Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
techtimes

Claude Code Loop Engineering: Stop Prompting, Start Designing Autonomous Agent Workflows

Anthropic Product Manager and Anthropic engineer Boris Cherny in a video introducing Claude Code on Feb 24, 2025. Anthropic.com Anthropic's Boris Cherny has stopped writing prompts. The creator and ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
DataBreachToday

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...
Infosecurity-magazine.com

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Researchers have revealed what they claim to be a “new class of attack” which tricks AI coding agents into executing arbitrary code on developer machines. Tenet Security, which specializes in the ...
techtimes

Xcode 27 On-Device AI Code Completion Uses Neural Engine, Skips Cloud Entirely

Apple seeded the first Xcode 27 beta — build 27A5194q — to registered developers on June 8, 2026, immediately after the WWDC keynote, and the headline feature is one that competing tools cannot yet ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.
CSOonline

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows into thousands of public repositories. A large-scale automated GitHub ...
TechCrunch

GitHub says hackers stole data from thousands of internal repositories

GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories. The code hosting and sharing giant said ...
CoinTelegraph

GitHub investigates unauthorized access to internal repositories

GitHub said the activity involved the exfiltration of about 3,800 internal repositories, and it removed the malicious code extension. GitHub said on Wednesday it is investigating unauthorized access ...
The Verge

Microsoft starts canceling Claude Code licenses

Thousands of Microsoft developers will use GitHub Copilot CLI instead Thousands of Microsoft developers will use GitHub Copilot CLI instead is a senior correspondent and author of Notepad, who has ...
Wall Street Journal

Princeton Changes Its 133-Year-Old Honor Code Over AI Cheating Fears

For more than a century, Princeton University prided itself on an honor code so revered that proctoring during exams was banned. Students’ pledge not to cheat was enough. Those days are over—largely ...