One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Dark Reading

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, ...
Morning Overview on MSN

Microsoft patches GitHub’s worst vulnerability in years within two hours of disclosure — no exploitation found

A critical remote code execution flaw in GitHub was patched by Microsoft in roughly two hours after public disclosure, ...
New Scientist

Backlash builds over NHS plan to hide source code from AI hacking risk

NHS England is pulling its open-source software from the internet because of fears around computer-hacking AI models like ...
Morning Overview on MSN

GitHub’s critical flaw let anyone with push access execute code on servers holding millions of private repos

A single git push command. That is all it would have taken for someone with write access to a repository on GitHub Enterprise ...
The Manila Times

Causal Dynamics Lab outperforms Anthropic and OpenAI in multiple coding tests

New research shows AI coding agents spend >80% of their time searching for files rather than editing them. Cielara Code ...

A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

Recently, The White House launched its own official app on iOS and Android, claiming that it gives users "unparalleled access ...

Oktopost brings B2B social execution into AI workflows with first Claude Code skill purpose-built for B2B

Oktopost, the B2B social media management company, today announced the general availability of the Oktopost Claude Plugin, the first Claude Code skill purpose-built to operationalize B2B social media ...
Cybernews

Mythos AI hacking fears prompts UK health service crackdown on open-source code

NHS England has ordered development teams to make code repositories private by May 11th as it reviews cybersecurity risks ...

The Leaked ‘Claude Jupiter’ Model Just Revealed the Next Big Step for AI

Explore the latest AI developments including the leaked Claude Sonnet 4.8 model and Google testing Gemini 3.5 in the Arena.

GitHub COO on AI 'Shit Code' overload that many users say has been degrading the coding platform: I am not…

GitHub's COO Kyle Daigle has gone on the record about the scale of what's hitting the platform—and the numbers are staggering ...