Gartner issued a same-day advisory after Anthropic leaked Claude Code's full architecture. CrowdStrike CTO Elia Zaitsev and ...

The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

Security researchers at BeyondTrust Phantom Labs discovered a critical flaw in OpenAI's Codex coding agent that allowed an ...

Anthropic's Claude Code CLI has been found silently running git reset --hard every 10 minutes, destroying uncommitted changes ...

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...

AI-driven development accelerated credential sprawl in 2025, with 28.65M secrets detected, expanding attack surface and remediation strain.

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.

Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by ...

GitHub describes this training data as inputs, outputs, code snippets, and associated context, but the fine print goes into ...

Microsoft will train GitHub Copilot using user interaction data by default. Users must opt out before April 24 to avoid data ...

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...