VentureBeat explains slopsquatting, a supply-chain attack where AI coding assistants hallucinate open-source package names that attackers can register and fill with malware before developers install them.
Wired reports that Nebula Security used its VEGA AI bug-hunting tool to find GhostLock, a 15-year-old Linux kernel privilege-escalation flaw, underscoring how AI vulnerability discovery is reaching critical open-source infrastructure.
AlphaSignal reports that Anthropic expanded Claude for Open Source to offer qualifying maintainers and core contributors six months of Claude Max 20x, an in-kind support program aimed at critical public repositories and packages.
BleepingComputer reports on Ghostcommit, a proof-of-concept pull-request attack that hides prompt-injection instructions in a PNG so AI code reviewers and coding agents can miss the change and later leak repository secrets.
lowRISC says Tampere University has joined OpenTitan as an academic partner, adding hardware-security, RISC-V, and cryptographic-acceleration research to the nonprofit-stewarded open-source silicon root-of-trust project.
The Herald Business reports that South Korea's ETRI is expanding its government-funded research open-source consortium to address license disputes, security vulnerabilities, and AI training-data copyright risks across strategic technology projects.
Joost de Valk argues that open-source buyers and governments should look beyond licenses and maintainer stewardship to whether project infrastructure, trademarks, repositories, and update channels are governed so users cannot be cut off at a steward's discretion.
Slashdot covers the Free Software Foundation sysadmin team's account of using Reaction to block aggressive crawler traffic, including AI-training scrapers, after a botnet with roughly five million IPs targeted FSF systems for months.
Digital Production reports that Blender Studio's proposed Overgrown feature film would fund open-source production tools, project files, documentation, and pipeline knowledge through Studio subscriptions, with a goal of 7,000 subscribers by September 2026.
CNX Software reports that PocketMage, an Apache-2.0 open-source hardware PDA with KiCad design files, software, and documentation on GitHub, has launched on Crowd Supply with a $100,000 funding target and rewards starting at $185.
Liliputing reports that Open Book Touch, a pocketable open-source e-reader with open hardware and software plans, has launched a Crowd Supply campaign seeking $45,000 to fund manufacturing and ship devices to backers in early 2027.
The OpenSSL Foundation publishes a supporter story from is*hosting explaining why the hosting provider joined the Code Protectors Program, tying direct financial support to keeping OpenSSL's critical internet-security work maintained and sustainable.
GegoK12 says its MIT-licensed school ERP offers a free open-source core for student, attendance, class record, calendar, library, and notice-board workflows while charging separately for specialized modules such as transport and fee management.
Fintech News interviews EXANTE CTO Richard Forss about Gecko Fund, EXANTE's new €1 million grant program for critical open-source software projects used across trading and financial data systems, framing direct maintainer support as part of financial infrastructure resilience.
Decent Cybersecurity explains that the European Commission's cybersecurity and AI action plan includes a Critical Open Source Resilience Campaign to support maintainers of key projects, alongside AI-assisted vulnerability remediation work.
HackerNoon argues that hostile users, uncompensated support expectations, and lack of recognition are increasing burnout risk for open-source maintainers and threatening the sustainability of critical projects.
AI and Games argues that Godot's decision to block AI-generated code submissions is a maintainership and accountability issue, as coding agents increase review burden while contributors may not understand or own generated changes.
InfoQ reports that the Linux Foundation launched Akrites, an industry effort to coordinate validation, remediation, and disclosure for critical open-source vulnerabilities as AI-enabled attackers accelerate exploit discovery.
Lars Barkman analyzes whether a solo open-source developer can build a sustainable business, comparing donations, consulting, open core, paid hosted services, and paid-access or delayed-publication models for code and writing.
FOSS United awarded an INR 3 lakh grant to Scrite, an open-source cross-platform screenwriting app, to cover hosting, software licensing, code signing certificates, and legal review through 2027.
The Autoware Foundation welcomed Abu Dhabi's Technology Innovation Institute as an industry member, adding autonomous-systems research expertise to the open-source autonomous-driving software foundation.
The Register reports that Red Hat has introduced an open-ended paid support option for a fixed RHEL release, framing the offer as a way for enterprises to buy extended lifecycle coverage while raising lock-in and pricing concerns.
Thoughtworks argues that permissive open-source economics are under renewed strain from AI-generated pull requests, maintainer burnout, declining trust signals, and companies that consume critical packages without funding their upkeep.
A QGIS developer mailing list post says GitHub warned that its AI-powered Code Quality public preview would start billing per active committer and by AI usage, raising concern about surprise charges for open-source organization members.
TRMNL details its ninth creator fund payout, sharing developer revenue with plugin authors and contributors to TRMNL open-source projects as part of a recurring funding model for its open e-paper ecosystem.
InfoQ reports that Kubernetes has formalized an AI-assisted maintainership policy that permits AI tools while keeping human contributors accountable for provenance, review, security, and long-term code ownership.
CNCF explains that the community-maintained ingress-nginx controller has reached end of life after its March 2026 retirement, warning users about unpatched CVEs, halted feature updates, and loss of community support while they migrate to another controller or Gateway API.
Help Net Security reports on research dividing open-source software into fourteen project types, arguing that funding, governance, and maintainer structure predict dependency health and production risk before code ships.
The Stack reports that AI-generated pull requests are pushing projects such as Kubernetes to create contributor policies, as maintainers try to balance easier contributions against slop-like code review burden and volunteer workload.
Yorick Peterse examines why donations, grants, open-core models, and side businesses often fail or compromise open-source projects, then sketches a paid-access upstream repository and delayed public mirror model while noting its trade-offs for smaller projects such as Inko.
Infosecurity reports on Wiz's GhostApproval research, which found that six AI coding assistants could be tricked through symlinks in malicious repositories into writing to sensitive local files after a user approved an apparently safe change.
Diginomica reports that Red Hat is using its Massachusetts Open Accelerator, backed by IBM Ventures and the Massachusetts AI Hub, as a template for a UK open-source AI hub that would combine startup support, enterprise readiness, and government adoption of open source.
Project Pythia says it has been accepted as a NumFOCUS Affiliated Project, giving the open, community-driven geoscience education and scientific Python resource access to broader open-source collaboration, visibility, and selected funding opportunities while keeping independent governance.
CyberScoop commentary argues that the U.S. AI cybersecurity clearinghouse should prioritize patching and disclosure, warning that AI bug-finding increases vulnerability reports while volunteer open-source maintainers still must verify, patch, and coordinate fixes.
Help Net Security reports that GitHub Innovation Graph data shows cross-border open-source collaboration grew 16% from Q4 2025 to Q1 2026, increasing pull request and code volume while GitHub ships new maintainer controls to manage the load.
TechCrunch reports that Ollama raised a $65 million Series B led by Theory Ventures, giving the open-source AI developer tool $88 million in total funding as it serves nearly 9 million monthly developers and adds hosted subscription tiers.
FINOS recaps OSFF London 2026 with the launch of the FINOS AI Fund, backed by DTCC, Morgan Stanley, RBC, and NatWest, and plans for OSERA, a vendor-neutral financial-services open-source supply-chain resiliency coalition.
PostHog published a separate MIT-licensed posthog-foss repository for its all-in-one product analytics platform, describing the project as open source and retaining public code, docs, roadmap, and contribution channels.
FOSS Force reports that Mecklenburg-Vorpommern launched a Nextcloud-based collaboration platform to replace Microsoft SharePoint, part of a broader European public-sector push for open-source digital sovereignty, shared standards, and vendor independence.
The Apache Software Foundation says Apache Livy and Apache Magpie became top-level projects, while the June newsletter also emphasizes mentorship, travel assistance, and community stewardship as sustaining infrastructure for ASF projects.
Andrew Kelley argues that Bun's VC-backed push, Anthropic acquisition, stopped Zig Software Foundation donations, and AI-heavy rewrite created open-source sustainability and maintainer-community fallout beyond the Rust-versus-Zig language choice.
Infosecurity reports on ESET's H1 2026 threat report, which found tens of thousands of suspicious and thousands of malicious AI-agent skills in public repositories, warning that attacker-supplied toolsets can exfiltrate data, execute malware, and alter agent behavior.
AI Now Institute published a Friendly Fire proof-of-concept showing that Anthropic Claude Code and OpenAI Codex can be hijacked for remote code execution while reviewing untrusted open-source or third-party libraries, using prompt injections hidden in source code rather than configuration files.
IT Pro examines whether AI is worsening long-running open-source sustainability pressures, including funding gaps, maintainer overload, infrastructure strain, and expectations that projects absorb new AI-era support and security burdens.
The Linux Foundation announced its intent to launch the Open Health Stack Software Foundation, with Google, WHO, and other partners backing neutral governance for open-source digital health infrastructure.
OpenClaw says it has formed a 501(c)(3) foundation to steward the MIT-licensed open-source personal AI agent project, provide stable funding, hire full-time maintainers, and keep the project independent while donors and partners build around it.
ZDNet reports from Open Source Summit India that Linus Torvalds discussed AI's role in kernel work, warning that AI-written code must still be understood by maintainers while human last-minute fixes and contributor issues remain the bigger stressors.
Jarred Sumner explains why and how the Bun team rewrote the open-source JavaScript runtime from Zig to Rust, describing an agentic coding workflow with trial runs, adversarial review, and automation around the migration.
ZDNet reports that IBM and Red Hat turned Lightwell into commercial offerings and a partner network aimed at validating and delivering fixes for open-source dependencies as cheap AI-generated exploits increase pressure on traditional patch management.
The Rust Foundation says Canonical donated 25 Ubuntu Pro subscriptions for Rust infrastructure, helping the project apply expanded security maintenance and live kernel patching across legacy servers that support services such as docs.rs and Crater.
The Next Web reports that Entire, founded by former GitHub CEO Thomas Dohmke, launched a preview of a distributed Git network that mirrors GitHub repositories across regions so AI coding agents can clone and pull without overloading centralized code hosts.
OSI recaps its UN Open Source Week briefing for member states and says its new Open Source AI Fellowship will coordinate evidence, partnerships, policy engagement, and consensus work around what it means for AI systems to be labeled open source.
The Linux Foundation says LF Networking accepted StratoWeave, a Deutsche Telekom-contributed open-source project for AI-native transport network automation, adding vendor-neutral declarative automation for communications service providers to the foundation's networking portfolio.
The European Open Source Academy argues that software-defined vehicle development needs foundation-driven open collaboration, using the Eclipse Foundation model as a vendor-neutral alternative to single-vendor open source for shared automotive infrastructure.
The Next Web reports that n8n ties its model-agnostic AI workflow pitch to its Sustainable Use License and fair-code business model, keeping the source self-hostable while restricting commercial use after moving away from Apache 2.0 with Commons Clause.
The Rust Clippy team says the linter has a reviewing-capacity problem because no current team member is funded to work on it, and points readers to the Rust Foundation Maintainers Fund as a potential source of support.
Sonatype argues that AI-accelerated vulnerability discovery is shifting the bottleneck in open-source security from finding bugs to coordinating remediation, trusted distribution, and upstream fixes for critical dependencies.
MyChesCo reports that the Apache Software Foundation elevated Apache Magpie, an open-source tool for AI-assisted repository maintainership, from the incubator to top-level project status.
GfxSpeak reports that DreamWorks Animation donated MoonRay, its Apache-2.0 production path-tracing renderer, to the Academy Software Foundation so studios, developers, and students can use and extend it under neutral governance.
Noma Labs describes GitLost, a prompt-injection vulnerability in GitHub's agentic workflows that let an unauthenticated attacker use a crafted public issue to silently exfiltrate data from private repositories in the same organization.
Financial IT reports that Santander has published more than a dozen Santander AI Lab projects on GitHub under an open-source licence, inviting developers and researchers to collaborate on banking-focused AI tools for security, governance, privacy, and traceability.
PR Newswire reports that SoftAtHome has commercially deployed prpl-based Wi-Fi 7 repeater software across Orange in Europe, putting the open-source broadband-device framework into subscriber homes at group scale while preserving a common hardware-independent base.
X-CMD recaps how SSPL, BSL, Elastic License, Commons Clause, and PolyForm-style terms have reshaped open-source licensing since 2024, arguing that cloud free-riding, AI training disputes, and monetization pressure mean developers now need to read license competition clauses closely.
The Agentic AI Foundation says agentgateway, an open gateway project for agentic AI infrastructure that joined the foundation, released v1.3.0 with a rebuilt LLM traffic path, transformation engine, provider management, and MCP support.
Dremio says Apache Ossie, an open semantic interchange project for semantic-layer interoperability and trustworthy AI agents, has joined the Apache Incubator, with Dremio contributing and integrating the project during incubation.
QuestPDF's Community License 3.0, effective July 6, makes the PDF library free for individuals, sub-$1M businesses, charities, academic institutions, and open-source projects while excluding public-sector entities and public companies; the license says it is source-available and not OSI-approved.
lowRISC says AMI has joined the OpenTitan coalition, bringing firmware security expertise to the open-source secure silicon project alongside partners including Fraunhofer, Google, Nuvoton, and Realtek.
ZK/SEC reports that its AI audit pipeline found seven confirmed bugs in Cloudflare's open-source CIRCL cryptography library, including threshold RSA precision loss and attribute-based encryption access-control flaws, all now fixed upstream.
The Beagle SCM author describes using Anthropic's Fable to build the git-compatible source-control project, arguing that LLM coding agents need deterministic tools and formal workflows so repeated actions and verification steps can be automated reliably.
Chainguard says Athena, its coordinated open-source defense coalition for AI-accelerated vulnerability discovery, added Akamai, Black Duck, Cycode, JFrog, Morgan Stanley, Qualys, Upwind, and Zafran while processing more than 40,000 vulnerability findings since launch.
Better Auth announced it is joining Vercel, saying the move gives the open-source auth framework more resources while letting the team pursue agent authorization work without shaping its roadmap around standalone monetization.
CNCF says Open Community Groups, its open-source meetup platform, has become community infrastructure for local cloud-native groups and a foundation-backed way to coordinate open-source events through open-source software.
WinBuzzer reports that public CVE data showed a June spike in high- and top-severity disclosures as AI-assisted bug hunting expanded, with open-source findings and maintainer patch capacity lagging behind validation and reporting.
Phoronix reports that TUXEDO Computers is moving TUXEDO OS from Ubuntu to Debian Testing, citing Ubuntu LTS staleness for its hybrid release model and discomfort with Canonical's AI roadmap.
OSTIF published the results of a CNCF-backed security audit of Cortex, the open-source long-term storage project for Prometheus and OpenTelemetry, documenting Quarkslab review work and fixes for seven security-impacting findings.
The Rust Leadership Council says the new Funding team will administer the Rust Foundation Maintainers Fund, allocating $50,000 for maintainer support and taking over the project grants program to support long-term Rust maintenance.
Socket reports that Node.js maintainers are debating whether the AI-driven surge in vulnerability reports should push lower-severity security issues into public workflows, with private embargoes reserved for higher-severity bugs.
The New Stack reports on research into whether AI coding agents will erode the beginner-friendly open-source issues that help new contributors join projects, finding evidence that the feared displacement has not yet materialized.
The OpenInfra Foundation recaps UN Open Source Week and its digital sovereignty working group white papers, arguing that governments need open, production-ready infrastructure plus coordinated policy and funding to reduce cloud dependence.
The Register reports that Xinuos, SCO's legal successor, is trying to revive old Project Monterey license and copyright claims against IBM, extending the long-running Unix and Linux ownership dispute.
MariaDB Foundation welcomed Continuent as a Silver Sponsor, citing the company's long-running work with business-critical MariaDB and MySQL-compatible open-source deployments and its support for MariaDB Server and the community.
Open Source Security talks with Lori Lorusso and Niko Matsakis about the Rust Foundation Maintainers Fund, covering how the foundation plans to fund Rust maintainers and why sustainable open-source maintenance requires dedicated support.
Tech.eu reports that the PyTorch Foundation is positioning PyTorch and related projects as neutral open infrastructure for European AI sovereignty, including moving SafeTensors governance, trademarks, and long-term stewardship from Hugging Face to the Linux Foundation while maintainers continue day-to-day work.
Open Source For You reports that Apache Livy graduated to an Apache Software Foundation Top-Level Project, moving the Spark REST API service from incubator oversight to its own project management committee for future releases, security fixes, and community growth.
Flipper Devices says it will allocate resources to keep maintaining the open-source Flipper Zero firmware after community pushback, moving feature requests to GitHub Discussions, tightening contribution rules for AI-generated low-level code, and publishing integration tests for community regression testing.
PCMag reviews Brave Origin as a $60 paid version of the open-source Brave browser that removes revenue-generating features such as ads, AI, VPN, and crypto integrations, questioning whether users will pay for a minimalist browser they can largely configure themselves.
Analytics India Magazine reports that open-source maintainers are rewriting contribution rules as AI agents and generated pull requests add review burden, citing incidents around Matplotlib, Godot, the Linux kernel, and curl's bug-bounty shutdown.
BetaKit reports that Shopify and Shopline settled Shopify's lawsuit accusing Shopline of copying the open-source Dawn storefront theme into a rival Seed template, with Shopify saying the confidential deal requires payment and bars further Seed distribution.
Simon Willison describes using Claude Fable in Claude Code to prepare sqlite-utils 4.0rc2, including AI-assisted review, test fixes, SemVer compatibility checks, and release-engineering costs for the open-source Python project.
Xubuntu and Xfce contributor Sean Davis updated his GitHub Sponsors and Patreon tiers to support open-source infrastructure, documentation, testing hardware, mentorship, and community work while stressing that sponsorship does not replace project governance.
The Gazette reports that Belgium's King Baudouin Foundation awarded the $1 million 2026 Rousseeuw Prize for Statistics to core members of The R Project, recognizing decades of work maintaining the free, open-source statistical computing platform.
Marijn Haverbeke released Wordgard 0.1 as an MIT-licensed successor-style rich-text editor toolkit informed by ProseMirror and CodeMirror, while explaining that permissive licensing, AI scraping, and AI-generated pull requests are changing how he funds and maintains open-source infrastructure.
Armin Ronacher documents a Pi coding-agent tool-calling regression where newer Claude models generate malformed nested edit calls, arguing that closed-source Claude Code training and permissive harness behavior can make alternative agent tools less reliable without stricter schemas.
Adversa AI reports that common pattern-based shell guards in open-source AI coding agents can be bypassed with decades-old Bash quoting and expansion tricks, letting poisoned repositories, README files, or Makefiles turn agent command execution into a developer credential and supply-chain risk.
PrimeTek announced PrimeUI, moving future major versions of PrimeNG, PrimeReact, and PrimeVue from MIT-licensed open source releases to a paid commercial licensing model for larger organizations, while keeping existing MIT versions unchanged and free community licenses for eligible small users.
JetBrains will sunset Kotlin Notebook as a maintained IntelliJ IDEA product, unbundle it from IntelliJ IDEA 2026.2, publish the plugin source on GitHub under Apache-2.0, and hand future development to community ownership.
Open Source For You reports that Huawei, China Mobile, AIS, AsiaInfo, Infosys, Orange, Personal, and ZTE launched the OpenAN project under Linux Foundation Networking, donating baseline telecom automation components and setting governance for agent-based autonomous network tools.
Open Source For You reports that Shopify joined the PyTorch Foundation as a Platinum Member, taking seats on the governing board and Technical Advisory Council while committing upstream engineering support for the open-source machine-learning framework used across its commerce platform.
Open Source For You reports that the open-source ZLUDA compatibility project added experimental PhysX support for AMD Radeon GPUs while lead developer Andrzej Janik said the project has lost its commercial backing and is returning to a slower volunteer-maintained pace.
Scripps Research received two Gates Foundation grants totaling $2 million to expand wastewater disease surveillance and AI-driven outbreak prediction, including further development of Freyja, its open-source wastewater analysis platform, and openly available lab protocols and bioinformatics tools for low- and middle-income countries.