A supply chain attack hits developer security tooling, the Eclipse Foundation makes its boldest infrastructure play yet, and an open-source AI agent learns to train models by reading papers. Here’s what matters today.
Checkmarx supply chain attack hijacks KICS and Bitwarden CLI, steals developer credentials
On April 22, attackers compromised two widely-used developer tools in a coordinated supply chain campaign. Checkmarx’s KICS security scanner — an open-source tool with over five million Docker pulls — had its Docker, VS Code, and Open VSX extensions tampered to exfiltrate credentials. In parallel, a malicious version of the Bitwarden CLI (@bitwarden/cli@2026.4.0) was published to npm for roughly 90 minutes, injecting code that harvested GitHub tokens and used them to plant malicious Actions workflows in victims’ repositories. The stolen data was encrypted with AES-256-GCM and exfiltrated to a domain impersonating Checkmarx itself. Attribution remains murky — TeamPCP claimed the Checkmarx side, but the Bitwarden compromise may involve the separate Shai-Hulud worm operators. The bitter irony of a security scanning tool being weaponized against developers underscores how supply chain attacks are becoming the defining threat vector of 2026. If you use either tool, audit your environments immediately.
Announced April 21, the Eclipse Foundation’s Open VSX Managed Registry is the first foundation-operated managed service for VS Code extension distribution, and its timing is deliberate. Open VSX now serves over 300 million downloads per month with peak traffic exceeding 200 million daily requests, driven by the explosion of AI-native IDEs that need a vendor-neutral extension registry: Cursor, Windsurf, Kiro (AWS), Antigravity (Google), VSCodium, Ona (Gitpod), and IBM Bob all depend on it. The managed tier offers a 99.95% uptime SLA and enterprise support, with AWS, Google, and Cursor as launch customers. Individual developers and open-source projects remain on a free tier. This is a significant strategic move — as Microsoft’s VS Code Marketplace becomes one option among many in an increasingly fragmented editor landscape, Eclipse is positioning Open VSX as the neutral commons. It’s also a sustainability model worth watching: foundation-operated infrastructure funded by the commercial platforms that depend on it.
Hugging Face open-sources ml-intern, an AI agent that reads papers and trains models
Released April 21, ml-intern is an open-source AI agent built on Hugging Face’s smolagents framework that automates the entire LLM post-training workflow — from literature review through dataset discovery, training execution, and iterative evaluation. In its launch demo, the agent took Qwen3-1.7B from a ~10% baseline on the GPQA benchmark to 32% in under 10 hours, crossing the 27.5% mark in just three hours — outperforming Claude Code’s 22.99% on the same task. The agent works by browsing arXiv, traversing citation graphs, finding relevant datasets on the Hub, and iteratively retraining until benchmarks improve. Hugging Face is offering $1,000 in GPU credits and Anthropic API credits to early users. The strategic play here is clear: by open-sourcing the agent that makes the Hub more valuable, Hugging Face deepens its position as the central infrastructure for open-source AI development.
Editor’s Note: At time of writing, it’s still missing a LICENSE. Seems like a miss, but also perhaps commentary on what the community and this very LLM-driven service think passes as “open-sourcing” these days. Approachable Open Source makes clear that posting something on GitHub does not grant anyone else the right to use it.
Apache Airflow 2 reaches end of life — migration clock is ticking
Apache Airflow 2.x officially reached end of life on April 22, meaning no more security patches, bug fixes, or provider updates for the version that powers data pipelines at thousands of organizations. The migration to Airflow 3 is non-trivial: deprecated context variables that still worked in 2.x are gone, standard operators moved from apache-airflow to apache-airflow-providers-standard, and the new “Asset” paradigm replaces the old scheduling model. For teams on managed platforms like Astronomer’s Astro, extended support runs through April 2027, providing a 12-month migration runway. But for self-hosted deployments, any CVEs discovered from here on won’t be patched. Given that Airflow is embedded in compliance-sensitive environments (SOC 2, HIPAA, PCI-DSS), this EOL has real regulatory implications. If your data engineering team hasn’t started planning the Airflow 3 migration, this is the nudge.
DARPA’s autonomous bug-finding systems go open source under OpenSSF as OSS-CRS
The Open Source Security Foundation formally welcomed OSS-CRS (Open Source Software Cyber Reasoning Systems) as a new project under its AI/ML Security Working Group. Born from DARPA’s AI Cyber Challenge (AIxCC), OSS-CRS is a standardized orchestration framework for running LLM-based autonomous vulnerability discovery and patching systems against real-world codebases. The team has already ported the AIxCC first-place system (Atlantis) and used it to discover 25 previously unknown vulnerabilities across 16 projects including PHP, U-Boot, memcached, and Apache Ignite 3. But the most telling finding may be this: manual review of 630 AI-generated patches found 20-40% were semantically incorrect, validating the need for human oversight. This dovetails directly with our April 24 coverage of Project Glasswing’s patch gap — the open-source security community is converging on a shared reality: AI can find bugs faster than ever, but the fix pipeline still needs humans in the loop.
Update: Fedora 44 ships tomorrow — the most consequential Linux distribution week in years
After two delays covered in our April 20, 22, and 24 briefings, Fedora 44 officially launches tomorrow, April 28. The final RC 1.7 build includes Firefox 150 with over 200 security fixes and a critical PackageKit privilege escalation patch. Two issues were waived to Fedora 45: an Anaconda partition-sizing bug in the Cockpit webui flow and a non-ASCII keyboard layout selection issue. ISOs are already available for download. Landing five days after Ubuntu 26.04 LTS, this completes the most significant week for Linux distributions in recent memory — two flagship releases shipping GNOME 50 and modern kernel stacks within the same seven-day window.