GitHub disables Microsoft repos pushing password-stealing malware

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, ...

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...

Should You Hijack a Corporate AI Chatbot for Free Tokens?

A developer went viral for reconfiguring Chipotle’s customer support bot into a coding assistant, and providing the playbook ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

GitHub investigating cyberattack linked to malicious VS Code extension and leaked internal repositories

GitHub is investigating a cyberattack linked to a malicious VS Code extension after hackers allegedly accessed thousands of internal repositories and attempted to sell the data online.
CSO Online

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers and agent infrastructure.

Why AI systems may never be secure, and what to do about it

THE PROMISE at the heart of the artificial-intelligence (AI) boom is that programming a computer is no longer an arcane skill ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.

BrowserAct Open-Sources Two AI-Agent Skills, Giving Agents the Power to Use the Real Web

Fingerprint isolation, stealth browsing, and CAPTCHA solving (hCaptcha, reCAPTCHA, Turnstile) are all free and open-source.