GitHub secret scanning now extends beyond org-owned repositories: Public Monitoring scans all of GitHub.com in real time, ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
By registering the LongCat-2.0 repository under the open-source MIT License, Meituan positions the architecture with maximum ...
Because Krea relinquishes centralized control over the downstream deployment of its open weights, the contract legally binds ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Local AI inference at 32B-parameter quality, no cloud API required: University of Waterloo researchers released PAW on July 2 ...
Remember when writing code was free? AI is pushing software development into usage-billed proprietary platforms. But history ...
Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.
Amazon Q vulnerability could allow attackers to steal developer cloud credentials by luring them into opening a booby-trapped ...
CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
Microsoft GitHub hack hit open-source AI tools, exposing developer passwords and cloud credentials. Here’s why SA tech teams should care.
China now has an open-weight model that can find software vulnerabilities and create attacks for anybody to use.