Linux 7.0 Released — Linus Torvalds shipped Linux 7.0 today, the first major version bump since 6.0 in 2022. While Torvalds downplays version numbers as cosmetic (he just doesn’t like going past x.19), the release is substantial: Rust is now a mainstream part of the kernel build, a new Time Slice Extension scheduler addresses a decade-old scheduling problem using Restartable Sequences, and there’s foundational work for next-gen hardware. Ubuntu 26.04 LTS (“Resolute Raccoon”), due April 23, will ship with 7.0 as its default kernel.
GitHub Copilot Will Train on Your Code by Default Starting April 24 — GitHub announced that starting April 24, interaction data from Copilot Free, Pro, and Pro+ users — including inputs, outputs, code snippets, and context — will be used to train AI models unless users manually opt out. Enterprise and Business tier users are excluded. The developer community is not enthused: the announcement thread has 59 thumbs-down reactions and 3 rocket ships. The two-tier structure — individuals become training data while enterprises are protected — has drawn criticism as a business model choice dressed up as a product update.
LiteLLM Supply Chain Attack Compromised 119K+ Downloads — The TeamPCP threat actor group executed a cascading supply chain attack that started by compromising Aqua Security’s Trivy and spread to the LiteLLM and Telnyx PyPI packages. The poisoned LiteLLM versions used a clever .pth file technique that executed malware every time any Python process started on the host, exfiltrating SSL/SSH keys, cloud credentials, Kubernetes configs, crypto wallets, and more. Over 119,000 downloads occurred during the attack window. The irony of security tooling being the entry point for a supply chain attack is not lost on anyone.
OpenTitan Open-Source Security Silicon Now Shipping in Chromebooks — After seven years of development, OpenTitan — the first open-source silicon root of trust — is shipping in commercial hardware. Dell Chromebooks are the first devices, with Nuvoton producing the chips. It’s the first commercially available open-source RoT to support post-quantum cryptography secure boot, and because it’s open source, anyone can review, test, or manufacture their own. Google plans to deploy it in their data centers later this year.
GitHub Secure Open Source Fund Adds $5.5M — GitHub expanded its Secure OSS Fund with an additional $5.5M in Azure credits, security training, and new partners including Datadog, Open WebUI, Atlantic Council, and OWASP. Session 4 launches late April with $10K per selected project plus Copilot Pro access and dedicated security education. This comes alongside the OSS Endowment launch — a new nonprofit creating a permanent investment corpus to generate steady grants for critical open-source maintainers.
CNCF Kubernetes AI Conformance Program Doubles Certified Platforms — Announced at KubeCon EU in Amsterdam, the CNCF’s Certified Kubernetes AI program has grown from 18 to 31 certified platforms since its November launch. The 2026 update adds agentic workload validation and mandates Kubernetes v1.35 alignment, including stable in-place pod resizing and workload-aware scheduling. CNCF is making AI-on-Kubernetes a first-class, standardized concern rather than everyone’s bespoke setup.
Claw Code AI Coding Framework Hits 72K Stars in Days — Claw Code, a Python-and-Rust open-source AI coding agent framework, launched on April 2 and racked up 72,000 GitHub stars within days — one of the fastest-growing repos in the AI tooling space. It enters a crowded field where OpenCode (112K stars) already competes with Claude Code, which dominates actual usage at 135K commits/day.