Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
Design News

A Practical Guide to Spec-Driven Development with AI

Structured specifications help AI coding agents build what engineers actually need by capturing intent before code generation ...
cryptopolitan

Microsoft, Google patch flaws as Cordyceps spread across open-source repositories

Security researchers at Novee found over 300 exploitable CI/CD workflow chains across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The flaws ...

The AI coding craze gave GitHub its best month ever, executive tells employees

Usage of the company's Copilot AI coding tool surged after GitHub changed how it bills customers, the executive said.
XDA Developers on MSN

7 little-known VS Code extensions that prove it's more than just an IDE

VS Code’s secret weapons ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
InfoWorldOpinion

Open source grapples with agentic coding

Open source maintainers are right to be concerned about AI slop, but banning AI-generated code outright is a huge mistake.
The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
techtimes

Claude Code Loop Engineering: Stop Prompting, Start Designing Autonomous Agent Workflows

Anthropic Product Manager and Anthropic engineer Boris Cherny in a video introducing Claude Code on Feb 24, 2025. Anthropic.com Anthropic's Boris Cherny has stopped writing prompts. The creator and ...
Lifehacker

These Independent Apps Let You Use Your Whoop Without a Subscription (For Now)

Beth Skwarecki is Lifehacker’s Senior Health Editor, and holds certifications as a personal trainer and weightlifting coach. She has been writing about health for over 10 years. June 22, 2026 Add as a ...
Dark Reading

Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign

Attackers are using multiple channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread ...