GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

Miasma hit 73 Microsoft repos across four GitHub orgs, forcing access disablement and exposing open-source trust risks.

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Compare Semgrep alternatives for teams whose developers increasingly ship code suggested by copilots and agents. See why ...

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...

ChatGPhish exploits ChatGPT Markdown rendering to deliver phishing content from summarized web pages, increasing AI attack surfaces.

Learn how to transform everyday PowerShell one-liners and batch scripts into advanced functions with validation, pipeline support and help. Understand how to organize reusable code into modules with ...

DeepSWE puts GPT-5.5 atop the AI coding leaderboard while raising new questions about Claude Opus, SWE-Bench Pro, and ...