Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
TechBooky

GitHub Expands AI Security Detections Across More Languages

GitHub is adding AI-powered security detections to its Code Security offering, aiming to catch more vulnerabilities across a ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows across Microsoft, DataDog, and CNCF ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Chainguard is racing to fix trust in AI-built software - here's how

Chainguard is racing to fix trust in AI-built software - here's how ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Anthropic's Boris Cherny, creator of $2.5 billion coding tool, makes a ‘clarification ...

A missed step in a manual deployment process exposed the internal workings of one of AI's hottest coding tools—and briefly ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
ZDNet

This new Claude Code Review tool uses AI agents to check your pull requests for bugs - here ...

Anthropic launches AI agents to review developer pull requests. Internal tests tripled meaningful code review feedback. Automated reviews may catch critical bugs humans miss. Anthropic today announced ...
TechCrunch

Why Garry Tan’s Claude Code setup has gotten so much love, and hate

Y Combinator’s famed CEO Garry Tan told a SXSW audience that he’s got “cyber psychosis” and is barely sleeping because he’s so excited to be working with AI agents. “I sleep, like, four hours a night ...