eclipse-foundation

Stop trusting mutable references: how Eclipse Foundation projects should harden GitHub Actions after the Trivy compromise

Tue, 2026-03-24 04:30

On March 19, 2026, an attacker used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77...

Open VSX security update, October 2025

Mikaël Barbero

Mon, 2025-10-27 15:30

Over the past few weeks, the Open VSX team and the Eclipse Foundation have been responding to reports of leaked...

Eclipse Open VSX Registry Security Advisory

Mikaël Barbero

Wed, 2025-07-02 04:15

This security advisory provides additional technical details following our initial statement and the corresponding CVE record. TL;DR A vulnerability in...

Vulnerability in Eclipse Open VSX Registry extension publication process

Mikaël Barbero

Fri, 2025-06-27 04:15

On May 4th, the Eclipse Foundation (EF) Security Team received a notification from researchers at Koi Security regarding a potential...

Strengthening Open Source Security: Eclipse Foundation Selected by the Sovereign Tech Agency for a New Service Agreement

Mikaël Barbero

Fri, 2025-02-28 02:15

We are pleased to announce that the Eclipse Foundation has been selected by the Sovereign Tech Agency for a new...

Eclipse Foundation Security Statement: JARsigner Abuse by Malicious Actors

Mikaël Barbero

Fri, 2025-02-21 02:15

Recent reports indicate that cybercriminals are exploiting the Windows DLL side-loading technique using the legitimate jarsigner.exe executable to propagate malware...

Introducing the Updated Eclipse Foundation Security Policy

Mikaël Barbero

Fri, 2024-12-06 03:00

On November 20, 2024, the Board of Director of the Eclipse Foundation approved version 1.2 of its Security Policy. This...

Leaving the Eclipse Foundation

Anonymous

Thu, 2018-05-31 12:27

Yes. The rumours are true. I will star in the next Marvel film! Alright, alright. That’s a lie, but it...

Subscribe to eclipse-foundation