Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much sooner. The ability ...
The Hacker News

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal ...
Krebs on Security

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS ...
New Scientist

A lost ancient script reveals how writing as we know it really began

Early writing is a tale of two scripts. Egyptian hieroglyphs and Mesopotamian cuneiform both emerged independently about 5300 years ago. The political powers of ancient Egypt and Mesopotamia ...
CNBC

OpenAI brings its models to Amazon's cloud after ending exclusivity with Microsoft

OpenAI's generative AI models are becoming available on Amazon's cloud a day after the AI company revamped its relationship with longtime partner Microsoft. "This is what our customers have been ...
ZDNet

GitHub Copilot shifts to usage-based pricing June 1 - why that's no surprise

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
GitHub

AWS Lambda SES Email Forwarder

By loading aws-lambda-ses-forwarder as a module in a Lambda script, you can override the default config settings, change the order in which to process tasks, and add functions as custom tasks.
Engadget

13-hour AWS outage reportedly caused by Amazon's own AI tools

A recent Amazon Web Services (AWS) outage that lasted 13 hours was reportedly caused by one of its own AI tools, according to reporting by Financial Times. This happened in December after engineers ...