The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
Morning Overview on MSN

An autonomous bot running on Claude Opus just chained zero-days through GitHub Actions in the wild — poisoning Go init functions and branch names to seize remot…

An autonomous AI agent built on Claude Opus reportedly chained together zero-day vulnerabilities in GitHub Actions workflows, ...

Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...
GitHub

StarVLA: A Lego-like Codebase for Vision-Language-Action Model Developing

[2025/12/25] We've released RoboCasa evaluation support, which was trained without pretraining and reached SOTA performance. Check out more details in examples/Robocasa_tabletop. [2025/12/15] ...
GitHub

NVIDIA AI Cluster Runtime

Running GPU-accelerated Kubernetes clusters reliably is hard. Small differences in kernel versions, drivers, container runtimes, operators, and Kubernetes releases can cause failures that are ...