Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...

AI Upgrades, Security Breaches, and Corporate Shakeups Define the Week in Tech

AI breakthroughs, chip wars, security breaches, robots, privacy concerns, and corporate shakeups defined a week where tech’s ...
InfoWorld

GitHub adds Stacked PRs to speed complex code reviews

Breaking up is hard to do when it comes to large pull requests, so GitHub is stacking things in favor of development teams ...
InfoWorld

GitHub pauses new Copilot sign-ups as agentic AI strains infrastructure

GitHub said long-running, parallelized AI coding sessions are pushing Copilot beyond the limits of its original individual ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

Flat-rate AI plans are cracking, and Claude Code could be the next victim

Anthropic briefly yanked Claude Code from the list of features on its Claude Pro plan. An exec says it was just a test, but ...

Sparfuchs Corporation Releases Sparfuchs-QA: An Open-Source, Agentic QA Platform for Modern Engineering Teams

Coordinated AI Agents Deliver a Unified Five-Stage Quality Pipeline, Free and Open Source Under Apache 2.0 License ...
BeInCrypto

Vercel Security Breach Raises Concerns for Crypto Projects

Vercel's security breach may expose API keys and secrets for crypto projects deploying on its platform. Here's what to do.
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Computer Weekly

Boost cooks up SmokedMeat, open source framework for CI/CD pipelines protection

Boost Security has announced SmokedMeat, an open source red team framework for CI/CD pipelines that shows how attackers ...

Windows 11's controversial Recall is under fire again, while Microsoft denies flaws0 0

Windows 11's Recall is in hot water again, as a newly released tool shows how to extract all the screenshots and captured ...