Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
InfoWorld

GitHub Actions hardens checkout security to block ‘pwn request’ attacks

After years of trying to educate developers to use pull_request_target securely, the platform finally implements stronger ...
Krebs on Security

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
The Hacker News

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is ...
Android

Disney Hit with Lawsuit Over Claims It Secretly Scanned Guests' Faces at Disneyland

A class action lawsuit claims Disney is scanning the faces of park visitors at Disneyland and California Adventure without proper disclosure or consent, including children. The complaint seeks at ...
Krebs on Security

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS ...
The New York Times

The Nobel-Winning Psychologist Who Believed He Found the Secret to Happiness

Mr. Epstein is the author of “Inside the Box: How Constraints Make Us Better.” If in making decisions you are often guided by a search for the best, you are going about decision making all wrong — and ...
collider

Prime Video's 3-Part Action Thriller Is Good Enough To Be Its Best-Kept Secret

Jasneet Singh is a writer who finally has a platform to indulge in long rants about small moments on TV and film in overwhelming detail. With a literature background, she is drawn to the narrative ...
Fox News

New video shows WHCD suspect inside hotel before rushing security checkpoint with weapon

Newly released Justice Department video appears to show Cole Tomas Allen moving through the Washington Hilton in the hours before the White House Correspondents’ Dinner shooting and later approaching ...