Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla’s Zero Day Investigative Network (0DIN) has demonstrated a new attack technique that could allow seemingly harmless GitHub repositories to compromise developers using AI-powered coding ...
cryptopolitan

Microsoft, Google patch flaws as Cordyceps spread across open-source repositories

Security researchers at Novee found over 300 exploitable CI/CD workflow chains across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The flaws ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Developer Tech

GitHub brings agentic workflows to GitHub Actions

GitHub has released GitHub Agentic Workflows in public preview, adding support for coding agents inside GitHub Actions. The public preview follows a technical preview GitHub announced in February. At ...
Courthouse News Service

Washington Post hit with class action over ‘surveillance pricing’ scheme

Employees of the Washington Post picket outside the company's offices in downtown Washington, Thursday, Dec. 7, 2023, amid a one-day strike over labor issues. (AP Photo/Mark Schiefelbein, File) ...
Microsoft

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull ...
Digital Spy

Exclusive: Hollyoaks to expose Beth's secret as Frankie takes action

Hollyoaks star Isabelle Smith has revealed an exciting new plot for her character Frankie Osborne, as she blackmails her aunt Beth Keane over a sinister secret. Frankie is set to find out the ...
ZDNet

Red Hat hit by npm supply‑chain attack - here's how to stay safe

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
GitHub

GitHub - scthornton/red-teaming-pipeline-integration: GitHub Actions CI/CD pipeline for automated AI red teaming with Palo Alto Networks Prisma AIRS · GitHub

Prisma AIRS Red Teaming CI/CD Pipeline Production-ready GitHub Actions workflow for automated AI Red Teaming of LLM-backed targets (apps, agents, model endpoints) using Palo Alto Networks Prisma AIRS.
slashfilm

The Onslaught Trailer Looks Like A Secret Sequel To An Action Cult Classic

Close enough, welcome back, "The Guest"! The trailer for Adam Wingard's "Onslaught" is here, and in addition to looking mighty fun, it also looks a lot like a secret sequel to "The Guest." In that ...
Bleeping Computer

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, ...
Ars Technica

Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more ...