The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...

Kaarvi Unveils Living Data Platform for Governed Agentic AI

Kaarvi unveils its Living Data Platform for governed agentic AI, no-code pipelines, dashboards, and live data workflows.
InfoWorld

OpenAI rolls out AI-led push to fix open-source software flaws

Patch the Planet’ pairs automated analysis with expert review to uncover and remediate vulnerabilities in core infrastructure ...
Developer Tech

OpenAI deploys GPT-5.5-Cyber for open-source vulnerability fixes

OpenAI has deployed GPT-5.5-Cyber to execute automated open-source vulnerability remediation alongside security firm Trail of ...
Windows Latest

Microsoft called Linux a cancer, now ships its own free distro that’s nothing like Ubuntu or Fedora

Azure Linux 4.0 is Microsoft's own Fedora-derived Linux distro for Azure cloud workloads. Here is how it compares to Ubuntu, ...
Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
GlobalSpec Insights

Zaber’s new DMA OEM objective focus stage: Affordable nanometer-level precision

Zaber Technologies announces the DMA Objective Focus Stage, a compact, linear motor solution for microscope system builders ...
Security Boulevard

Microsoft’s ‘New Approach’ to Fighting Malware Nabs Amadey, StealC Infrastructure

Microsoft, international law enforcement, and cybersecurity firms used AI to analyze and shut down the infrastructure used to run campaigns with Amadey and StealC malware in what the IT giant calls a ...