Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
The Next Web

GitHub confirms hackers stole thousands of internal code repositories after employee installed a poisoned VS Code extension

GitHub confirmed that the cybercrime group TeamPCP exfiltrated roughly 3,800 internal code repositories after compromising an employee device through a poisoned VS Code extension. The Microsoft-owned ...
Infosecurity-magazine.com

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 internal repositories. The breach was detected on May 19 and likely comes ...
9to5Mac

OpenAI brings Codex to ChatGPT for iPhone, iPad, and Android with these features

OpenAI has released a new way to interact with its Codex app from your smartphone. An update to ChatGPT’s mobile app brings remote access to Codex for Mac to the iPhone, iPad, and Android. Codex ...
Nextgov

Pentagon makes agreements with 8 companies to add AI to classified networks

Get the latest federal technology news delivered to your inbox. The Pentagon announced new agreements with eight leading artificial intelligence developers on Friday, with those companies set to ...
Game Rant

NTE Codes (Neverness to Everness Redeem Codes)

Nahda Nabiilah is a writer and editor from Indonesia. She has always loved writing and playing games, so one day she decided to combine the two. Most of the time, writing gaming guides is a blast for ...
Dark Reading

Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

The ongoing GlassWorm campaign has deployed a fresh wave of malicious Visual Studio (VS) Code extensions, many of which seem initially benign but later deploy self-replicating malware that can poison ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since ...
Bloomberg L.P.

China’s Netflix Expects AI to Create Bulk of Shows in Five Years

IQiyi Inc. expects AI to create the bulk of its films and shows in five years, a monumental industry shift that spurred the Netflix-style streaming service to begin the biggest corporate overhaul ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading ...
InfoQ

Anthropic Introduces Agent-Based Code Review for Claude Code

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...