Memeburn

GitHub Hack Exposes 3,800 Repos and a Bigger VS Code Risk

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Google AI Studio Cheat Sheet: Features, Pricing, and More

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

「GitHub Copilot」のEclipse向けプラグインがオープンソースに、「MIT ...

Microsoft傘下のGitHubは5月21日(現地時間)、「GitHub Copilot for Eclipse」のオープンソース化を発表した。「GitHub」のリポジトリで、「MIT」ライセンスのもと公開されている。
PC Watch

GitHubの5千件以上のリポジトリに侵害。自動化ツールを悪用

のんべんだらりな転生者〜貧乏農家を満喫す〜(コミック) : 7 【電子書籍】[ 止田卓史 ] ...
GIGAZINE

オープンソースソフトウェア開発者を標的にするボットネット ...

CrowdStrikeがGoogle・Shadowserver Foundationと協力し、オープンソースのソフトウェア供給網を狙うボットネット「Glassworm」の遮断作戦を実行したと発表しました。Glasswormは開発者の端末や認証情報を侵害し、下流の組織や利用者に被害が広がる恐れのある脅威として ...

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

Who is TeamPCP, the rising hacker group targeting open-source software and AI tools?

TeamPCP is an increasingly notorious group of cybercriminals that carry out software supply chain attacks, where hundreds of ...
Spiceworks on MSN

Did AI write the worm that breached GitHub’s own house?

A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...
InfoWorld

The role of MCP in context engineering

Developers are discovering that Model Context Protocol shines at providing AI coding agents with highly relevant software engineering context, on demand, at run time.
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And ...

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...