10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...
Yahoo Malaysia

Phony QR codes found on Bike Share bikes, parking machines

A sneaky scam using false QR codes is targeting those using Bike Share bikes and parking machines in Mississauga.

Claude Code Leak: 8100 Takedown Requests and the Birth of Claw-Code

A human error at Anthropic reveals the architecture of autonomous AI agents, sparking a heated debate about copyright for ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
CSO Online

AI is reshaping DevSecOps to bring security closer to the code

Accelerated use of AI in software development is rapidly altering the scope, skills, and strategies involved in securing code ...
EE World Online

From code to road: the invisible tools ADAS can’t live without

Advanced Driver Assistance Systems (ADAS) bring increasingly sophisticated software into vehicles. Functions such as lane ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
Dark Reading

'TrustFall' Convention Exposes Claude Code Execution Risk

Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal or no ...

ActiveState Curated Catalog Secures AI-Generated Code Across Any Development Environment

ActiveState, a global leader in trusted, managed open source software, today announced expanded support for AI-assisted ...

Google shoehorned Rust into Pixel 10 modem to make legacy code safer

To protect the Pixel modem from zero-day attacks, Google focused on the DNS parser. As cellular features have migrated to data networks, DNS has become a core part of how phones work. Google explains ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...