Hi folks,

This week’s lead story looks at a widely used open-source package being compromised through its own release process, after attackers slipped a malicious update into a trusted distribution channel.

Elsewhere, a new crop of tools and funding rounds points to growing momentum around AI agents and the infrastructure that supports them, while governments and developers continue to rethink their reliance on dominant platforms — from sovereign Git hosting in Europe to high-profile departures from GitHub itself.

As usual, feel free to reach out to me with any questions, tips, corrections, or suggestions: forkable[at]pm.me.

Paul

<Open issue>

Hackers weaponize trusted update

A widely used open-source package with more than 1 million monthly downloads was compromised after attackers hijacked its release process and pushed a malicious update.

The package, elementary-data, was briefly distributed with credential-stealing code that searched systems for sensitive data including cloud keys, API tokens, SSH keys, and warehouse credentials. The malicious version — 0.23.3 — was live for around 12 hours before being pulled.

The attack didn’t rely on tricking users into installing something obviously suspicious. Instead, the attacker exploited a vulnerability in a GitHub Actions workflow used by the project’s maintainers. By submitting a malicious pull request, they were able to execute code inside the developers’ environment, extract signing keys and tokens, and publish a compromised release that appeared legitimate.

“Users who installed 0.23.3… should assume that any credentials accessible to the environment where it ran may have been exposed,” the Elementary team warned.

The incident follows a well-trodden path. Rather than targeting the codebase itself, attackers are going after the systems that build and ship it. In this case, the release pipeline — the automated process that builds the software, signs it, and publishes updates — became the point of entry.

For maintainers, that creates a difficult problem. Code is reviewed and tested, but CI pipelines — often less scrutinised and holding the keys to production — are easier to get wrong and far more damaging if compromised.

Read more: Ars Technica | Elementary

<Patch notes>

Paper Compute wants to fix AI agent infrastructure

GitHub veteran Brian Douglas recently launched Paper Compute, an open-source startup building infrastructure for AI agents, starting with Tapes (observability) and StereOS (a hardened OS for sandboxed agent execution).

Read my interview with Brian in the link below.

Read more: The New Stack

Netherlands launches ‘sovereign’ GitHub alternative

The Dutch government has soft-launched code.overheid.nl, a self-hosted Git platform for public bodies built on Forgejo, a European alternative to GitHub.

Read more: Digital Government | Code.Overheid

Hashicorp co-founder quits GitHub

Mitchell Hashimoto is moving his Ghostty terminal project off GitHub after near-daily outages. "GitHub is no longer a place for serious work," he wrote, after 18 years on the platform.

Read more: The Register

Warp goes open source

AI coding startup Warp is open-sourcing its client, betting a community managing AI agents can outpace well-funded closed rivals. OpenAI is a founding sponsor.

Read more: Tessl

OpenAI open-sources Symphony

OpenAI this week released Symphony, an open source specification for orchestrating coding agents. The project connects issue trackers such as Linear to Codex-powered agents, allowing each task to run as its own self-contained job, from assignment through to a pull request.

Read more: Tessl

Vendor lock-in drives OSS adoption?

The 2026 State of Open Source Report is out! Vendor lock-in is now cited by 55% of organisations as a primary driver of OSS adoption — a 68% year-over-year jump — while security and maintenance remain the biggest operational challenges.

Read more: The Open Source Initiative (OSI) | Perforce Open Logic

OpenAI releases local PII filter

OpenAI’s new Privacy Filter model detects and redacts personally identifiable information (PII) on-device, supporting up to 128k tokens in a single pass.

Read more: The New Stack | OpenAI | Hugging Face

Cursor partners with Chainguard to secure AI-built code

Cursor is routing dependencies through Chainguard's verified package repositories, addressing the risk of agents pulling compromised libraries at a pace no security team can review manually.

Read more: Tessl

Intel shutters its open-source evangelism program

As part of its ongoing “open-source rethink,” Intel has archived its Open Ecosystem Community/Evangelism initiative alongside a wave of GitHub repositories, marking a significant retreat from its decades-long role as a major open-source contributor.

Read more: Phoronix

DeepSeek V4 arrives with Huawei chip support

DeepSeek's most significant release since R1 comes in Pro and Flash variants with a 1M token context window, and is the first model optimised for domestic Chinese chips.

Read more: MIT Technology Review

Cloudsmith raises $72M

Belfast-based artifact management platform Cloudsmith has raised a $72 million Series C led by TCV and Insight Partners, targeting enterprises managing AI-generated code at scale.

Read more: Cloudsmith

ComfyUI raises $30M at $500M valuation

Open-source AI workflow platform ComfyUI has raised $30 million at a $500 million valuation. The company now claims 4 million users and 150,000 daily downloads.

Read more: GlobeNewswire

<Final commit>

Microsoft digs up the bones of DOS

On the 45th anniversary of 86-DOS 1.00, Microsoft has published what appears to be the earliest-known DOS source code — hand-annotated assembler printouts preserved by Tim Paterson, the original author of DOS. Think scanned listings, handwritten notes, and the kind of artifacts that you might find in an archaeological dig.

Microsoft describes them as “a printed commit history of a Git repository” — a stack of paper that tracks which features were added when, what broke, and how it got fixed. The materials include the 86-DOS 1.00 kernel, development snapshots of PC-DOS 1.00, and utilities like CHKDSK. Soon, the physical originals will be on display at the Interim Computer Museum, donated by Paterson himself.

Read more: Microsoft