Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
SecurityWeek

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Amazon Q vulnerability could allow attackers to steal developer cloud credentials by luring them into opening a booby-trapped ...
Martin Cid Magazine

Figma bets design and code will share a canvas. Cursor has $60 billion against it

At Config 2026, Figma introduced Code Layers, Figma Motion, and AI-generated shader effects — a set of changes that turn the ...
Tech Times

Figma Config 2026: Code Layers Challenge Cursor as GPU Shaders Hit Paid Plans

Figma Config 2026 closed Thursday with Code Layers for GitHub-linked canvas editing, Figma Motion in open beta with CSS and ...
The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.

Qodo Launches Governance Infrastructure for the AI Coding Era

Qodo, the AI code quality and governance platform trusted by Walmart, NVIDIA, Red Hat, and Monday.com, today announced three new platform capabilities: Cross-Repo Code Review, Custom Rules Miner, and ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...
Science Daily

Scientists use AI to crack the code of nature’s most complex patterns 1,000x faster

Order doesn’t always form perfectly—and those imperfections can be surprisingly powerful. In materials like liquid crystals, tiny “defects” emerge when symmetry breaks, shaping everything from cosmic ...

Anthropic ships major Claude Design overhaul with design system imports, code round-trips, and a fix for its token-burning problem

Anthropic has overhauled Claude Design with brand-compliance controls, Claude Code integration, lower token usage and new enterprise app exports, positioning the AI tool as a serious platform for ...
Tech Times

AI Coding Agent Skills Library Gives Any Tool 51 Senior Engineer Personas

AI coding agent skills library claude-skills ships 345 free, MIT-licensed packages for Claude Code, Codex, Cursor, Gemini CLI ...