One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Dark Reading

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, ...
Morning Overview on MSN

Microsoft patches GitHub’s worst vulnerability in years within two hours of disclosure — no exploitation found

A critical remote code execution flaw in GitHub was patched by Microsoft in roughly two hours after public disclosure, ...
New Scientist

Backlash builds over NHS plan to hide source code from AI hacking risk

NHS England is pulling its open-source software from the internet because of fears around computer-hacking AI models like ...
Morning Overview on MSN

GitHub’s critical flaw let anyone with push access execute code on servers holding millions of private repos

A single git push command. That is all it would have taken for someone with write access to a repository on GitHub Enterprise ...
Visual Studio Magazine

Building and Using MCP Servers in Visual Studio

Microsoft Product Manager Mike Kistler previews his Visual Studio Live! session on how MCP servers give .NET developers a universal standard for connecting AI models to external data and tools -- and ...
The Manila Times

Causal Dynamics Lab outperforms Anthropic and OpenAI in multiple coding tests

New research shows AI coding agents spend >80% of their time searching for files rather than editing them. Cielara Code ...

A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

Recently, The White House launched its own official app on iOS and Android, claiming that it gives users "unparalleled access ...

Oktopost brings B2B social execution into AI workflows with first Claude Code skill purpose-built for B2B

Oktopost, the B2B social media management company, today announced the general availability of the Oktopost Claude Plugin, the first Claude Code skill purpose-built to operationalize B2B social media ...
InfoQ

GitHub Enhances CodeQL with Declarative Security Modeling for Faster, More Flexible Analysis

GitHub has introduced a significant update to its CodeQL engine, enabling developers to define custom sanitizers and ...
Cybernews

Mythos AI hacking fears prompts UK health service crackdown on open-source code

NHS England has ordered development teams to make code repositories private by May 11th as it reviews cybersecurity risks ...