GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.
CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
GitHub secret scanning now extends beyond org-owned repositories: Public Monitoring scans all of GitHub.com in real time, ...
Look to these tools to improve your AI coding practices and the quality, security, and reliability of your AI-generated code.
Chainguard is expanding Repository with new policy controls, malware and greyware scanning, and support for Java, Python, and container artifacts-helping organizations govern software consumption ...
Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
Agentic coding tools vulnerable to command execution via DNS records ...
Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...