IBM and Red Hat are betting that a new initiative, Project Lightwell, can help accelerate this process.
Announced today, the project will commit $5 billion and 20,000 IBM and Red Hat engineers to build a new ‘enterprise clearinghouse’ to accelerate discovery and remediation of vulnerabilities in open source software. The companies say the clearinghouse will serve as an AI-powered “security coordination layer,” giving enterprises the ability to integrate patches directly into their existing software supply chains.
Now in the design phase with a group of 11 financial partners, Project Lightwell will eventually be offered as a commercial subscription.
“The advancement in AI tools has broken the
Europe's embrace of open-source tech could redefine its competitive edge, fostering transparency and innovation while attracting new investments.
The post Vitalik Buterin advocates for open source as Europe’s tech advantage appeared first on Crypto Briefing.
Europe's embrace of open-source tech could redefine its competitive edge, fostering transparency and innovation while attracting new investments.
The post Vitalik Buterin advocates for open source as Europe’s tech advantage appeared first on Crypto Briefing.
Aztec Labs has acquired ZKPassport but will keep the privacy-focused passport-scanning app fully open source. Aztec Labs has acquired ZKPassport but will keep the privacy-focused passport-scanning app fully open source. The deal preserves the iOS NFC scanner and Noir circuits.…
SAN FRANCISCO, May 27, 2026 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the launch of the DNS-AID project, an open source project […]
The post Linux Foundation Announces DNS-AID Project to Advance Decentralized AI Agent Discovery appeared first on AIwire.
Google has introduced Agent Executor, an open source runtime aimed at helping enterprises run AI agents more reliably at scale, as attention shifts from building agent prototypes to managing the operational challenges of putting them into production.
To address those production-related challenges, the runtime, according to the company, comes with capabilities that are geared towards supporting long-running and distributed agent workflows.
Typically, long-running agent workflows are AI-driven tasks that execute over extended periods, from minutes to days, often involving multiple steps, system interactions, pauses for human input, or recovery from interruptions before reaching completion.
For such workloads, the runtime includes support for durable execution, allowing workflows to resume after outages or human approvals, along with secure sandboxing for isolating agent components, session consistency controls for distributed workflows, and connection recovery features intended to preser
Google has introduced Agent Executor, an open source runtime aimed at helping enterprises run AI agents more reliably at scale, as attention shifts from building agent prototypes to managing the operational challenges of putting them into production.
To address those production-related challenges, the runtime, according to the company, comes with capabilities that are geared towards supporting long-running and distributed agent workflows.
Typically, long-running agent workflows are AI-driven tasks that execute over extended periods, from minutes to days, often involving multiple steps, system interactions, pauses for human input, or recovery from interruptions before reaching completion.
For such workloads, the runtime includes support for durable execution, allowing workflows to resume after outages or human approvals, along with secure sandboxing for isolating agent components, session consistency controls for distributed workflows, and connection recovery features intended to preser
