Google is rolling out new privacy controls for Search services and Google Play, giving you more control over saved history and personalized recommendations. [...]
An epidemic of cyberattacks on open-source software has mounted in recent months, making clear how uniquely difficult it is to protect the publicly available code, from both a policy and a technical perspective, that serves as the foundation for so much of the digital world.
While open-source software security got a boost in attention under President Joe Biden — whose administration grappled with the fallout from the potentially catastrophic Log4j flaw that emerged in 2021 — a number of open-source experts say that government protection efforts have suffered setbacks under President Donald Trump. Many also say companies that heavily rely on open-source software, which is basically all of them, haven’t shouldered enough of the responsibility for safeguarding it.
“What we’re seeing is years of lack of investment sustainment in open-source software that is finally starting to catch up to us, where it seems like every week there’s a new supply chain compromise,” said Jack Cable, who held a role at the Cybersecurity and Infrastructure Security Agency where he worked on open-source security before departing under Trump.
The advancements of frontier artificial intelligence models stand to exacerbate the risk further, while simultaneously illustrating what makes defending open source difficult: Project Glasswing said shortly after its announcement that it had uncovered 6,202 high- or critical-severity vulnerabilities in a scan of more than 1,000 open-source projects, but that it had disclosed only 502 of them to open-source project maintainers and only 75 had been patched as of May 22 (albeit some due to typical patching lagtimes).
At the same time, there are questions about how much the government can help, even as overseas governments seek to focus on open-source security.
The evolution of open-source risk
There are a series of factors contributing to the current threat to open-source software, experts say.
One is simply that attackers go to the area where they can get the highest return on their work. Compromising open-source software gives them the chance to get into the supply chain and exploit additional targets.
“Twenty years ago, open source was still fairly niche,” said Æva Black, who also worked on open-source security at CISA but left when Trump came back into power. “The potential blast radius if you managed to compromise open source was relatively small, because back then the world didn’t run on open source. Now almost everything runs on open source,” she said, from modern cars to satellites.
Another part is the nature of open-source software itself.
“It’s a symptom [of having] lots of open source [that] is a little bit under-maintained or not cared for enough, so that we spend too little effort and money and infrastructure on them,” said Daniel Stenberg, who is the creator and maintainer of cURL, a popular open-source project. “Lots of open source is being maintained by small teams, lots of volunteers, and I think that that’s a tough situation.”
That doesn’t mean the maintainers are to blame, Stenberg said. The companies that rely on open-source need to be diligent about using it, Black said.
“What we’re seeing in that realm right now is not new; it is more advanced and far more widespread,” she said. “The problem remains that companies who use open source — because open source is by far the most efficient way to collaborate on non-product value features — most companies are not implementing a responsible and safe utilization pathway.”
Open-source projects lack a systematic way to handle coordinated vulnerability disclosures, unlike companies or industry groups with formal processes, said Dan Lorenc, CEO and co-founder of Chainguard. Project maintainers sometimes aren’t reachable, and those who are available are flooded with reports, many of them unverified findings from AI tools that waste their time without adding value..
Of course, some of those vulnerability reports turn out to be legitimate. “Mythos and AI models have contributed to an uptick in the number of vulnerabilities and things that we’re able to find” in open-source software, said Alex Zenla, chief technology officer for the cybersecurity company Edera.
All of that leaves more room for companies, non-profits and world governments to improve open-source security.
A moment of momentum
While open-source software security isn’t a new issue, the 2021 discovery of the Log4j flaw sounded alarms within the cybersecurity community. Jen Easterly, then the director of CISA, called it “one of the most serious I’ve seen in my entire career, if not the most serious,” with the potential to affect hundreds of millions of devices given the ubiquitous nature of the popular open-source logging library.
A year later, the Cyber Safety Review Board released its report on the incident, concluding that swift action from industry and government averted a disaster. But the incident “called attention to security risks unique to the thinly-resourced, volunteer-based open source community,” it wrote. “This community is not adequately resourced to ensure that code is developed pursuant to industry-recognized secure coding practices and audited by experts.”
The U.S. government actions after included some steps focused specifically on open-source software such as creation of the Open-Source Software Security Initiative and hires of well-regarded open-source security experts at CISA such as Black, but also some steps that could be applied more generally and still help with open-source security, such as greater promotion of secure-by-design, memory-safe languages and software bills of materials (SBOMs).
Some of the Biden administration work on open-source security started before Log4j, such as provisions from an executive order he issued in 2021 that directed CISA along with the Office of Management and Budget and General Services Administration to issue guidance to agencies.
The administration’s 2023 cybersecurity strategy also stepped into the long, thorny discussions over software liability, with a mention of open-source security: “Responsibility must be placed on the stakeholders most capable of taking action to prevent bad outcomes, not on the end-users that often bear the consequences of insecure software nor on the open-source developer of a component that is integrated into a commercial product.“ The Biden administration always indicated that addressing software liability would take a prolonged battle ahead.
Under Trump, many of the Biden administration’s efforts have languished. CISA’s splashy hires on open-source are gone, including Black, Tim Pepper and Anjana Rajan. Also departed are leading figures on secure-by-design and SBOMs, with CISA personnel cutbacks slicing deep.
No one has seen any sign that the national cyber director-led Open-Source Software Security Initiative is active, with few participants remaining in government today. The Trump administration cyber strategy doesn’t mention open-source.
“The loss of open-source experts at CISA “is unfortunate, and it will be hard for the government to try to rebuild capacity, but I do think now more than ever CISA has a core role to play to secure open source software,” Cable said.
The pressure is mounting
It’s not that the issue is getting zero attention from those in a position to make a difference. Nick Andersen, the acting director of CISA, said last month that open-source security was an area of particular concern for him.
Andersen responded to concerns about CISA staffing levels on open-source security and spoke more broadly on the topic in a statement to CyberScoop.
“As artificial intelligence and other technologies have the power to transform how vulnerabilities are discovered and exploited, CISA recognizes that the open source software (OSS) that underpins much of the nation’s critical infrastructure will need to be hardened,” he said. “CISA actively collaborates with our partners on shared priorities, including OSS security, to ensure time and resources are spent where they matter the most. We have an immensely talented team, but are also accelerating our hiring in critical areas, to strengthen the nation’s defenses against cyber threats.”
The Office of the National Cyber Director did not respond to requests for comment.
There’s been some activity on Capitol Hill, too. The Securing Open Source Software Act, which Cable worked on during a stint as a Senate staffer, would direct CISA and other agencies to take actions to mitigate open-source software security risks, but the legislation has stalled since its introduction in 2022. A portion of the bill, however, was included in the Department of Homeland Security funding law Trump signed in April, directing CISA to brief Congress on the value of establishing something like an open source program office, which some companies use to manage open source within a given firm.
Senate Intelligence Committee Chairman Tom Cotton, R-Ark., has pushed the executive branch to improve its awareness of foreign adversaries playing roles in open-source software used by national security-focused agencies.
The annual defense policy bill in the House calls on the Defense Department’s chief information officer to report to Congress on a plan to secure open-source software supply chains, saying lawmakers are “concerned that the Department lacks sufficient visibility into the origins, maintenance, and security of OSS applications and software dependencies.”
That defense authorization bill language is “really beneficial, and I think it signals acknowledgement of this changing of culture” around open-source security risks, said Hayden Smith, founder of HuntedLabs, whose company won a contract with the Space Development Agency on supply chain security — agency work that the defense bill singled out.
“The report language is the first time the Hill is trying to get a true handle on foreign influence in open source code where they have oversight,” he said, saying it was a “piece of the puzzle” along with Cotton’s letter and a memo from Secretary of Defense Pete Hegseth last year about foreign influence in the Pentagon supply chain. “It’s good and would trickle down into everyone who provides software to the department.”
Zenla, though, believes trying to isolate China from open-source systems isn’t in and of itself a good idea.
“I don’t think that that makes a lot of sense, because they’re actually pretty good things that people contribute to open source,” she said. “Not everyone is malicious, and what are we going to do, spy on every single open source maintainer?” It’s more about doing things like making sure that highly-classified systems are set up in a separate way, she said.
Europe is also taking action to secure open-source software that the United States doesn’t seem ready or willing to do right now. Germany, for instance, devotes grants to the security of open-source projects, although Stenberg pointed out that sometimes money doesn’t equate to maintainers being able to fix flaws more quickly, depending on the project’s size.
The Cyber Resilience Act (CRA) adopted by the Council of the European Union in 2024 could offer another road on open-source security. The CRA requires those who use open-source software products as part of any commercial activity to take certain security measures.
Black said that when she was at CISA, there were discussions between the agency and European counterparts about finding compatible ideas on open-source security, but that momentum died with the Trump administration.
But “Europe kept rolling, and now has in place a new legal framework that is set to really reshape open-source security for potentially the whole world, but certainly for anyone who wants to work with Europe on open source,” she said.
Lorenc recently wrote that “open source isn’t governable.” He said an organization like a neutral nonprofit, possibly using some government funding, should take responsibility for things like coordinating vulnerability disclosure into one pipeline. He also said there needs to be one authority in charge of “forking” — that is, taking a project and assigning stewardship elsewhere — when a maintainer isn’t responsive to vulnerabilities.
There are differing opinions on how much past government warnings, advisories and guidance have helped. Smith gave some credit to government agencies that “have all responded to open source attacks using the means they have.”
Stenberg said that “I don’t think they make any big dent at all in the big scheme of things.” They might get some attention initially, “then two years later we all forgot about them, and they actually didn’t change much.”
Ideally, everyone could get on the same page, Zenla said. “The best way to do this is if people actually collaborated on a global scale on some sort of regulation around this, but that seems nearly impossible at the current moment,” she said. (The United Nations’ Open Source Week runs all this week.)
But if there’s an upside to the spate of attacks on open-source software, it’s the energy it gives to how better to secure it, Lorenc said, invoking the political saying to never let a good crisis go to waste.
“Everyone knows the industry has to change,” he said. “This is a really good crisis, and the right things are happening in the right places, and organizations are rethinking their culture around software development, and they know what they have to do. It’s just something that’s never been top of the priority list for the last 10 years. Now it is, and they’re doing it, and it’s, ‘Can we do it fast enough?’”
Five years ago today we were told that Windows 11 was inbound as a free upgrade for all Windows 10 users — but there was no stampede to adopt it, that's for sure (and the hardware requirements certainly didn't help the cause).
It wasn't until July 2025 that Windows 11 overtook Windows 10 as the dominant version of Microsoft's desktop OS according to Statcounter's figures, but it now holds a comfortable majority of over 70% of that market. As it should do, considering Windows 10 ran out of support last October (and only has a few months of extended support left).
However, putting aside the sluggish pace of adoption and the various problems that have plagued Windows 11 through the years (all the bugs and some notably missing features in the main), I think there's now cause for optimism for the future of Microsoft's operating system.
So, let me share my thoughts and reflect on what has been a half-decade of Windows 11, and tell you why I'm way more positive about the OS than I was last year — and why I think that Microsoft is finally on track (with, of course, some inevitable caveats).
The great fix-athon
(Image credit: Alex Photo Stock / Shutterstock)
Most of my hopefulness about where Windows 11 is heading comes, of course, from the big campaign Microsoft kicked off in March 2026 to fix Windows 11. Since that announcement — which I would say is the biggest statement to have been made since the OS was first announced in 2021 — Microsoft has very much proven that it intends to tackle all sorts of shortcomings and pain points with the OS.
In fact, Microsoft has hit many wish-list features that I never expected would come to Windows 11, and the extent of the crowd-pleasing measures so far is heartening. These are features that are actually being delivered already, too, they're not just promises.
Furthermore, Microsoft appears to be listening to feedback and requests more closely, and generally engaging more with the community online. There's even a new initiative consisting of a research panel where Microsoft will consult testers directly on how to change aspects of Windows 11.
This genuinely feels like a fresh direction for Microsoft, and a serious commitment to change Windows 11 for the better based on what the users themselves actually want.
A more thoughtful, cautious approach
(Image credit: Shutterstock)
The other key driver for optimism with Windows 11 is the way in which Microsoft is taking more care over how the operating system is developed and coded.
Not so long ago, matters were less organized and more chaotic. Cast your mind back to the introduction of Qualcomm's Snapdragon X (Arm-based) chips in Copilot+ PCs back in 2024, alongside which Microsoft brought in a new underlying platform for Windows 11 (complete with the tinkering required to support that Arm silicon). While nothing was ever officially admitted, this is a move that I believe could have at least contributed to the mess that was the 24H2 update, which was laden with a ton of (sometimes very annoying) bugs.
Whatever the case in terms of how those glitches came to be, things have changed a lot since then. Microsoft is now being a lot more cautious with its Arm and x86 strategy — Windows 11 is split into two development paths, with the 26H1 update for Arm devices, and the 26H2 update for traditional x86 PCs — and the company has switched to use a fresh approach for these annual updates.
Instead of big annual updates — the last of which was the problematic 24H2 — Microsoft is now deploying small 'enablement packages', essentially very minor bumps to a new version of Windows 11. The actual features, the meat of Windows 11 changes, are pushed out in monthly updates as and when they're ready — in sometimes quite tightly controlled, carefully paced rollouts. This more gradual drip-feed of features is a more reliable method of deployment compared to dropping a lot of stuff all at once.
In short, Microsoft has learned its lesson from the nightmarish 24H2 release, which suffered from far too many bugs, to take on a fresh new way of operating. True, there will still need to be big updates at times, when the underlying codebase of Windows 11 has to be changed (quite possibly with 27H2). But it looks like Microsoft wants to mainly stick to compact, easily applied annual updates in the main, with features pushed out elsewhere in general.
Optimism abounds — with a notable catch
(Image credit: MAYA LAB / Shutterstock)
Between the ardent push to fix Windows 11 and the better thought-out deployment of features and updates, Microsoft has come a long way, but as I mentioned before, there are caveats here.
It's worth mentioning that while the new system of continual feature deployments, rather than weighty annual feature drops, is commendable (in my opinion), the controlled rollouts of these various features have come in for some criticism. Mainly because they are so cautious in some cases that something like the Start menu revamp (the one from last year, I should clarify, not the current work) took ages for some Windows 11 users to get, and those folks found that rather frustrating.
Part of that caution is likely down to Microsoft's paranoia around bugs, and sadly, the truth is that there are still too many bugs in Windows 11, and some of them are disappointingly weird. And by disappointing, I mean odd things that just shouldn't be happening.
I only need glance back to last weekend for one such example where there was a glitch with the Recycle Bin whereby the delete confirmation dialog (when junking a file from the bin) showed the internal file name instead of the proper name. While this only applied to the dialog box — so it was hardly an important or dangerous glitch — it was confusing some people, and more to the point, this sort of thing shouldn't be happening in the release version of an operating system.
One thing I've called for in the past is a commitment from Microsoft to confirm that it's addressing its quality assurance processes, and improving bug squashing, and this is a notably missing part of the fix Windows 11 campaign. A vital part, in fact, I'd argue, for better stability going forward which is one of the big overarching goals (alongside better performance, and those crowd-pleasing feature additions).
Still, all in all, I've got to underline that right now, I'm as optimistic about Windows 11 as I've ever been. If Microsoft can tackle the bug blot on the OS landscape, and keep on listening to users — and its new research panel of testers from the community — Windows 11 could be in great shape come next year.
In 2026 it can feel a little like VR’s moment has passed.
Meta’s layoffs to kick off the year felt like a major downer for the industry at large — especially as it has been the champion of this space for years now — and it certainly seems that smart glasses like the Meta Ray-Bans but also Snap Specs, Android XR glasses, and more that have debuted this year are stealing the XR spotlight.
But VR is far from dead. Sure it might not be seeing the growth it once saw but sa a gaming and entertainment machine that tech is only getting better each day.
Plus with some Meta Quest 3S deals at Amazon Prime Day you can save big on the best affordable VR hardware out there.
The Meta Quest 3S is an incredible, cheap VR headset, but let's just ignore the fact that this deal just undoes the recent price hikes caused by the RAM crisis.View Deal
If you want a VR headset and are on a budget you can't do better than the Meta Quest 3S. Is this Prime Day deal really a deal? Not really, but that doesn't stop the headset being incredible value for money.View Deal
This headset is technically as capable as a Meta Quest 3, meaning the 3S can handle whatever software the Quest ecosystem might want to throw at it — and that’s a broad list.
There’s plenty of VR games to jump into including Marvel’s Deadpool, Batman:Arkham Shadow, Walkabout Minigolf, and Beat Saber to name just a few. Plus there are fitness apps — which when combined with a silicone facial interface turn your headset into an actually enjoyable home gym — and a growing collection of streaming services which turn your headset into a private home theatre, you can even kick back in bed and enjoy watching the screen as if it were affixed to your ceiling.
With game console price hikes making gaming pricier than ever, it’s worth noting your headset can double as an Xbox too — again complete with a giant display. You’ll just need a Game Pass subscription and Xbox controller.
In the US a bonus Quest deal will get you a free month of Xbox Game Pass, while the UK version nets you 20%-off code for an Xbox controller and one month of Game Pass Ultimate after the purchase of a 3S headset.
Price up, prices down
(Image credit: Meta)
The slight elephant in the room we should address with these Prime Day ‘deals’ is they unfortunately aren’t really deals in the truest sense.
Thanks to the RAM crisis the Meta Quest 3 series headsets saw a price hike. The 128GB model Meta Quest 3S went up to $349.99 / £319.99 / AU$569, while the price of the 256GB edition rose to $449.99 / £409.99 / AU$729. The 512GB Meta Quest 3now sets you back $599.99 / £549.99 / AU$969.
These Prime Day deals generally just revert the headset to its pre-hike price. You’ll see a roughly $53 saving, but in actuality it’s closer to $3.
That said, as some pointed out even after the hike, the Quest 3S represents incredible value for money. So sure this discount isn’t as great as it was a year ago before the base cost rose, but the Quest 3S at its original asking price is one of the best deals in tech, so definitely consider grabbing one while the discount is around.
With the RAM crisis and shipping troubles looking set to persist I wouldn’t be surprised if prices rise further, and Black Friday deals might struggle to match even those we have today. Not just for the Meta Quest 3S, but any gadget.
The RayNeo Air 4 Pro smart glasses are easily the best budget smart specs you can buy if you’re after the ultimate portable entertainment gadget.
High-tech specs are all the rage, but there are different types in this broad category. You have the Ray-Ban Meta glasses, which offer audio-only AI assistance, the Snap Specs, which deliver AI and full-on AR, and then something like the RayNeo glasses, which act like your own private movie theatre.
You connect them to a compatible USB-C device, and your screen will be projected in front of you on a virtual 200-inch screen that only you can see.
This setup is perfect in so many scenarios. When I’m taking a flight I can watch Netflix on a giant display that’s better than any in-flight entertainment screen, I can lay back in bed with my Asus Rog Xbox Ally X display virtually projected onto my ceiling, and when I’m working on a story about an unannounced gadget I can rely on the specs to keep that info private with a display no one else can read.
If you don’t yet own a pair of smart glasses like this, you absolutely should. They’re a must-buy ahead of this year’s Summer travel season, and thanks to Amazon Prime Day there’s never been a better time to grab a pair.
Today's best RayNeo Air 4 Pro deals
Did I mention that the specs are only $295? For Prime Day, the standard edition specs are $239.20, saving you 20% at Amazon. That’s the best price these smart glasses have ever been, and the best bang for your buck a pair of smart specs has ever been. Meanwhile, in the UK, the RayNeo Air 4 Pro glasses will set you back just £248.99 at Amazon, a 34% drop from their usual £379 — again thanks to some Prime Day magic.
I never travel without my phone, passport or a pair of smart glasses like these because they're so excellent at keeping me entertained on long flights (provided my phone doesn't run out of battery first).View Deal
The RayNeo Air 4 Pro glasses were already incredible value for money, but they just got even better with a discount for Prime Day that knocks over a third off.View Deal
When tech prices have been on a sharp increase, it’s a breath of fresh air to see something as genuinely excellent as the RayNeo Air 4 Pros not only launch at a budget-friendly price, but then fall during Prime Day sales.
While the RayNeo Air 4 Pro glasses aren’t as unique as this category once was — I mean, we’re four generations in on just this product alone, plus all of its rivals from other brands — the tech stands alone because it’s so budget-friendly and yet incredibly capable.
The micro-OLED displays boast HDR10 support — and they were the first smart glasses of this type to do so. This means they boast an incredible range of color hues, with professional accuracy that will make your HDR10-supported content pop. Plus, as you expect from OLED screens, the contrast is solid, especially if you use a lens cover to block out external light.
As for audio, while headphones are a solid option if you want to keep what you’re listening to more private, RayNeo’s specs boast spatial audio tuned by experts Bang & Olufsen. They sound great, and a major step up from the earliest generations of smart specs, which were effectively unusable sonically unless you had a pair of Bluetooth cans.
Cloudflare on Monday said that it has joined with the three leading commercial browser makers to create a privacy-preserving protocol that websites can use to separate desirable web traffic from undesirable network requests. Cloudflare, along with Google Chrome, Microsoft Edge, and Mozilla Firefox, have committed to develop Private Access Control Tokens (PACTs), a way for websites to generate a digital token that asserts a given browsing session is being run by a human or bot with legitimate intent, as opposed to network requests from people or software deemed abusive or improper. PACTs will let websites "with strong knowledge of 'personhood'" issue anonymous tokens that browser users and designated bots can present at other websites, so that fewer identity checks are necessary. Think of PACTs as a shareable, privacy-preserving CAPTCHA test result, where the desirability of the web traffic is being tested rather than whether the visitor is a human or bot – an increasingly difficult distinction. While the technical details are still being hammered out and harmonized between related proposals, it isn't immediately clear what constitutes "strong knowledge of 'personhood'" in this context, particularly since "personhood" appears to extend to software that has been authorized to act on behalf of a legitimate person for an authorized purpose. It may be that the test criteria puts certain browsers, behaviors, or network signals at greater risk of being denied the dispensation of a PACT, though past technical discussion by developers from Google and Mozilla suggests that excluding certain hardware, platforms, or user-agents is not a goal. Dane Knecht, CTO of Cloudflare, argues that the way people interact with the web is changing and increasingly may involve autonomous agents. "As AI-powered traffic becomes widespread, existing tools to support its use are too generic and coarse," said Knecht in a statement. "Now this collaboration lets us eliminate the friction caused by security protocols for every visitor – whether they are human or agent – without sacrificing privacy." The claim "without sacrificing privacy" is a bit of an overstatement. PACT tokens, it appears, will not contain personal details. But they won't do anything to repair all the other ways browsers can facilitate digital fingerprinting and tracking. And if implemented poorly, they may introduce novel risks. Fundamentally, they divide the internet traffic into welcome and unwelcome traffic – something already widely done through firewalls and other technical measures but not easily reconciled with the notionally open web. "Mozilla is committed to defending openness and user privacy on the web," said Bobby Holley, CTO for Firefox at Mozilla, in a statement. "An avalanche of automated traffic is pushing sites to adopt blunt defenses – paywalls, identity checks, CAPTCHAs, and invasive tracking – simply to tell whether a request comes from a human." While Cloudflare touts the privacy benefits of PACTs, it's clear from the company's announcement that the technology is designed to "empower businesses to identify genuine visitors, ensuring they can focus their resources on the traffic that matters to them." Essentially, this is an anti-fraud initiative. Many website operators have complained about the burden of handling unwanted network traffic from disrespectful crawlers. PACTs may be the answer to their prayers. At the same time, they may also become an access barrier that demands negotiation with site publishers to have one's site visits or software deemed worthy of "personhood." ®
TeamPCP is on a rampage through open-source software.
In less than four months, the threat actor has compromised and injected malicious code into more than 1,000 software packages. The extraordinary spree has transformed how software developers and maintainers distribute and manage their code, as their dependencies and repositories have become one of the most effective and prevalent attack vectors this year.
While there has been a host of technical exploits, TeamPCP’s greatest attack has been the uprooting of trust — repeatedly proving that most organizations fail to verify the code they ingest into their systems is legitimate, abusing a nearly blind faith that much of the software development industry relies on to power today’s modern economy.
Starting with Trivy in February, TeamPCP’s attacks have shaken that trust many times over.
The scale of TeamPCP’s attacks lies partly in the automated systems companies use to deploy code, like CI/CD pipelines. It is also capitalizing on new security gaps created by developers’ increasing reliance on AI. Yet, with relatively low effort and unoriginal tactics, TeamPCP is wrecking open-source frameworks and underlying systems at levels the technology community has rarely reckoned with.
“Developers didn’t do a great job of analyzing the security of their open-source dependencies before but, now with AI, there’s in some cases virtually no human in the loop or any kind of sanity check on what these tools are doing,” Feross Aboukhadijeh, founder and CEO at Socket, told CyberScoop.
“You have agents installing packages that haven’t been vetted,” he said. “When an attacker gets in, the impact is even broader because there’s less checks and balances to stop it from affecting everybody.”
TeamPCP hasn’t identified a new problem or proved anything novel. The crux of these attacks hinge on a central theme — defensive vulnerabilities the entire software industry has known about for years. Researchers and developers know the open source trust model is broken and susceptible to sabotage. Yet, the software industry has not fixed this problem.
“The speed and scale of these attacks is what makes it most notable, not necessarily the methodology behind it, because at the core it is really about exploiting third-party trusts that we have,” said Kimberly Goody, senior manager at Google Threat Intelligence Group.
Software packages are typically subjected to intensive security monitoring to test for vulnerabilities and poisoned updates before they are released to live environments.
Yet, the real vulnerability highlighted by TeamPCP lies further up the chain of command with the organizations or individuals that publish these packages to the wider market, according to Nathaniel Quist, manager of cloud threat intelligence at Palo Alto Networks.
“It is their responsibility to secure their credentials and not provide a jump off point to trigger a supply-chain event,” he said. “Everything that interacts with or crosses through that zone must be highly monitored and controlled to ensure a compromise can be contained quickly and easily.”
TeamPCP’s motivation
TeamPCP, like any prolific cybercriminal, has captured significant attention from threat hunters since it emerged in late 2025. Google attributes the activity to one core operator.
The company said it traced TeamPCP’s residential and mobile IP address connections to South Africa, indicating the primary operator was located there during at least some of its attacks.
“We don’t believe that there’s an established core group, at least not yet, and that a lot of this has been conducted by an individual,” Goody said. Google declined to name the core operator or confirm it knows the person’s true identity.
Palo Alto Networks said the core manager of TeamPCP uses the “ResoluteXBF” handle on multiple platforms. The cybersecurity firm is also tracking two additional core members: “diencracked” and “Shinigami.”
If TeamPCP is primarily run by one person, law enforcement has a rare opportunity to make a lasting impact with a single arrest.
TeamPCP has collaborated with other cybercriminals, but most of those partnerships were short-lived and ended in a public feud or otherwise failed to get off the ground in any meaningful way, Goody said.
Researchers have linked TeamPCP to extortion crews, dark web forums and affiliates including Lapsus$, ShinyHunters, Vect, DragonForce, BreachForums and “HasanBroker.” TeamPCP listed about 4,000 private code repositories on a dark web forum with an asking price of $95,000.
The actions to date, including unpredictable behavior, indicate motivations beyond financial gain and a “clear desire for notoriety,” Goody said. “They seem to like to make chaos.”
Quist draws the same conclusion from his months-long investigation, noting that it encourages other cybercriminals to get in on the action, at one point offering financial rewards for the largest software supply-chain attack.
TeamPCP isn’t in the game for extortion payments, he said. “These actors are more interested in the underground street cred they are gaining” and “causing as much damage and mayhem as possible.”
Victims abound, but exposure limited
TeamPCP has been remarkably noisy, opportunistically injecting malware into open-source software for the purpose of stealing credentials for Kubernetes environments, Amazon Web Services, Microsoft Azure, Google Cloud and many other connected services.
The group’s claimed victim list is staggering: Checkmarx, Bitwarden, LiteLLM, Telnyx, Mercor AI, PyTorch Lightning, AntV, SAP, GitHub, TanStack, UiPath, MistralAI, Microsoft DurableTask, Red Hat and Nx Console.
The full collection of packages compromised or poisoned by TeamPCP to date accounts for roughly 500 million weekly downloads combined, according to Quist.
While the breadth of potential downstream compromise flowing from those downloads is substantial, many endpoints infected with those malware-riddled packages aren’t exposed to the internet and less susceptible to attack, he added.
“I don’t think there’s going to be a very extremely large number of victims,” Quist said. “There’s going to be a lot of people who potentially could be compromised and have potentially vulnerable packages in their environment, but that doesn’t necessarily mean they’re in an exploitable position.”
While these incidents have grabbed headlines, TeamPCP hasn’t accumulated payouts nearly as large as other cybercriminals. The broader reputational impact it has wrought, however, is massive.
TeamPCP has publicly claimed more than 10,000 victims and about $90,000 in extortions, according to Quist.
“They might not be making a lot of money, but they are causing a lot of impact,” Goody said. “Their campaigns have been very disruptive.”
How TeamPCP’s operating model targets development
TeamPCP’s victim list has grown as its hijacked open-source repositories on npm, PyPI, GitHub and other outsourced developer tools that are incorporated into upstream code running in production environments.
Developer laptops and other endpoints that are assigned to install, build and publish software widely contain keys and access to source code that create incredibly valuable supply-chain targets for attackers, Amitai Cohen, head of the attack vector intel team at Wiz, explained during a June presentation on TeamPCP at SleuthCon in Arlington, Va.
The group targets CI runners, which are automated systems that build, test, and publish code. TeamPCP injects malware into the code repositories these runners maintain. When other developers pull that code into their own systems, they unknowingly download the malware alongside it.
Some of these artifacts, including Python libraries, npm registries and GitHub Actions, are downloaded almost immediately by thousands or millions of developers who’ve set their runners up to consistently pull the latest version, according to Cohen. “We as a security industry have taught them that that is the right thing to do. You want to use the latest version because you want to be protected against vulnerabilities, and obviously you want to benefit from all the latest features.”
That instinct is exactly what TeamPCP exploits. By compromising one company’s CI/CD workflow, the group gains access to every downstream user who automatically pulls that infected code. “This is what allows [TeamPCP] to leverage initial access to some patient zero, some company that had a vulnerability in their CI/CD workflow, in order to gain access to their downstream users,” Cohen said. “That’s just how the software supply chain works. Everything has dependencies upon dependencies upon dependencies.”
Some of the packages compromised by TeamPCP were live for almost 13 hours, but security practitioners have responded by identifying code-injection attacks much quicker now, pulling some compromised repositories within 15 minutes, said Ben Read, director of strategic intelligence at Wiz.
The threat group’s operations remain high-tempo. TeamPCP infects new software packages almost daily, validates compromises and captures sensitive data within 24 hours, according to Wiz researchers.
The threat group has consistently evolved its tactics, developing payloads in JavaScript and Python while spreading from local files to Kubernetes application programming interfaces and bundled software development kits. Most recently, it’s been stealing credentials via custom protocols.
The group’s ambitions have expanded beyond its own attacks. TeamPCP is also responsible for a self-replicating piece of malware known as Mini Shai-Hulud, which infected hundreds of software packages across open-source registries in back-to-back attack sprees last month. A TeamPCP affiliate published the full source code for the malware on GitHub last month and encouraged other cybercriminals to use it for their own campaigns.
“TeamPCP is going for volume. They are not being discriminating, they’re not necessarily trying to be stealthy or trying to maximize ROI. They’re going for an all-of-the-above strategy,” Read said during the Sleuthcon presentation.
Defensive gaps create openings for attack
TeamPCP’s attack spree has also underscored how difficult it is for organizations to revoke compromised secrets. Multiple victims have experienced recurring infections, sometimes falling prey to TeamPCP three times within a month, because they didn’t rotate secrets properly, Cohen said.
At its core, these attacks highlight a direct trade-off organizations accept when they update software quickly to fix vulnerabilities, but learn that doing so too quickly could expose them to illegitimate registries containing malware.
TeamPCP has targeted what Aboukhadijeh describes as a “public good,” open-source registries that were never perfect but widely trusted and rarely turned into a point of entry for supply-chain attacks.
Rapid open source software installation is one of the most dangerous things an organization can do right now, he said, adding that there’s a roughly 1 in 10 chance that any package installed by an organization could trigger an active attack.
TeamPCP has compromised security scanners, password managers, automation tools, data visualization software, and CI/CD infrastructure across various environments.
And it’s lifted a trove of credentials and other sensitive data from victims.
Researchers like Cohen at Wiz, who have been tracking this attack spree since the beginning, are nearing a breaking point.
“This is also too hard on us. We’re very tired. I’m sure a lot of people working on this problem space are very tired, and it’s just kind of become untenable,” Cohen said.
“You can’t keep existing in a world where you wake up every morning and some super prevalent package is compromised and everybody’s just going to be using it like nothing,” he added. “We need to start taking this a bit more seriously.”
Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...]
Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
It's an end of an era: Apple no longer supports any Mac with an Intel chip, as it quietly announces that macOS 27 Golden Gate will only work with devices with Apple silicon sold after 2020.
Can't wait for macOS 27 Golden Gate? Then you can try out the developer beta, but be warned: installing it can be a somewhat involved (and costly) process, but we’ll walk you through all the steps required.
Login
