Frontier AI is rewriting the economics of software supply chain security

When AI-assisted vulnerability discovery makes it dramatically easier to identify weaknesses hidden inside modern dependency ...
InfoWorld

When software developers and AI agents share the learning

When an agent does something, the whole company should learn from it, so that every developer gets access to the shared ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...

Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.
Dark Reading

'Djinn' Stealer Targets Cloud, AI Credentials

The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
InfoWorld

AI coding agents may be getting bad instructions from ‘smelly’ config files

The first proposed catalog of 'configuration smells' reveals widespread issues like context bloat, skill leakage, and ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.
InfoQ

Million PDFs: Building a Modern Document Infrastructure with Rust and Typst

Erik Steiger discusses the operational pain of legacy PDF generation in regulated banking and manufacturing. He explains how ...

Why automated open source scans don't guarantee license compliance

Hannah Dacayanan of UnitedLex discusses ways in which automated software composition analysis tools identify open source ...