open source7 articles
Torvalds Tells AI-Assisted Kernel Contributors to Back Off
Linus Torvalds has warned Linux kernel contributors that he will begin rejecting trivial or unnecessary pull requests submitted late in the development cycle, particularly those triggered by AI code reviews. He criticised the fifth release candidate for Linux 7.1 as unusually large, arguing that non-critical fixes to long-standing issues should wait for the next merge window rather than adding risky churn near release. This follows a previous complaint from Torvalds that AI-generated security reports have made the kernel's security mailing list "almost entirely unmanageable."
Supply Chain Attack Hits Packagist: Eight PHP Packages Compromised via GitHub-Delivered Malware
Eight packages on Packagist, the primary dependency registry for PHP projects, were quietly backdoored in a supply chain attack that used GitHub infrastructure to serve Linux malware.
AI Is Finding Linux Bugs Faster Than Anyone Can Fix Them. That's Not Going Away.
Recent Linux vulnerabilities like Dirty Frag, Copy Fail, and Fragnesia highlight a growing trend of AI tools rapidly discovering kernel-level security flaws, with Linus Torvalds noting that bugs are now being publicly analysed within hours of being patched. The mean time to exploit vulnerabilities has shrunk dramatically — turning negative, meaning exploits often appear before patches do — and duplicate AI-generated bug reports are burdening already stretched maintainers. Experts stress that Linux hasn't become inherently less secure, but that AI's superior bug-detection capabilities demand greater security vigilance from administrators, including enforcing stricter security policies like SELinux in restrictive mode.
Megalodon Attack Poisons Thousands of GitHub Repos via CI/CD Hijacking
Someone has been systematically targeting GitHub repositories at scale.
Google Quietly Kills Open-Source Gemini CLI and Replaces It With Something Far Less Open
Google is replacing its open-source Gemini CLI tool with the new closed-source Antigravity CLI, with most free and paid consumer users losing access to Gemini CLI on June 18, 2026, while enterprise customers and those with paid API keys are exempt. Developers have reacted angrily to the switch, citing the lack of open-source code for Antigravity CLI, reported usage limit issues, and concerns that open-source community contributions were used to build a proprietary replacement. Google has acknowledged there will not be full feature parity at launch and that Gemini CLI will continue to be maintained, but only for paying enterprise customers.
Linus Torvalds: AI Bug Hunters Are Drowning the Linux Security List in Duplicate Garbage
Linus Torvalds has criticised the flood of AI-generated bug reports overwhelming the Linux kernel's security mailing list, saying mass duplication from multiple researchers using the same tools has made it "almost entirely unmanageable." He argues that AI-detected bugs are not secret by nature and should not be submitted to a private list, where reporters cannot see each other's duplicate reports, creating pointless extra work. Torvalds urged researchers to go further than simply filing AI-generated reports by also developing patches and adding genuine understanding, rather than submitting drive-by reports with no real context.
NousCoder-14B: Open-Source Coding Model Arrives Just as Everyone's Losing Their Minds Over Claude Code
Nous Research has released NousCoder-14B, an open-source coding model trained in just four days on 48 Nvidia B200 GPUs, achieving 67.87% accuracy on the LiveCodeBench v6 benchmark — a 7-point improvement over its base model. The release stands out for its radical transparency, with Nous publishing not only the model weights but also the full training environment and reinforcement learning framework, enabling others to reproduce the work. However, the researchers flag a significant concern: the training dataset approached the limits of available competitive programming problems, pointing to data scarcity as a key obstacle for future AI coding progress and highlighting synthetic data generation as a critical area for future research.