DataBreachToday

Automated 'Megalodon' Campaign Spreads GitHub Repo Backdoors

More than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's ...

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A researcher has disclosed the details of a prompt injection attack method named ‘Comment and Control’, which has been found to work against several popular AI code security and automation tools. The ...
Dark Reading

AI-Assisted Supply Chain Attack Targets GitHub

A threat actor appears to have used AI-assisted automation to make hundreds of exploit attempts against open source software repositories on GitHub. Fewer than 10% of the more than 450 exploitation ...
VentureBeat

In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should ...

Every enterprise running AI coding agents has just lost a layer of defense. On March 31, Anthropic accidentally shipped a 59.8 MB source map file inside version 2.1. ...
thecooldown

Insurance agency discloses ZIP codes where wildfire coverage is exceeding $10,000

California homeowners are feeling the pressure as home insurance costs skyrocket across the state, but some locales are being hit harder than others, according to the San Francisco Chronicle. The ...
TechCrunch

Anthropic took down thousands of GitHub repos trying to yank its leaked source code — a ...

Anthropic accidentally caused thousands of code repositories on GitHub to be taken down while trying to pull copies of its most popular product’s source code off the internet. On Tuesday, a software ...
Aclu.org

Live Coverage: No Kings National Day of Action

Our work continues — and the ACLU has a very big week ahead of us. On April 1, we'll be at the Supreme Court challenging President Trump's unconstitutional executive order that seeks to deny U.S.
Design News

3 Reasons Code Coverage Isn't Telling You What You Think

Code coverage is one of the most widely used quality metrics in embedded software development. Nearly every team I start working with tells me they aim to reach 80%+ code coverage. In fact, many ...
Bleeping Computer

GitHub adds AI-powered bug detection to expand security coverage

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. The developer ...
The Hacker News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the ...