Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
GitHub

Your Personal AI Assistant; easy to install, deploy on your own machine or on the cloud; supports multiple chat apps with easily extensible capabilities.

Every channel — DingTalk, Feishu, QQ, Discord, iMessage, and more. One assistant, connect as you need. Under your control — Memory and personalization under your control. Deploy locally or in the ...
Hosted on MSN

The decipherment of Maya script

Why did Maya writing remain undecipherable for so long and how was it finally cracked? Find out how this long enigmatic script was finally deciphered and how centuries of recorded Maya history were ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat ...
imdb.com

Take Care of Maya

As a medical team tries to understand 10-year-old Maya Kowalski's rare illness, they begin to question her parents. Suddenly, Maya is in state custody, and her family is desperate to bring t... Read ...
theregister

GitHub pulls pin on npm's auto-run scripts

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm.
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much sooner. The ability ...