A mix of fresh tooling, governance shifts, and yet another MCP-related vulnerability making the rounds. Here’s what matters today.
Mozilla launches Thunderbolt, an open-source self-hostable enterprise AI client
The Thunderbird team (via MZLA Technologies, Mozilla’s for-profit subsidiary) has unveiled Thunderbolt — a cross-platform, open-source AI client designed to give enterprises a self-hosted alternative to ChatGPT Enterprise, Microsoft Copilot, and Claude Enterprise. It ships with MCP server and Agent Client Protocol (ACP) support, integrates with the Haystack AI platform, and can connect to Anthropic, OpenAI, Mistral, and OpenRouter out of the box. Local inference is supported through Ollama, llama.cpp, or any OpenAI-compatible API. Native builds are available for Linux, macOS, Windows, iOS, and Android. The pitch is “sovereign AI” — your models, your data, no vendor lock-in. It’s still pre-enterprise-production and undergoing a security audit, but the code is on GitHub now. This is Mozilla’s clearest play yet at owning a piece of the enterprise AI client layer, and the MCP/ACP integration makes it immediately relevant to teams already building agent workflows.
nginx-ui auth bypass (CVE-2026-33032) under active exploitation — dubbed “MCPwn”
A CVSS 9.8 authentication bypass in nginx-ui, codenamed “MCPwn” by Pluto Security, is being actively exploited in the wild. The root cause is almost comically simple: the /mcp_message endpoint lacks the authentication middleware that the /mcp endpoint correctly enforces. Two HTTP requests are enough for full server takeover. Approximately 2,600 publicly reachable nginx-ui instances have been identified as exposed. The fix landed in version 2.3.4 back on March 15, with 2.3.6 being the current secure release — but Recorded Future confirmed active exploitation began in March and continues now. This is the second MCP-related security incident in recent weeks (after the broader MCP governance discussions), and it underscores a pattern: as MCP adoption accelerates, implementations that bolt on MCP endpoints without consistent auth are creating a new attack surface. If you’re running nginx-ui, patch immediately; if you’re integrating MCP into anything, audit every endpoint.
OSI appoints Duane O’Brien as new Executive Director
The Open Source Initiative has a permanent leader again. Duane O’Brien started on April 13, replacing interim ED Deborah Bryant, who had been filling in since Stefano Maffulli’s departure last October. O’Brien brings nearly 25 years of experience — most recently leading Capital One’s Open Source Program Office, and before that building OSPOs at Indeed and PayPal. He inherits an organization navigating the politically charged intersection of AI and open-source licensing (the OSI’s Open Source AI Definition remains contentious), ongoing relicensing controversies across the industry, and the perennial question of how the definition-keeper of “open source” stays relevant as foundations and companies increasingly set their own terms. His OSPO background suggests a pragmatic, enterprise-fluent approach. Worth watching whether that translates into faster movement on the AI licensing front.
Forgejo 15.0 ships as a Long-Term Support release
Forgejo, the community fork of Gitea, hit its 100th release with version 15.0, designated as an LTS release supported through July 2027. The headline features are repository-specific access tokens (finally — reducing the blast radius of token compromise), OpenID Connect support for Forgejo Actions (short-lived signed tokens instead of static secrets for CI/CD auth), and ephemeral runners that self-destruct after a single job execution. The OIDC and ephemeral runner features are clearly aimed at teams that take supply chain security seriously, and they bring Forgejo closer to parity with what GitHub Actions offers natively. For anyone running self-hosted Git infrastructure and evaluating alternatives to GitHub or GitLab, Forgejo continues to punch well above its weight.
Eclipse Foundation launches Open VSX Security Researcher Recognition Program
Announced April 14, the Eclipse Foundation is formalizing responsible disclosure for the Open VSX Registry — the open-source VS Code extension marketplace that now serves over 300 million monthly downloads. The program offers a Hall of Fame, digital badges, and vouchers rather than cash bounties, and is open to independent researchers, academics, and security consultancies. Given that a previous vulnerability exposed all Open VSX repositories to takeover, formalizing the disclosure pipeline is overdue. With VS Code extensions increasingly being used as attack vectors in supply chain compromises, having a structured security program around the registry — even without financial bounties — is a meaningful step. Whether recognition alone is enough to attract serious researchers is another question.
KDE Gear 26.04 arrives with 30 years of polish
Released April 16, the latest KDE Gear collection brings improvements across the desktop application suite. Dolphin file manager now supports custom keyboard shortcuts for any menu option or plugin, Merkuro Calendar gets a redesigned schedule view, NeoChat adds Matrix thread support, and KOrganizer gets a modernized layout. Individually these are incremental, but collectively they represent the quiet, steady maturation of the KDE ecosystem. For Linux desktop users, KDE Gear releases are where the day-to-day experience actually improves — and the fact that KDE has been shipping this consistently for 30 years is itself a story about open-source sustainability.
Tails 7.6.2 emergency release patches critical Flatpak sandbox escape
Tails shipped an emergency update on April 16 to address CVE-2026-34078, a CVSS 9.3 sandbox escape in Flatpak that could let an attacker who has already compromised Tor Browser access all user files, including Persistent Storage. The attack requires chaining with another exploit, so it’s not a zero-click scenario, but for Tails’ threat model — journalists, activists, and anyone depending on Tor for safety — a sandbox escape that exposes persistent files is about as serious as it gets. Flatpak was updated to 1.16.6. Automatic upgrades are available from Tails 7.0+.